Research and classification of the main types of attacks on artificial intelligence systems in cybersecurity

Authors

DOI:

https://doi.org/10.30837/rt.2025.1.220.07

Keywords:

artificial intelligence, cyberattacks, machine learning, cybersecurity, federated learning

Abstract

The modern development of artificial intelligence (AI) and machine learning (ML) opens up new opportunities in the field of cybersecurity, but at the same time creates serious challenges in the form of intelligent cyberattacks. The study is devoted to the analysis and classification of ways to use AI for malicious purposes and the study of effective methods to counter such threats. In particular, the article covers the main types of attacks using ML technologies, which demonstrate how attackers can manipulate machine learning algorithms, undermine trust in data, and bypass protection systems. Special attention is paid to the mechanisms of data poisoning attacks, as they are considered the most influential in machine learning, which involve introducing malicious data into the process of training models, which leads to distortion of results and undermines the effectiveness of security algorithms. Evasion attacks are also considered, in which attackers create unique data samples that can remain invisible to traditional threat detection systems. Privacy attacks are analyzed as a way to obtain confidential information from ML models, which can be used to steal user data. Abuse attacks demonstrate how attackers can use AI tools to automate attacks, scale phishing campaigns, and analyze vulnerabilities in defense systems. The relevance of the study is due to the fact that traditional approaches to cyber defense are no longer able to effectively counter threats that adapt and evolve due to machine learning. The article emphasizes the critical importance of researching defense methods, in particular, building reliable machine learning systems that have built-in mechanisms for detecting anomalies and adapting to new threats. One of the key approaches is federated learning, which allows training models without centralized data storage, reducing the risk of information leakage. The development of deep learning in the field of cyber defense is also considered, which allows analyzing behavioral patterns of threats in real time. The combination of technological measures with human control remains an important aspect, since, despite the power of AI tools, the human factor remains key in the process of ensuring cybersecurity. Thus, the article demonstrates the balance between the opportunities and threats of AI in the field of cybersecurity, emphasizing the need for further research in the direction of resilient ML models that can effectively resist attacks. Without proper regulation and control, AI can become not only a defender, but also a tool for attackers, which requires the development of new security strategies and international regulation in the field of cybersecurity.

References

Vassilev A., Oprea A., Fordyce A., Anderson H (2024) Adversarial Machine Learning: A Taxonomy and Ter-minology of Attacks and Mitigations. (National Institute of Standards and Technology, Gaithersburg, MD) NIST Artif-cial Intelligence (AI) Report, NIST Trustworthy and Responsible AI NIST AI 100-2e2023. Access mode: https://doi.org/10.6028/NIST.AI.100-2e2023.

Booth H., Souppaya M., Vassilev A., Ogata M., Stanley M., Scarfone K. (2024) Secure Development Practices for Generative AI and Dual-Use Foundation AI Models: An SSDF Community Profile. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-218A. Access mode: https://doi.org/10.6028/NIST.SP.800-218A.

Oprea A., Singhal A. and Vassilev A. Poisoning Attacks Against Machine Learning: Can Machine Learning Be Trustworthy? // Computer. 2022. Vol. 55, no. 11. P. 94–99. doi: 10.1109/MC.2022.3190787.

Hui Wei, Hao Tang, Xuemei Jia, Zhixiang Wang, Hanxun Yu, Zhubo Li, Shin'ichi Satoh, Luc Van Gool, Zheng Wang. Physical Adversarial Attack Meets Computer Vision: A Decade Survey // IEEE Transactions on Pattern Analysis and Machine Intelligence. 2024. Vol. 46, no. 12. P. 9797–9817.

Anjan K. Koundinya S. S. Patil, Chandu B. R. Data Poisoning Attacks in Cognitive Computing // IEEE 9th In-ternational Conference for Convergence in Technology (I2CT). 2024. P.1–4.

National Institute of Standards and Technology. Artifcial Intelligence Risk Management Framework. 2023. (AI RMF 1.0). Access mode: https://doi.org/10.6028/NIST.AI.100-1.

Battista Biggio and Fabio Roli. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, 84:317–331, December 2018.

Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daume III, and Tudor Dumitras. When does machine learning FAIL? generalized transferability for evasion and poisoning attacks // 27th USENIX Security Symposium (USENIX Security 18). 2018. P. 1299–1316.

Battista Biggio, Blaine Nelson, and Pavel Laskov. Poisoning attacks against support vector machines // Pro-ceedings of the 29th International Conference on International Conference on Machine Learning, ICML, 2012.

Yingqi Liu, Shiqing Ma, Yousra Aafer, Wen-Chuan Lee, Juan Zhai, Weihang Wang, and Xiangyu Zhang. Tro-janing attack on neural networks // NDSS. The Internet Society, 2018.

Kairouz, Peter; McMahan, H. Brendan; Avent, Brendan; Bellet, Aurélien; Bennis, Mehdi; Bhagoji, Arjun Nitin; Bonawitz, Kallista; Charles, Zachary; Cormode, Graham (June 22, 2021). Advances and Open Problems in Fed-erated Learning // Foundations and Trends in Machine Learning 14 (1-2): doi:10.1561/2200000083. ISSN 1935-8237.

Yingqi Liu, Shiqing Ma, Yousra Aafer, Wen-Chuan Lee, Juan Zhai, Weihang Wang, and Xiangyu Zhang. Tro-janing attack on neural networks // NDSS. The Internet Society, 2018.

Kairouz, Peter, McMahan, H. Brendan, Avent Brendan, Bellet Aurélien, Bennis Mehdi, Bhagoji Arjun Nitin, Bonawitz Kallista, Charles Zachary, Cormode Graham (June 22, 2021). Advances and Open Problems in Federated Learning // Foundations and Trends in Machine Learning 14 (1-2). doi:10.1561/2200000083. ISSN 1935-8237.

Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. Intriguing properties of neural networks // International Conference on Learning Representations, 2014.

Ian Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and harnessing adversarial examples // International Conference on Learning Representations, 2015.

Nicholas Carlini, Chang Liu, Ulfar Erlingsson, Jernej Kos, and Dawn Song. The Secret Sharer: Evaluating and testing unintended memorization in neural networks // USENIX Security Symposium, USENIX 19). 2019. P. 267–284. Access mode: https://arxiv. org/abs/1802.08232.

Nicholas Carlini, Florian Tramer, Eric Wallace, Matthew Jagielski, Ariel Herbert - Voss, Katherine Lee, Adam Roberts, Tom Brown, Dawn Song, Ulfar Erlingsson, Alina Oprea, and Colin Raffel. Extracting training data from large language models // 30th USENIX Security Symposium (USENIX Security 21). 2021. P. 2633–2650. USENIX As-sociation, August 2021.

Karan Ganju, Qi Wang, Wei Yang, Carl A. Property inference attacks on fully connected neural networks us-ing permutation invariant representations // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS '18, pages 619-633, New York, NY, USA, 2018. Association for Computing Machinery.

Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daume III, and Tudor Dumitras. When does machine learning FAIL? generalized transferability for evasion and poisoning attacks // 27th USENIX Security Symposium (USENIX Security 18). 2018. P. 1299–1316.

Battista Biggio, Blaine Nelson, and Pavel Laskov. Poisoning attacks against support vector machines // Pro-ceedings of the 29th International Conference on International Conference on Machine Learning, ICML, 2012.

Nihad Hassan. What is data poisoning (AI poisoning) and how does it work? Search Enterprise AI, TechTar-get, 2024. Access mode: https://www.techtarget.com/searchenterpriseai/definition/data-poisoning-AI-poisoning.

Ilias Diakonikolas, Gautam Kamath, Daniel Kane, Jerry Li, Jacob Steinhardt, and Alistair Stewart. Sever: A robust meta-algorithm for stochastic optimization. In International Conference on Machine Learning. PMLR, 2019. P.1596–1606.

Elan Rosenfeld, Ezra Winston, Pradeep Ravikumar, and Zico Kolter. Certified robustness to label-fipping at-tacks via randomized smoothing. In International Conference on Machine Learning. PMLR, 2020. P. 8230–8241.

The Tactics & Techniques of Adversarial Machine Learning. HiddenLayer. 2022. Access mode: https://hiddenlayer.com/innovation-hub/the-tactics-and-techniques-of-adversarial-ml.

Chi Zhang, Zifan Wang, Ravi Mangal, Matt Fredrikson, Limin Jia, Corina Pasareanu. Transfer Attacks and Defenses for Large Language Models on Coding Tasks. November 22, 2023. Access mode: https://doi.org/10.48550/arXiv.2311.13445.

D. Li and Q. Li. Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection // IEEE Transactions on Information Forensics and Security. June 30, 2022. Access mode: https://doi.org/10.48550/arXiv.2006.16545.

Vassilev A., Oprea A., Fordyce A., Anderson H. (2025) Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. (National Institute of Standards and Technology, Gaithersburg, MD) NIST Ar-tifcial Intelligence (AI) Report, NIST Trustworthy and Responsible AI NIST AI 100-2e2025. Access mode: https://doi.org/10.6028/NIST.AI.100-2e2025.

Downloads

Published

2025-04-10

How to Cite

Golikov, Y., & Ostrianska, Y. (2025). Research and classification of the main types of attacks on artificial intelligence systems in cybersecurity. Radiotekhnika, (220), 82–91. https://doi.org/10.30837/rt.2025.1.220.07

Issue

No. 220 (2025): Radiotekhnika

Section

Articles

License

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).