Adversarial AI Attacks, Mitigations, and Defense Strategies A Cybersecurity Professional's Guide to AI Attacks, Threat Modeling, and Securing AI with MLSecOps
Understand how adversarial attacks work against predictive and generative AI, and learn how to safeguard AI and LLM projects with practical examples leveraging OWASP, MITRE, and NIST Key Features Understand the connection between AI and security by learning about adversarial AI attacks Discover the...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, UK :
Packt Publishing Ltd
[2024]
|
| Edición: | First edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009841735806719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright
- Dedication
- Contributors
- Table of Contents
- Preface
- Part 1: Introduction to Adversarial AI
- Chapter 1: Getting Started with AI
- Understanding AI and ML
- Types of ML and the ML life cycle
- Key algorithms in ML
- Neural networks and deep learning
- ML development tools
- Summary
- Further reading
- Chapter 2: Building Our Adversarial Playground
- Technical requirements
- Setting up your development environment
- Python installation
- Creating your virtual environment
- Installing packages
- Registering your virtual environment with Jupyter notebooks
- Verifying your installation
- Hands-on basic baseline ML
- Simple NNs
- Developing our target AI service with CNNs
- Setup and data collection
- Data exploration
- Data preprocessing
- Algorithm selection and building the model
- Model training
- Model evaluation
- Model deployment
- Inference service
- ML development at scale
- Google Colab
- AWS SageMaker
- Azure Machine Learning services
- Lambda Labs Cloud
- Summary
- Chapter 3: Security and Adversarial AI
- Technical requirements
- Security fundamentals
- Threat modeling
- Risks and mitigations
- DevSecOps
- Securing our adversarial playground
- Host security
- Network protection
- Authentication
- Data protection
- Access control
- Securing code and artifacts
- Secure code
- Securing dependencies with vulnerability scanning
- Secret scanning
- Securing Jupyter Notebooks
- Securing models from malicious code
- Integrating with DevSecOps and MLOps pipelines
- Bypassing security with adversarial AI
- Our first adversarial AI attack
- Traditional cybersecurity and adversarial AI
- Adversarial AI landscape
- Summary
- Part 2: Model Development Attacks
- Chapter 4: Poisoning Attacks
- Basics of poisoning attacks
- Definition and examples.
- Types of poisoning attacks
- Poisoning attack examples
- Why it matters
- Staging a simple poisoning attack
- Creating poisoned samples
- Backdoor poisoning attacks
- Creating backdoor triggers with ART
- Poisoning data with ART
- Hidden-trigger backdoor attacks
- Clean-label attacks
- Advanced poisoning attacks
- Mitigations and defenses
- Cybercity defenses with MLOps
- Anomaly detection
- Robustness tests against poisoning
- Advanced poisoning defenses with ART
- Adversarial training
- Creating a defense strategy
- Summary
- Chapter 5: Model Tampering with Trojan Horses and Model Reprogramming
- Injecting backdoors using pickle serialization
- Attack scenario
- Defenses and mitigations
- Injecting Trojan horses with Keras Lambda layers
- Attack scenario
- Defenses and mitigations
- Trojan horses with custom layers
- Attack scenario
- Defenses and mitigations
- Neural payload injection
- Attack scenario
- Defenses and mitigations
- Attacking edge AI
- Attack scenario
- Defenses and mitigations
- Model hijacking
- Trojan horse code injection
- Model reprogramming
- Summary
- Chapter 6: Supply Chain Attacks and Adversarial AI
- Traditional supply chain risks and AI
- Risks from outdated and vulnerable components
- Risks from AI's dependency on live data
- Securing AI from vulnerable components
- Enhanced security - allow approved-only packages
- Client configuration for private PyPI repositories
- Additional private PyPI security
- Use of SBOMs
- AI supply chain risks
- The double-edged sword of transfer learning
- Model poisoning
- Model tampering
- Secure model provenance and governance for pre-trained models
- MLOps and private model repositories
- Data poisoning
- Using data poisoning to affect sentiment analysis
- Defenses and mitigations
- AI/ML SBOMs
- Summary.
- Part 3: Attacks on Deployed AI
- Chapter 7: Evasion Attacks against Deployed AI
- Fundamentals of evasion attacks
- Importance of understanding evasion attacks
- Reconnaissance techniques for evasion attacks
- Perturbations and image evasion attack techniques
- Evasion attack scenarios
- One-step perturbation with FGSM
- Basic Iterative Method (BIM)
- Jacobian-based Saliency Map Attack (JSMA)
- Carlini and Wagner (C&
- W) attack
- Projected Gradient Descent (PGD)
- Adversarial patches - bridging digital and physical evasion techniques
- NLP evasion attacks with BERT using TextAttack
- Attack scenario - sentiment analysis
- Attack example
- Attack scenario - natural language inference
- Attack example
- Universal Adversarial Perturbations (UAPs)
- Attack scenario
- Attack example
- Black-box attacks with transferability
- Attack scenario
- Attack example
- Defending against evasion attacks
- Mitigation strategies overview
- Adversarial training
- Input preprocessing
- Model hardening techniques
- Model ensembles
- Certified defenses
- Summary
- Chapter 8: Privacy Attacks - Stealing Models
- Understanding privacy attacks
- Stealing models with model extraction attacks
- Functionally equivalent extraction
- Learning-based model extraction attacks
- Generative student-teacher extraction (distillation) attacks
- Attack example against our CIFAR-10 CNN
- Defenses and mitigations
- Prevention measures
- Detection measures
- Model ownership identification and recovery
- Summary
- Chapter 9: Privacy Attacks - Stealing Data
- Understanding model inversion attacks
- Types of model inversion attacks
- Exploitation of model confidence scores
- GAN-assisted model inversion
- Example model inversion attack
- Understanding inference attacks
- Attribute inference attacks
- Meta-classifiers.
- Poisoning-assisted inference
- Attack scenarios
- Mitigations
- Example attribute inference attack
- Membership inference attacks
- Statistical thresholds for ML leaks
- Label-only data transferring attack
- Blind membership inference attacks
- White box attacks
- Attack scenarios
- Mitigations
- Example membership inference attack using the ART
- Summary
- Chapter 10: Privacy-Preserving AI
- Privacy-preserving ML and AI
- Simple data anonymization
- Advanced anonymization
- K-anonymity
- Anonymization and geolocation data
- Anonymizing rich media
- Differential privacy (DP)
- Federated learning (FL)
- Split learning
- Advanced encryption options for privacy-preserving ML
- Secure multi-party computation (secure MPC)
- Homomorphic encryption
- Advanced ML encryption techniques in practice
- Applying privacy-preserving ML techniques
- Summary
- Part 4: Generative AI and Adversarial Attacks
- Chapter 11: Generative AI - A New Frontier
- A brief introduction to generative AI
- A brief history of the evolution of generative AI
- Generative AI technologies
- Using GANs
- Developing a GAN from scratch
- WGANs and custom loss functions
- Using pre-trained GANs
- Pix2Pix
- CycleGAN
- Pix2PixHD
- Progressive Growing of GANs (PGGAN)
- BigGAN
- StarGAN v2
- StyleGAN series
- Summary
- Chapter 12: Weaponizing GANs for Deepfakes and Adversarial Attacks
- Use of GANs for deepfakes and deepfake detection
- Using StyleGAN to generate convincing fake images
- Creating simple deepfakes with GANs using existing images
- Making direct changes to an existing image
- Using Pix2PixHD to synthesize images
- Fake videos and animations
- Other AI deepfake technologies
- Voice deepfakes
- Deepfake detection
- Using GANs in cyberattacks and offensive security
- Evading face verification.
- Compromising biometric authentication
- Password cracking with GANs
- Malware detection evasion
- GANs in cryptography and stenography
- Generating web attack payloads with GANs
- Generating adversarial attack payloads
- Defenses and mitigations
- Securing GANs
- GAN-assisted adversarial attacks
- Deepfakes, malicious content, and misinformation
- Summary
- Chapter 13: LLM Foundations for Adversarial AI
- A brief introduction to LLMs
- Developing AI applications with LLMs
- Hello LLM with Python
- Hello LLM with LangChain
- Bringing your own data
- How LLMs change Adversarial AI
- Summary
- Chapter 14: Adversarial Attacks with Prompts
- Adversarial inputs and prompt injection
- Direct prompt injection
- Prompt override
- Style injection
- Role-playing
- Impersonation
- Other jailbreaking techniques
- Automated gradient-based prompt injection
- Risks from bringing your own data
- Indirect prompt injection
- Data exfiltration with prompt injection
- Privilege escalation with prompt injection
- RCE with prompt injection
- Defenses and mitigations
- LLM platform defenses
- Application-level defenses
- Summary
- Chapter 15: Poisoning Attacks and LLMs
- Poisoning embeddings in RAG
- Attack scenarios
- Poisoning during embedding generation
- Direct embeddings poisoning
- Advanced embeddings poisoning
- Query embeddings manipulation
- Defenses and mitigations
- Poisoning attacks on fine-tuning LLMs
- Introduction to fine-tuning LLMs
- Fine-tuning poisoning attack scenarios
- Fine-tuning attack vectors
- Poisoning ChatGPT 3.5 with fine-tuning
- Defenses and mitigations against poisoning attacks in fine-tuning
- Summary
- Chapter 16: Advanced Generative AI Scenarios
- Supply-chain attacks in LLMs
- Publishing a poisoned LLM on Hugging Face
- Publishing a tampered LLM on Hugging Face.
- Other supply-chain risks for LLMs.
