-
Establishing Minimum Elements for Effective Vulnerability Management in AI Software
Authors:
Mohamad Fazelnia,
Sara Moshtari,
Mehdi Mirakhorli
Abstract:
In the rapidly evolving field of artificial intelligence (AI), the identification, documentation, and mitigation of vulnerabilities are paramount to ensuring robust and secure systems. This paper discusses the minimum elements for AI vulnerability management and the establishment of an Artificial Intelligence Vulnerability Database (AIVD). It presents standardized formats and protocols for disclos…
▽ More
In the rapidly evolving field of artificial intelligence (AI), the identification, documentation, and mitigation of vulnerabilities are paramount to ensuring robust and secure systems. This paper discusses the minimum elements for AI vulnerability management and the establishment of an Artificial Intelligence Vulnerability Database (AIVD). It presents standardized formats and protocols for disclosing, analyzing, cataloging, and documenting AI vulnerabilities. It discusses how such an AI incident database must extend beyond the traditional scope of vulnerabilities by focusing on the unique aspects of AI systems. Additionally, this paper highlights challenges and gaps in AI Vulnerability Management, including the need for new severity scores, weakness enumeration systems, and comprehensive mitigation strategies specifically designed to address the multifaceted nature of AI vulnerabilities.
△ Less
Submitted 18 November, 2024;
originally announced November 2024.
-
Lessons from the Use of Natural Language Inference (NLI) in Requirements Engineering Tasks
Authors:
Mohamad Fazelnia,
Viktoria Koscinski,
Spencer Herzog,
Mehdi Mirakhorli
Abstract:
We investigate the use of Natural Language Inference (NLI) in automating requirements engineering tasks. In particular, we focus on three tasks: requirements classification, identification of requirements specification defects, and detection of conflicts in stakeholders' requirements. While previous research has demonstrated significant benefit in using NLI as a universal method for a broad spectr…
▽ More
We investigate the use of Natural Language Inference (NLI) in automating requirements engineering tasks. In particular, we focus on three tasks: requirements classification, identification of requirements specification defects, and detection of conflicts in stakeholders' requirements. While previous research has demonstrated significant benefit in using NLI as a universal method for a broad spectrum of natural language processing tasks, these advantages have not been investigated within the context of software requirements engineering. Therefore, we design experiments to evaluate the use of NLI in requirements analysis. We compare the performance of NLI with a spectrum of approaches, including prompt-based models, conventional transfer learning, Large Language Models (LLMs)-powered chatbot models, and probabilistic models. Through experiments conducted under various learning settings including conventional learning and zero-shot, we demonstrate conclusively that our NLI method surpasses classical NLP methods as well as other LLMs-based and chatbot models in the analysis of requirements specifications. Additionally, we share lessons learned characterizing the learning settings that make NLI a suitable approach for automating requirements engineering tasks.
△ Less
Submitted 24 April, 2024;
originally announced May 2024.
-
Supporting AI/ML Security Workers through an Adversarial Techniques, Tools, and Common Knowledge (AI/ML ATT&CK) Framework
Authors:
Mohamad Fazelnia,
Ahmet Okutan,
Mehdi Mirakhorli
Abstract:
This paper focuses on supporting AI/ML Security Workers -- professionals involved in the development and deployment of secure AI-enabled software systems. It presents AI/ML Adversarial Techniques, Tools, and Common Knowledge (AI/ML ATT&CK) framework to enable AI/ML Security Workers intuitively to explore offensive and defensive tactics.
This paper focuses on supporting AI/ML Security Workers -- professionals involved in the development and deployment of secure AI-enabled software systems. It presents AI/ML Adversarial Techniques, Tools, and Common Knowledge (AI/ML ATT&CK) framework to enable AI/ML Security Workers intuitively to explore offensive and defensive tactics.
△ Less
Submitted 9 November, 2022;
originally announced November 2022.
-
Attacks, Defenses, And Tools: A Framework To Facilitate Robust AI/ML Systems
Authors:
Mohamad Fazelnia,
Igor Khokhlov,
Mehdi Mirakhorli
Abstract:
Software systems are increasingly relying on Artificial Intelligence (AI) and Machine Learning (ML) components. The emerging popularity of AI techniques in various application domains attracts malicious actors and adversaries. Therefore, the developers of AI-enabled software systems need to take into account various novel cyber-attacks and vulnerabilities that these systems may be susceptible to.…
▽ More
Software systems are increasingly relying on Artificial Intelligence (AI) and Machine Learning (ML) components. The emerging popularity of AI techniques in various application domains attracts malicious actors and adversaries. Therefore, the developers of AI-enabled software systems need to take into account various novel cyber-attacks and vulnerabilities that these systems may be susceptible to. This paper presents a framework to characterize attacks and weaknesses associated with AI-enabled systems and provide mitigation techniques and defense strategies. This framework aims to support software designers in taking proactive measures in developing AI-enabled software, understanding the attack surface of such systems, and developing products that are resilient to various emerging attacks associated with ML. The developed framework covers a broad spectrum of attacks, mitigation techniques, and defensive and offensive tools. In this paper, we demonstrate the framework architecture and its major components, describe their attributes, and discuss the long-term goals of this research.
△ Less
Submitted 18 February, 2022;
originally announced February 2022.
