Analysis of adversarial attacks on the machine learning models of cyberprotection systems.

Abstract

Modern trends in the development of cyber protection systems are associated with the widespread use of machine learning technologies to detect and prevent cyber threats. At the same time, attackers are looking for ways to evade detection by such systems, using both traditional attack methods and new ones aimed exclusively at countering artificial intelligence - adversarial attacks. Therefore, finding ways to counteract adversarial attacks is an urgent scientific and technical task. Adversarial Machine Learning (AML) is used to study them, which consists in simulating such attacks. The purpose of research is to determine ways to increase the resilience of cyber defense systems operating with the use of machine learning technologies to the impact of attacks based on AML models. The article provides examples of the application of machine learning methods in cyber protection systems. The models of adversarial attacks are described, namely: models of evasion, poisoning, functional extraction, inversion, and models of membership inference attack. Possible scenarios of their implementation are considered. Examples of adversarial attacks on machine learning models for recognizing images and text messages, detecting domain name generation algorithms, HTTP traffic malware, malicious content in e-mails, bypassing antivirus software are analyzed. Studies have shown that even without access to the algorithms of machine learning models, it is possible to bypass the cyber protection system. Therefore, to ensure the security of networks and services by means of cyber protection with artificial intelligence, it is necessary to take into account the need to counter adversarial attacks. For this purpose, it is proposed to: collect and aggregate training data for each machine learning model individually, instead of obtaining them from publicly available sources; optimize the content of event logs, taking into account the possibility of using the information contained in them to create adversarial attacks; to ensure the protection of training data and algorithms of the functioning of models; in the case of deploying cyber protection systems on critical infrastructure objects, use specially developed machine learning models that are not publicly available, which will complicate the possibility of creating a functional extraction attack.