Four types of cyber attacks against AI models and applications


AI-driven cyber attacks fundamentally broaden the range of entities, including physical objects, that can be used to carry out cyberattacks, in contrast to conventional cyberattacks that exploit bugs or intentional and unintentional human mistakes in code.

The main objectives of traditional cybersecurity attacks are system disruption and data extraction. Attacks on AI systems frequently aim to steal data or cause disruptions, but they are designed more subtly and with a longer-term perspective.

They attempt to take over the targeted system for a specific purpose or trick the model into disclosing its inner workings through system intrusion before altering its behavior. This goal can be achieved through mainly, but not exclusively, four types of attacks: data poisoning, tempering of categorization models, backdoors, and reverse engineering of the AI model.

1. Data poisoning

Data poisoning occurs when attackers intentionally introduce false data into a legitimate dataset to train the system to behave differently. It has been demonstrated that an attacker could produce a 75.06% change in the dosage of half of the patients using the AI system for their treatment by adding 8% of inaccurate data.

2. Tampering with categorization models

Attackers could change the results of AI system applications by changing the categorization models of, for example, neural networks. For instance, using images of 3D-printed turtles acquired using a particular algorithm, researchers could trick an AI system’s learning process into classifying turtles as rifles.

3. Backdoors

AI systems can also be hacked by adversaries using backdoor injection attacks. Such attacks are carried out by the adversary using a specially made perturbation mask applied to particular images to override the correct classifications. The learned deep neural network maintains its normal functionality by using data poisoning from the training set with a low poisoning fraction to inject the backdoor into the victim model. Therefore, once launched, such attacks have the potential to cause significant havoc in a variety of realistic applications, such as sabotaging an autonomous vehicle or passing for someone else to gain unauthorized access.

4. Reverse engineering the AI model

By accessing the AI model through reverse engineering, attackers can launch more focused and effective adversarial attacks. For instance, if the training phase is reliable, an adversary can target the ML inference and discover the secret model parameters using the Differential Power Analysis methodology, according to a study by the Institute of Electrical and Electronics Engineers (IEEE). As a result, the adversary may create copies of the system, endangering security and intellectual property.

Attacks on ML systems can have serious repercussions when incorporated into crucial applications. AI attacks can potentially increase existing threats, introduce new ones, and change how threats typically behave. AI attacks can also take the shape of attacks that target various algorithmic flaws or various environmental inputs.