Goto

Collaborating Authors

 security research


Pitfalls in Machine Learning for Computer Security

Communications of the ACM

We identify ten pitfalls as don'ts of machine learning in security and propose dos as actionable recommendations to support researchers in avoiding the pitfalls where possible. Furthermore, we identify open problems that cannot be mitigated easily and require further research effort (§2).


ROS2-Based Simulation Framework for Cyberphysical Security Analysis of UAVs

arXiv.org Artificial Intelligence

We present a new simulator of Uncrewed Aerial Vehicles (UAVs) that is tailored to the needs of testing cyber-physical security attacks and defenses. Recent investigations into UAV safety have unveiled various attack surfaces and some defense mechanisms. However, due to escalating regulations imposed by aviation authorities on security research on real UAVs, and the substantial costs associated with hardware test-bed configurations, there arises a necessity for a simulator capable of substituting for hardware experiments, and/or narrowing down their scope to the strictly necessary. The study of different attack mechanisms requires specific features in a simulator. We propose a simulation framework based on ROS2, leveraging some of its key advantages, including modularity, replicability, customization, and the utilization of open-source tools such as Gazebo. Our framework has a built-in motion planner, controller, communication models and attack models. We share examples of research use cases that our framework can enable, demonstrating its utility.


Towards more Practical Threat Models in Artificial Intelligence Security

arXiv.org Artificial Intelligence

Recent works have identified a gap between research and practice in artificial intelligence security: threats studied in academia do not always reflect the practical use and security risks of AI. For example, while models are often studied in isolation, they form part of larger ML pipelines in practice. Recent works also brought forward that adversarial manipulations introduced by academic attacks are impractical. We take a first step towards describing the full extent of this disparity. To this end, we revisit the threat models of the six most studied attacks in AI security research and match them to AI usage in practice via a survey with \textbf{271} industrial practitioners. On the one hand, we find that all existing threat models are indeed applicable. On the other hand, there are significant mismatches: research is often too generous with the attacker, assuming access to information not frequently available in real-world settings. Our paper is thus a call for action to study more practical threat models in artificial intelligence security.


AI Injections: Direct and Indirect Prompt Injections and Their Implications · Embrace The Red

#artificialintelligence

AI and Chatbots are taking the world by storm at the moment. It's time to shine on attack research and highlight flaws that the current systems are exposing. Sending untrusted data to your AI can lead to unintended (bad) consequences. There is an entire new class of vulnerabilities evolving right now called AI Prompt Injections. A malicious AI Prompt Injection is a type of vulnerability that occurs when an adversary manipulates the input or prompt given to an AI system.


Shaping Ethical Computing Cultures

Communications of the ACM

Public concern about computer ethics and worry about the social impacts of computing has fomented the "techlash." Newspaper headlines describe company data scandals and breaches; the ways that communication platforms promote social division and radicalization; government surveillance using systems developed by private industry; machine learning algorithms that reify entrenched racism, sexism, cisnormativity, ablism, and homophobia; and mounting concerns about the environmental impact of computing resources. How can we change the field of computing so that ethics is as central a concern as growth, efficiency, and innovation? There is no one intervention to change an entire field: instead, broad change will take a combination of guidelines, governance, and advocacy. None is easy and each raises complex questions, but each approach represents a tool for building an ethical culture of computing.


How New A.I. Is Making the Law's Definition of Hacking Obsolete

#artificialintelligence

Imagine you're cruising in your new Tesla, autopilot engaged. Suddenly you feel yourself veer into the other lane, and you grab the wheel just in time to avoid an oncoming car. When you pull over, pulse still racing, and look over the scene, it all seems normal. But upon closer inspection, you notice a series of translucent stickers leading away from the dotted lane divider. And to your Tesla, these stickers represent a non-existent bend in the road that could have killed you. In April this year, a research team at the Chinese tech giant Tencent showed that a Tesla Model S in autopilot mode could be tricked into following a bend in the road that didn't exist simply by adding stickers to the road in a particular pattern.