| Popis: |
The pervasive use of AI assistant systems and machine learning-based applications in various fields and everyday life has significantly shifted. However, this shift is not without its challenges. The emergence of security threats, various attacks, and vulnerabilities in this domain has not only questioned their use but also sparked the interest of security experts and researchers, underlining the urgency and importance of this topic. However, a comprehensive and systematic research endeavor is yet to be undertaken on threat modeling based on violating basic tenets of information security on the various components of a machine learning system and evaluating their security risks. This lack of comprehensive threat modeling for each violation of a machine learning system’s confidentiality, integrity, availability, and privacy for various attacks and their risk analysis is a significant gap in the field. This article aims to bridge this gap by proposing a simple, efficient, and time-saving approach to evaluate potential attacks and their security risks by utilizing the attack tree and a risk analysis method in the Adversarial Machine Learning (AML) field. One of the most important steps in determining the overall risk of the attack is evaluating the risk attached to each node in an attack tree. A systematic approach that includes describing the system architecture and identifying its assets under various operational environment scenarios is also outlined in this paper. This approach can also offer crucial insights to security experts, aiding them in understanding and mitigating potential threats and risk analysis in AML systems. To ensure the validity and reliability of our findings, we have conducted a thorough and rigorous review of academic papers, summarizing different threats and attacks and their root cause analysis. |
