FRAME : Comprehensive Risk Assessment Framework for Adversarial Machine Learning Threats

The widespread adoption of machine learning (ML) systems increased attention to their security and emergence of adversarial machine learning (AML) techniques that exploit fundamental vulnerabilities in ML systems, creating an urgent need for comprehensive risk assessment for ML-based systems. While traditional risk assessment frameworks evaluate conventional cybersecurity risks, they lack ability to address unique challenges posed by AML threats. Existing AML threat evaluation approaches focus primarily on technical attack robustness, overlooking crucial real-world factors like deployment environments, system dependencies, and attack feasibility. Attempts at comprehensive AML risk assessment have been limited to domain-specific solutions, preventing application across diverse systems. Addressing these limitations, we present FRAME, the first comprehensive and automated framework for assessing AML risks across diverse ML-based systems. FRAME includes a novel risk assessment method that quantifies AML risks by systematically evaluating three key dimensions: target system's deployment environment, characteristics of diverse AML techniques, and empirical insights from prior research. FRAME incorporates a feasibility scoring mechanism and LLM-based customization for system-specific assessments. Additionally, we developed a comprehensive structured dataset of AML attacks enabling context-aware risk assessment. From an engineering application perspective, FRAME delivers actionable results designed for direct use by system owners with only technical knowledge of their systems, without expertise in AML. We validated it across six diverse real-world applications. Our evaluation demonstrated exceptional accuracy and strong alignment with analysis by AML experts. FRAME enables organizations to prioritize AML risks, supporting secure AI deployment in real-world environments.

Key Contributions

• FRAME: the first comprehensive automated AML risk assessment framework that quantifies threat risk across three dimensions—target system's deployment environment, attack technique characteristics, and empirical insights from prior research.
• Feasibility scoring mechanism and LLM-based customization module that adapts assessments to specific ML systems without requiring AML expertise from system owners.
• Structured dataset of AML attacks enabling context-aware risk scoring, validated against expert judgment across six diverse real-world applications including email security, O-RAN traffic steering, and satellite communication.

🛡️ Threat Analysis

Details

Similar Papers