This domain is intended to codify the landscape of threats to a ML system.
NOTE A number of categories map directly to techniques codified in MITRE ATLAS. In future, we intend to cover the full landscape of adversarial ML attacks under the Security domain.
Last updated
| ID | Sub-ID | Name | Description |
|---|---|---|---|
S0100
Software Vulnerability
Vulnerability in system around modelโa traditional vulnerability
S0200
Compromising development components of a ML model, e.g. data, model, hardware, and software stack.
S0201
Model Compromise
Infected model file
S0202
Software compromise
Upstream Dependency Compromise
S0300
Over-permissive API
Unintended information leakage through API
S0301
Information Leak
Cloud Model API leaks more information than it needs to
S0302
Excessive Queries
Cloud Model API isnโt sufficiently rate limited
S0400
Intentionally try to make a model perform poorly
S0401
Bad Features
The model uses features that are easily gamed by the attacker
S0402
Insufficient Training Data
The bypass is not represented in the training data
S0403
Adversarial Example
Input data points intentionally supplied to draw mispredictions. Potential Cause: Over permissive API
S0500
Directly or indirectly exfiltrate ML artifacts
S0501
Model inversion
Reconstruct training data through strategic queries
S0502
Model theft
Extract model functionality through strategic queries
S0600
Usage of poisoned data in the ML pipeline
S0601
Ingest Poisoning
Attackers inject poisoned data into the ingest pipeline