Microsoft and Partners Producing Competition to ‘Attack’ AI Security
REDMOND, Wash. — The artificial intelligence (AI) and security communities are being invited to participate in a competition to “attack” critical AI systems.
The competition is being produced by Microsoft and a group of partners — NVIDIA, CUJO AI, VM-Ray, and MRG Effitas, according to a post this week by Hyrum Anderson, principal architect of trustworthy machine learning, Microsoft.
The competition will reward participants who “efficiently evade” AI-based malware detectors and AI-based phishing detectors. It is dubbed the Machine Learning Security Evasion Competition (MLSEC).
Machine learning (ML) is powering critical applications in virtually every industry as well as infrastructure and cybersecurity.
Microsoft is seeing an “uptick of attacks” on commercial AI systems that could “compromise the confidentiality, integrity, and availability guarantees” of the systems, Anderson says.
Anderson cites several resources that back the need for competition and to “democratize knowledge to secure AI systems.”
Specifically, ML can be “manipulated to achieve an adversary’s goals,” as documented in ML security case studies by MITRE ATLAS.
When it comes to AI, security is the biggest hurdle facing companies, with the issue being cited by over 30 percent of senior IT leaders, according to a survey by CCS Insight.
However, 25 out of 28 organizations do not have the right tools to secure their AI systems, according to a Microsoft survey.
Academic researchers have been studying “how to attack” AI systems for about two decades, but “awareness among practitioners is low,” according to Anderson.
MLSEC will “highlight how security models can be evaded by motivated attackers and allow practitioners to exercise their muscles attacking critical machine learning systems used in cybersecurity,” Anderson says.
Christopher Cottrell, AI red team lead at NVIDIA, says, there’s “a lack of practical knowledge about securing or attacking AI systems in the security community.”
Two Competition Tracks
- Anti-Phishing Evasion Track: play the role of an attacker and attempt to evade a suite of anti-phishing models
- Anti-Malware Evasion track: change an existing malicious binary in a way that disguises it from the anti-malware model.
- MLSEC runs from August 6 to September 17, 2021. Registration will remain open throughout the duration of the competition.
- Winners will be announced on October 27, 2021 and contacted via email.
- Prizes for first place, honorable mentions, as well as a bonus prize will be awarded for each of the two tracks.