Share

Countering threats to artificial intelligence systems

#AI #Cybersecurity #PARTICUL #PyRAT

As artificial intelligence (AI) has improved, systems based on the technology have seen their popularity skyrocket. The PyRAT and PARTICUL tools developed by CEA-List enable detection and protection against adversarial attacks.

What it is for

Securing AI against threats using tools PARTICUL and PyRAT

AI is now a key component in growing numbers of consumer and business solutions, making it a part of our daily lives. Like all information systems, AI systems are vulnerable to a variety of attacks throughout the development cycle, from data acquisition to training to implementation. It is well-known that AI systems are fragile when faced with attacks: As early as 2014 researchers demonstrated that an AI’s output could be altered by disturbances—invisible to the naked eye—introduced into the images input into the system. Patch attacks operate along the same lines: Adversarial pixels are injected into an image next to an object of interest, altering how the AI recognizes the object.

CEA-List combined its PyRAT and PARTICUL tools in a new solution designed to fend off these attacks. PyRAT, a formal neural network verification tool, leverages abstract interpretation, providing strong mathematical guarantees of the security of an AI model. PARTICUL is used to build detectors of recurrent parts in a data set and assign a confidence score as to whether these parts are in the model inputs. When combined during AI system validation and monitoring, these tools help detect and fend off adversarial attacks once the AI system has been deployed.

Advantages

Broad detection capabilities

  • The method proposed by CEA-List combines formal security verification using PyRAT and empirical verification over a broader detection range with PARTICUL. Together, the two tools provide very broad attack detection capabilities. PyRAT provides a more robust analysis of bounded disturbances invisible to the naked eye, while PARTICUL is designed to perform better on attacks that show up in its detectors.
  • Used at the end of model training and during monitoring, PyRAT and PARTICUL cover different stages of the AI lifecycle, providing indicators of an AI’s vulnerability—which can then also be used to retrain the model.

Detecting adversarial attacks with PyRAT and PARTICUL at different stages of development

Applications

AI evaluation and monitoring
  • Runtime attack detection for AI-based image classification tasks

Publications

  • Neural Network Verification with PyRAT. Augustin Lemesle, Julien Lehmann, Tristan Le Gall. https://arxiv.org/abs/2410.23903
  • Contextualised Out-of-Distribution Detection using Pattern Identication. Romain Xu-Darme, Julien Girard-Satabin, Darryl Hond, Gabriele Incorvaia, Zakaria Chihani. https://arxiv.org/abs/2311.12855
  • PARTICUL: Part Identification with Confidence measure using Unsupervised Learning. Romain Xu-Darme, Georges Quénot, Zakaria Chihani, Marie-Christine Rousset. https://arxiv.org/abs/2206.13304

See also

Focus areas

Cybersecurity: toward safety and privacy by design
Cybersecurity is at the heart of digital sovereignty, and an essential constituent of modern societies. As a crucial element for peace and security in cyberspace, it is an invisible but key enabler fo...
Read more
#Cybersecurity #software analysis #surety
Technology platforms

Cybersecurity
Cybersecurity is about analyzing vulnerabilities in complex digital systems and using innovative technologies to find new ways of preventing cyberattacks.
Read more
#neural networks #PyRAT #responsible AI
2024 Activity Report

PyRAT wins formal verification competition
CEA-List researchers developed PyRAT, a formal verification tool for neural networks, to respond to growing demand for more reliable AI-based systems.
Read more