Git-Mirrors/advmlthreatmatrix
1
0
Fork 0
mirror of https://github.com/mitre/advmlthreatmatrix.git synced 2025-12-01 11:35:17 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update adversarial-ml-threat-matrix.md

Browse source
This commit is contained in:
ramtherunner 2020-10-15 23:03:37 -07:00 committed by GitHub
parent 72ef709574
commit 6eacefb754
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

20
pages/adversarial-ml-threat-matrix.md
View file

@ -1,5 +1,23 @@
## Adversarial ML Threat Matrix
Interactive Version to be built by MITRE. For Editable version, contact <Ramk@Microsoft.com>
## Structure of Adversarial ML Threat Matrix
Because the Adversarial ML Threat Matrix is fashioned after [ATT&CK Enterprise](https://attack.mitre.org/matrices/enterprise/), it retains the terminologies: for instance, the column heads of the Threat Matrix are called "Tactics" and the individual entities are called "Techniques".
However, there are two main differences:
1. ATT&CK Enterprise is generally designed for corporate network which is composed of many sub components like workstation, bastion hosts, database, network gear, active directory, cloud component and so on. The tactics of ATT&CK enterprise (initial access, persistence, etc) are really a short hand of saying initial access to *corporate network;* persistence *in corporate network.* In Adversarial ML Threat Matrix, we acknowledge that ML systems are part of corporate network but wanted to highlight the uniqueness of the attacks.
**Difference:** In the Adversarial ML Threat Matrix, the "Tactics" should be read as "reconnaissance of ML subsystem", "persistence in ML subsystem", "evading the ML subsystem"
2. When we analyzed real-world attacks on ML systems, we found out that attackers can pursue different strategies: Rely on traditional cybersecurity technique only; Rely on Adversarial ML techniques only; or Employ a combination of traditional cybersecurity techniques and ML techniques.
**Difference:** In Adversarial ML Threat Matrix, "Techniques" come in two flavors:
- Techniques in orange are specific to ML systems
- Techniques in white are applicable to both ML and non-ML systems and come directly from Enterprise ATT&CK
Note: The Adversarial ML Threat Matrix is not yet part of the ATT&CK matrix.
![Adversarial ML Threat Matrix](/resources/advmlthreatmatrix.png)