A Comprehensive Artificial Intelligence Vulnerability Taxonomy





Artificial Intelligence, Vulnerability, Framework


With the rise of artificial intelligence (AI) systems and machine learning (ML), there is a need for a comprehensive vulnerability framework that takes into account the specifics of AI systems. A review of the currently available frameworks shows that even though there have been some efforts to create AI specific frameworks, the end results have been flawed. Previous work analysed for this paper include AVID, Mitre ATLAS, Google Secure AI Framework, Attacking Artificial Intelligence, OWASP AI security and privacy guide, and ENISA Multilayer framework for good cybersecurity practices in AI. While only AVID is intended to be an AI/ML focused vulnerability framework, it has some weaknesses that are discussed further in the paper. Of the other works especially the ENISA framework has a valuable way of determining AI domains that can be affected by vulnerabilities. In our taxonomy proposal the first part of the evaluation process is determining the location in the AI system lifecycle that the vulnerability affects. The second part is determining which attributes of technical AI trustworthiness are compromised by the vulnerability. The third part is determining the possible impact of the vulnerability being exploited on a seven-step scale from the AI system functioning correctly, to it performing unintended, attacker directed actions outside the bounds it is supposed to function in. We also evaluate two known AI vulnerabilities based on our taxonomy proposal to showcase the benefits in comparison to existing frameworks.

Author Biographies

Arttu Pispa, National Defense University

Sc. Arttu Pispa is a doctoral student at National Defense University concentrating on cyber security of autonomous systems. He has a M. Sc. degree from Aalto University School of Chemical Engineering. By trade he is a cyber security consultant focusing on industrial and IoT/IIoT cyber security.

Kimmo Halunen, National Defense University

Professor, D. Sc. (Tech.), Kimmo Halunen, Professor of Cybersecurity at the University of Oulu and National Defence University in Finland. He has obtained his D. Sc. (Tech.) in computer engineering on hash function security in 2012 and has over 40 publications related to security, cryptography and blockchain technology in refereed conferences and journals.