Microsoft and MITRE have collaborated to create a new plug-in called Arsenal, which is aimed at improving cybersecurity defences against attacks on machine learning (ML) systems.
The plug-in combines MITRE’s CALDERA platform with Microsoft’s Counterfit automated adversarial attack library, allowing security professionals to replicate attacks on ML systems without requiring deep knowledge of ML or artificial intelligence (AI).
Arsenal enables CALDERA to emulate adversarial attacks and behaviours using Microsoft’s Counterfit library. The collaboration is part of MITRE’s efforts to develop a family of tools that address issues such as trust, transparency, and fairness to enable the use of ML and AI systems for mission-critical applications in areas ranging from healthcare to national security.
The integration of Arsenal into CALDERA allows security professionals to identify vulnerabilities within the building blocks of an end-to-end ML workflow and develop countermeasures and controls to prevent exploitation of ML systems deployed in the real world.
As part of the development process, Microsoft and MITRE plan to continually evolve the tools to add new techniques and adversary profiles as security researchers document new attacks on ML systems.
According to Charles Clancy, Senior Vice President and General Manager of MITRE Labs, bringing these tools together is a significant win for the cybersecurity community, as it provides insights into how adversarial machine learning attacks play out.
It will also help improve user trust and enable these systems to have a positive impact on society. Ram Shankar Siva Kumar, Principal Program Manager for AI Security at Microsoft, added that it is critical to take steps to help ensure the security of AI and ML models that will empower the workforce to do more with less of a strain on time, budget, and resources.
The integration of Arsenal into CALDERA enables security professionals to discover novel vulnerabilities within an end-to-end ML workflow and develop countermeasures and controls to prevent exploitation of ML systems deployed in the real world.
Although other automated tools exist today, they are typically better suited to research that examines specific vulnerabilities within an ML system rather than the security threats that the system will encounter as part of an enterprise network.
As such, the collaboration between Microsoft and MITRE is a significant step towards creating a robust end-to-end ML workflow necessary for integrating ML systems into an enterprise network and deploying them for real-world use cases.
