Lecture Notes on AI-Based Attacks and the MITRE Atlas Framework

Understanding Problems Through Analysis

Importance of identifying the root cause of a problem (e.g., a leaky pipe)
In cybersecurity, understanding the type of attack is crucial.
Need to know:
- What the attacker is after
- Steps taken by the attacker
- Mitigations needed to fix and prevent future issues

Growing concern over AI-based attacks
Example: MITRE documented a case of an AI-based attack costing $77 million in damages.

MITRE has developed a framework named Atlas (Adversarial Threat Language for AI Systems)
Purpose: To understand and combat AI-based attacks specifically

Structure of the framework:
- Tactics (14 types documented)
  - Examples:
    - Reconnaissance
    - Resource Development
    - Initial Access
- Techniques (82 techniques documented)
  - Describes how attackers achieve their goals
Case Studies:
- 22 documented case studies illustrating various attacks
Navigator Tool:
- Visual representation of attack paths and selected tactics/techniques
- Heat maps for further visualization

Reconnaissance
- Gathered public information:
  - Talks, presentations, patents
Machine Learning Model Access
- Analyzed the detection tool by enabling verbose logging
- Understood the reputation scoring system of the malware scanner
Resource Development
- Developed adversarial machine learning to exploit the scanner
- Identified attributes that led to malware classification
- Discovered a second model that could override malware flags
ML Attack Staging
- Manual modification of malware to include 'good' information
- Appended information to evade detection
Launch of Attack
- Successfully evaded detection, demonstrating a weak point in defense

Importance of understanding tactics and techniques in AI-based attacks
Common language and framework help enhance defenses against these evolving threats
Encouragement to engage with the content: like, subscribe, and comment for further discussion.