Vulnerabilities of Connectionist AI Applications: Evaluation and Defense
This article deals with the IT security of connectionist artificial intelligence (AI) applications, focusing on threats to integrity, one of the three IT security goals. Such threats are for instance most relevant in prominent AI computer vision applications. In order to present a holistic view on t...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Frontiers Media S.A.
2020-07-01
|
| Series: | Frontiers in Big Data |
| Subjects: | |
| Online Access: | https://www.frontiersin.org/article/10.3389/fdata.2020.00023/full |
| _version_ | 1818023006305255424 |
|---|---|
| author | Christian Berghoff Matthias Neu Arndt von Twickel |
| author_facet | Christian Berghoff Matthias Neu Arndt von Twickel |
| author_sort | Christian Berghoff |
| collection | DOAJ |
| description | This article deals with the IT security of connectionist artificial intelligence (AI) applications, focusing on threats to integrity, one of the three IT security goals. Such threats are for instance most relevant in prominent AI computer vision applications. In order to present a holistic view on the IT security goal integrity, many additional aspects, such as interpretability, robustness and documentation are taken into account. A comprehensive list of threats and possible mitigations is presented by reviewing the state-of-the-art literature. AI-specific vulnerabilities, such as adversarial attacks and poisoning attacks are discussed in detail, together with key factors underlying them. Additionally and in contrast to former reviews, the whole AI life cycle is analyzed with respect to vulnerabilities, including the planning, data acquisition, training, evaluation and operation phases. The discussion of mitigations is likewise not restricted to the level of the AI system itself but rather advocates viewing AI systems in the context of their life cycles and their embeddings in larger IT infrastructures and hardware devices. Based on this and the observation that adaptive attackers may circumvent any single published AI-specific defense to date, the article concludes that single protective measures are not sufficient but rather multiple measures on different levels have to be combined to achieve a minimum level of IT security for AI applications. |
| first_indexed | 2024-12-10T03:37:27Z |
| format | Article |
| id | doaj.art-5aeca4785df244b5ad0cee78494f94ab |
| institution | Directory Open Access Journal |
| issn | 2624-909X |
| language | English |
| last_indexed | 2024-12-10T03:37:27Z |
| publishDate | 2020-07-01 |
| publisher | Frontiers Media S.A. |
| record_format | Article |
| series | Frontiers in Big Data |
| spelling | doaj.art-5aeca4785df244b5ad0cee78494f94ab2022-12-22T02:03:41ZengFrontiers Media S.A.Frontiers in Big Data2624-909X2020-07-01310.3389/fdata.2020.00023544373Vulnerabilities of Connectionist AI Applications: Evaluation and DefenseChristian BerghoffMatthias NeuArndt von TwickelThis article deals with the IT security of connectionist artificial intelligence (AI) applications, focusing on threats to integrity, one of the three IT security goals. Such threats are for instance most relevant in prominent AI computer vision applications. In order to present a holistic view on the IT security goal integrity, many additional aspects, such as interpretability, robustness and documentation are taken into account. A comprehensive list of threats and possible mitigations is presented by reviewing the state-of-the-art literature. AI-specific vulnerabilities, such as adversarial attacks and poisoning attacks are discussed in detail, together with key factors underlying them. Additionally and in contrast to former reviews, the whole AI life cycle is analyzed with respect to vulnerabilities, including the planning, data acquisition, training, evaluation and operation phases. The discussion of mitigations is likewise not restricted to the level of the AI system itself but rather advocates viewing AI systems in the context of their life cycles and their embeddings in larger IT infrastructures and hardware devices. Based on this and the observation that adaptive attackers may circumvent any single published AI-specific defense to date, the article concludes that single protective measures are not sufficient but rather multiple measures on different levels have to be combined to achieve a minimum level of IT security for AI applications.https://www.frontiersin.org/article/10.3389/fdata.2020.00023/fullartificial intelligenceneural networkIT securityinterpretabilitycertificationadversarial attack |
| spellingShingle | Christian Berghoff Matthias Neu Arndt von Twickel Vulnerabilities of Connectionist AI Applications: Evaluation and Defense Frontiers in Big Data artificial intelligence neural network IT security interpretability certification adversarial attack |
| title | Vulnerabilities of Connectionist AI Applications: Evaluation and Defense |
| title_full | Vulnerabilities of Connectionist AI Applications: Evaluation and Defense |
| title_fullStr | Vulnerabilities of Connectionist AI Applications: Evaluation and Defense |
| title_full_unstemmed | Vulnerabilities of Connectionist AI Applications: Evaluation and Defense |
| title_short | Vulnerabilities of Connectionist AI Applications: Evaluation and Defense |
| title_sort | vulnerabilities of connectionist ai applications evaluation and defense |
| topic | artificial intelligence neural network IT security interpretability certification adversarial attack |
| url | https://www.frontiersin.org/article/10.3389/fdata.2020.00023/full |
| work_keys_str_mv | AT christianberghoff vulnerabilitiesofconnectionistaiapplicationsevaluationanddefense AT matthiasneu vulnerabilitiesofconnectionistaiapplicationsevaluationanddefense AT arndtvontwickel vulnerabilitiesofconnectionistaiapplicationsevaluationanddefense |