If you are reading this blog post via a 3rd party source it is very likely that many parts of it will not render correctly (usually, the interactive graphs). Please view the post on dogesec.com for the full interactive viewing experience.
Overview
MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is a knowledge-base designed to address the growing concern of adversarial threats targeting AI and machine learning (ML) systems.
ATLAS provides a comprehensive framework to identify, classify, and mitigate risks to AI models, ensuring the resilience of these systems in real-world applications.
At its core, ATLAS adapts the principles of the widely acclaimed MITRE ATT&CK framework to the unique challenges posed by AI systems. It catalogs tactics, techniques, and case studies of adversarial threats, ranging from data poisoning during training phases to model evasion and inference attacks.
Like ATT&CK, you can explore the Matrix starting at the tactic and technique level;
In an earlier post I showed you the data structure of MITRE ATT&CK, PSA: MITRE ATT&CK is More Than Tactics and Techniques. I aim to achieve a similar thing in this post to lift the lid on ATLAS.
ATLAS STIX objects
Like ATT&CK, ATLAS data is built on STIX objects and structured like so;
Lets break this down by looking at each ATLAS object type individually to show how I built this diagram;
Follow along
In this post I am going to provide queries you can use to analyse and filter MITRE ATLAS data.
If you would like to follow along, and keep a searchable copy of ATLA locally, you can import the data using stix2arango.
Once you’ve installed stix2arango, you can run the following command to import v15.1 of the MITRE ATT&CK Enterprise, ICS, and Mobile data;
python3 utilities/arango_cti_processor/insert_archive_atlas.py \
--database blog_demo \
--versions 4_7_0
You can then use the query interface in the ArangoDB UI to run the AQL queries in this post.
Understanding the STIX objects
ATLAS object Collection = STIX object x-mitre-collection
These are similar to x-mitre-matrix object (shown next), but include a list of ALL objects in ATLAS under the x_mitre_contents property (not just tactics as the x-mitre-matrix does).
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "x-mitre-collection"
LET keys = ATTRIBUTES(doc)
LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
RETURN [KEEP(doc, filteredKeys)]
{
"created": "2021-05-13T00:00:00Z",
"created_by_ref": "identity--960285c2-9771-4b17-bb57-e0bb8ede54b0",
"description": "Adversarial Threat Landscape for AI Systems - 4.7.0",
"id": "x-mitre-collection--e5bdfbe4-10e3-4794-82b9-0992f3e4fa09",
"modified": "2024-10-01T00:00:00Z",
"name": "ATLAS",
"spec_version": "2.1",
"type": "x-mitre-collection",
"x_mitre_attack_spec_version": "2.1.0",
"x_mitre_contents": [
{
"object_ref": "x-mitre-tactic--9ceaa8fe-57f1-4923-a4a5-121b5111139c",
"object_modified": "2024-10-29T21:59:42.801158Z"
},
{
"object_ref": "x-mitre-tactic--1fa998a1-d720-488c-b156-b569fe4e6308",
"object_modified": "2024-10-29T21:59:49.487053Z"
},
{
"OTHER ITEMS IN LIST CUT FOR BREVITY"
}
],
"x_mitre_version": "0.1"
}
Returns 1 object in v4.7.0.
To see what x-mitre-collection objects are linked to/from;
FOR doc IN mitre_atlas_edge_collection
FILTER CONTAINS(doc.source_ref, "x-mitre-collection")
OR CONTAINS(doc.target_ref, "x-mitre-collection")
AND doc._stix2arango_note == "v4.7.0"
LET source_ref_prefix = SPLIT(doc.source_ref, "--")[0]
LET target_ref_prefix = SPLIT(doc.target_ref, "--")[0]
RETURN DISTINCT {
"relationship_type": doc.relationship_type,
"source_ref_object_type": source_ref_prefix,
"target_ref_object_type": target_ref_prefix,
"_is_ref": doc._is_ref
}
ATLAS object Matrix = STIX object x-mitre-matrix
In ATLAS, only one domain exists (unlike 3 in ATT&CK), so the query…
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "x-mitre-matrix"
AND doc.x_mitre_deprecated != true
AND doc.revoked != true
LET keys = ATTRIBUTES(doc)
LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
RETURN [KEEP(doc, filteredKeys)]
{
"created": "2021-05-13T00:00:00.000Z",
"description": "ATLAS matrix for ATLAS Matrix - 4.7.0",
"external_references": [
{
"source_name": "mitre-atlas",
"url": "https://atlas.mitre.org",
"external_id": "mitre-atlas"
}
],
"id": "x-mitre-matrix--70183b8a-1660-4cfe-b05b-50d2ed9adbc2",
"modified": "2024-10-01T00:00:00.000Z",
"name": "ATLAS Matrix",
"spec_version": "2.1",
"tactic_refs": [
"x-mitre-tactic--9ceaa8fe-57f1-4923-a4a5-121b5111139c",
"x-mitre-tactic--1fa998a1-d720-488c-b156-b569fe4e6308",
"x-mitre-tactic--14ef1e2d-f902-450a-a7e8-b032e318bb86",
"x-mitre-tactic--2666e534-bf47-4656-9404-e90afe41f4a7",
"x-mitre-tactic--b777d4af-fbe8-4e44-9917-c5c5542a7147",
"x-mitre-tactic--4a088a36-6786-4486-a3ea-3c3576d61daa",
"x-mitre-tactic--ef06a48d-1ccb-42c6-b5dd-2770a58f02d8",
"x-mitre-tactic--35a4b685-8a9f-4f66-bef0-92c8a5fd8411",
"x-mitre-tactic--b7c3883a-1ae7-47cd-bd53-024c79ac833a",
"x-mitre-tactic--b3f5fda4-a31a-4a74-9588-995b143d3436",
"x-mitre-tactic--76d8d1bc-98fb-406a-a88d-a70649ad9365",
"x-mitre-tactic--528bc2da-8855-44c0-9e45-ab92c179bf6f",
"x-mitre-tactic--55e80a13-be94-43ba-aa57-e6c5cb822864",
"x-mitre-tactic--4386734e-fa57-4700-95b8-e76b8cab8ab3"
],
"type": "x-mitre-matrix"
}
Only returns one result. The ATLAS Matrix, and all the Tactics that belong to it.
To see what x-mitre-matrix objects are linked to/from;
FOR doc IN mitre_atlas_edge_collection
FILTER CONTAINS(doc.source_ref, "x-mitre-matrix")
OR CONTAINS(doc.target_ref, "x-mitre-matrix")
AND doc._stix2arango_note == "v4.7.0"
LET source_ref_prefix = SPLIT(doc.source_ref, "--")[0]
LET target_ref_prefix = SPLIT(doc.target_ref, "--")[0]
RETURN DISTINCT {
"relationship_type": doc.relationship_type,
"source_ref_object_type": source_ref_prefix,
"target_ref_object_type": target_ref_prefix,
"_is_ref": doc._is_ref
}
ATLAS object Tactic = STIX object x-mitre-tactic
Tactics (x-mitre-tactic--) represent the “why” of a technique: the reason for performing an action. Tactics serve as useful contextual categories for individual techniques and cover standard notations for things adversaries do during an operation.
https://atlas.mitre.org/tactics
Tactics have IDs in format: AML.TANNNN
For example, Tactic AML.TA0002 Reconnaissance: https://atlas.mitre.org/tactics/AML.TA0002
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "x-mitre-tactic"
AND IS_ARRAY(doc.external_references)
LET matchingExtRefs = (
FOR extRef IN doc.external_references
FILTER extRef.external_id == "AML.TA0002"
RETURN extRef
)
FILTER LENGTH(matchingExtRefs) > 0
LET keys = ATTRIBUTES(doc)
LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
RETURN KEEP(doc, filteredKeys)
{
"created": "2024-10-29T21:59:42.801158Z",
"description": "The adversary is trying to gather information about the machine learning system they can use to plan future operations.\n\nReconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting.\nSuch information may include details of the victim organizations' machine learning capabilities and research efforts.\nThis information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to obtain relevant ML artifacts, targeting ML capabilities used by the victim, tailoring attacks to the particular models used by the victim, or to drive and lead further Reconnaissance efforts.\n",
"external_references": [
{
"source_name": "mitre-atlas",
"url": "https://atlas.mitre.org/tactics/AML.TA0002",
"external_id": "AML.TA0002"
}
],
"id": "x-mitre-tactic--9ceaa8fe-57f1-4923-a4a5-121b5111139c",
"modified": "2024-10-29T21:59:42.801158Z",
"name": "Reconnaissance",
"spec_version": "2.1",
"type": "x-mitre-tactic",
"x_mitre_shortname": "reconnaissance"
}
To return all x-mitre-tactic objects:
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "x-mitre-tactic"
LET keys = ATTRIBUTES(doc)
LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
RETURN KEEP(doc, filteredKeys)
Returns 14 results in v4.7.0.
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "x-mitre-tactic"
RETURN doc.name
[
"Reconnaissance",
"Resource Development",
"Initial Access",
"ML Model Access",
"Execution",
"Persistence",
"Privilege Escalation",
"Defense Evasion",
"Credential Access",
"Discovery",
"Collection",
"ML Attack Staging",
"Exfiltration",
"Impact"
]
To see what x-mitre-tactic objects are linked to/from;
FOR doc IN mitre_atlas_edge_collection
FILTER CONTAINS(doc.source_ref, "x-mitre-tactic")
OR CONTAINS(doc.target_ref, "x-mitre-tactic")
AND doc._stix2arango_note == "v4.7.0"
LET source_ref_prefix = SPLIT(doc.source_ref, "--")[0]
LET target_ref_prefix = SPLIT(doc.target_ref, "--")[0]
RETURN DISTINCT {
"relationship_type": doc.relationship_type,
"source_ref_object_type": source_ref_prefix,
"target_ref_object_type": target_ref_prefix,
"_is_ref": doc._is_ref
}
ATLAS object Technique = STIX object attack-pattern
Techniques represent “how” an adversary achieves a tactical objective by performing an action. For example, an adversary may gain initial access by compromising the machine learning (ML) supply chain.
https://atlas.mitre.org/techniques
Techniques have IDs in format: AML.TNNNN
- For example, Technique AML.T0000 Search for Victim’s Publicly Available Research Materials
- https://atlas.mitre.org/techniques/AML.T0000
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "attack-pattern"
AND doc.x_mitre_is_subtechnique != true
AND IS_ARRAY(doc.external_references)
LET matchingExtRefs = (
FOR extRef IN doc.external_references
FILTER extRef.external_id == "AML.T0000"
RETURN extRef
)
FILTER LENGTH(matchingExtRefs) > 0
LET keys = ATTRIBUTES(doc)
LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
RETURN KEEP(doc, filteredKeys)
{
"created": "2021-05-13T00:00:00.000Z",
"description": "Adversaries may search publicly available research to learn how and where machine learning is used within a victim organization.\nThe adversary can use this information to identify targets for attack, or to tailor an existing attack to make it more effective.\nOrganizations often use open source model architectures trained on additional proprietary data in production.\nKnowledge of this underlying architecture allows the adversary to craft more realistic proxy models ([Create Proxy ML Model](/techniques/AML.T0005)).\nAn adversary can search these resources for publications for authors employed at the victim organization.\n\nResearch materials may exist as academic papers published in [Journals and Conference Proceedings](/techniques/AML.T0000.000), or stored in [Pre-Print Repositories](/techniques/AML.T0000.001), as well as [Technical Blogs](/techniques/AML.T0000.002).\n",
"external_references": [
{
"source_name": "mitre-atlas",
"url": "https://atlas.mitre.org/techniques/AML.T0000",
"external_id": "AML.T0000"
}
],
"id": "attack-pattern--65d21e6b-7abe-4623-8f5c-88011cb362cb",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-atlas",
"phase_name": "reconnaissance"
}
],
"modified": "2021-05-13T00:00:00.000Z",
"name": "Search for Victim's Publicly Available Research Materials",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_platforms": [
"ATLAS"
]
}
To return all Technique objects:
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "attack-pattern"
AND doc.x_mitre_is_subtechnique != true
LET keys = ATTRIBUTES(doc)
LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
RETURN KEEP(doc, filteredKeys)
Returns 52 results in v4.7.0.
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "attack-pattern"
AND doc.x_mitre_is_subtechnique != true
RETURN doc.name
[
"Search for Victim's Publicly Available Research Materials",
"Search for Publicly Available Adversarial Vulnerability Analysis",
"Search Victim-Owned Websites",
"Search Application Repositories",
"Active Scanning",
"Acquire Public ML Artifacts",
"Obtain Capabilities",
"Develop Capabilities",
"Acquire Infrastructure",
"Publish Poisoned Datasets",
"ML Supply Chain Compromise",
"AI Model Inference API Access",
"ML-Enabled Product or Service",
"Physical Environment Access",
"Full ML Model Access",
"Discover ML Model Ontology",
"Discover ML Model Family",
"Poison Training Data",
"Establish Accounts",
"Create Proxy ML Model",
"Discover ML Artifacts",
"User Execution",
"Valid Accounts",
"Evade ML Model",
"Backdoor ML Model",
"Exfiltration via ML Inference API",
"Exfiltration via Cyber Means",
"Denial of ML Service",
"Spamming ML System with Chaff Data",
"Erode ML Model Integrity",
"Cost Harvesting",
"ML Artifact Collection",
"Data from Information Repositories",
"Data from Local System",
"Verify Attack",
"Craft Adversarial Data",
"External Harms",
"Exploit Public-Facing Application",
"Command and Scripting Interpreter",
"LLM Prompt Injection",
"Phishing",
"LLM Plugin Compromise",
"LLM Jailbreak",
"Unsecured Credentials",
"LLM Meta Prompt Extraction",
"LLM Data Leakage",
"Publish Poisoned Models",
"Erode Dataset Integrity",
"Publish Hallucinated Entities",
"LLM Prompt Self-Replication",
"Discover LLM Hallucinations",
"Discover AI Model Outputs"
]
To see what Technique objects are linked to/from;
LET attack_pattern_ids = (
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "attack-pattern"
AND doc.x_mitre_is_subtechnique != true
RETURN doc.id
)
FOR doc IN mitre_atlas_edge_collection
FILTER (CONTAINS(doc.source_ref, "attack-pattern") OR CONTAINS(doc.target_ref, "attack-pattern"))
AND (doc.source_ref IN attack_pattern_ids OR doc.target_ref IN attack_pattern_ids)
AND doc._stix2arango_note == "v4.7.0"
LET source_ref_prefix = SPLIT(doc.source_ref, "--")[0]
LET target_ref_prefix = SPLIT(doc.target_ref, "--")[0]
RETURN DISTINCT {
"relationship_type": doc.relationship_type,
"source_ref_object_type": source_ref_prefix,
"target_ref_object_type": target_ref_prefix,
"_is_ref": doc._is_ref
}
ATLAS object Sub-Technique = STIX object attack-pattern
Sub-Techniques (attack-pattern with Custom Property "x_mitre_is_subtechnique": true) are a more specific implementation of a Technique (they are children to a parent).
For example, AML.T0000.000 Journals and Conference Proceedings us a Sub-Technique of Technique AML.T0000 Search for Victim’s Publicly Available Research Materials.
Sub-technique have IDs in format: AML.TNNNN.NNN
For example, Sub-Technique AML.T0000.000 Journals and Conference Proceedings: https://atlas.mitre.org/techniques/AML.T0000.000
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "attack-pattern"
AND doc.x_mitre_is_subtechnique == true
AND IS_ARRAY(doc.external_references)
LET matchingExtRefs = (
FOR extRef IN doc.external_references
FILTER extRef.external_id == "AML.T0000.000"
RETURN extRef
)
FILTER LENGTH(matchingExtRefs) > 0
LET keys = ATTRIBUTES(doc)
LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
RETURN KEEP(doc, filteredKeys)
{
"created": "2021-05-13T00:00:00.000Z",
"description": "Many of the publications accepted at premier machine learning conferences and journals come from commercial labs.\nSome journals and conferences are open access, others may require paying for access or a membership.\nThese publications will often describe in detail all aspects of a particular approach for reproducibility.\nThis information can be used by adversaries to implement the paper.\n",
"external_references": [
{
"source_name": "mitre-atlas",
"url": "https://atlas.mitre.org/techniques/AML.T0000.000",
"external_id": "AML.T0000.000"
}
],
"id": "attack-pattern--a17a1941-ca02-4273-9d7f-d864ea122bdb",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-atlas",
"phase_name": "reconnaissance"
}
],
"modified": "2021-05-13T00:00:00.000Z",
"name": "Journals and Conference Proceedings",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"ATLAS"
]
}
To return all Sub-technique objects:
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "attack-pattern"
AND doc.x_mitre_is_subtechnique == true
LET keys = ATTRIBUTES(doc)
LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
RETURN KEEP(doc, filteredKeys)
39 results in v4.7.0.
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "attack-pattern"
AND doc.x_mitre_is_subtechnique == true
RETURN doc.name
[
"Journals and Conference Proceedings",
"Pre-Print Repositories",
"Technical Blogs",
"Datasets",
"Models",
"Adversarial ML Attack Implementations",
"Software Tools",
"Adversarial ML Attacks",
"ML Development Workspaces",
"Consumer Hardware",
"Hardware",
"ML Software",
"Data",
"Model",
"Train Proxy via Gathered ML Artifacts",
"Train Proxy via Replication",
"Use Pre-Trained Model",
"Unsafe ML Artifacts",
"Poison ML Model",
"Inject Payload",
"Infer Training Data Membership",
"Invert ML Model",
"Extract ML Model",
"White-Box Optimization",
"Black-Box Optimization",
"Black-Box Transfer",
"Manual Modification",
"Insert Backdoor Trigger",
"Financial Harm",
"Reputational Harm",
"Societal Harm",
"User Harm",
"ML Intellectual Property Theft",
"Direct",
"Indirect",
"Spearphishing via Social Engineering LLM",
"Malicious Package",
"Domains",
"Physical Countermeasures"
]
To see what Sub-technique objects are linked to/from;
LET attack_pattern_ids = (
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "attack-pattern"
AND doc.x_mitre_is_subtechnique == true
RETURN doc.id
)
FOR doc IN mitre_atlas_edge_collection
FILTER (CONTAINS(doc.source_ref, "attack-pattern") OR CONTAINS(doc.target_ref, "attack-pattern"))
AND (doc.source_ref IN attack_pattern_ids OR doc.target_ref IN attack_pattern_ids)
AND doc._stix2arango_note == "v4.7.0"
LET source_ref_prefix = SPLIT(doc.source_ref, "--")[0]
LET target_ref_prefix = SPLIT(doc.target_ref, "--")[0]
RETURN DISTINCT {
"relationship_type": doc.relationship_type,
"source_ref_object_type": source_ref_prefix,
"target_ref_object_type": target_ref_prefix,
"_is_ref": doc._is_ref
}
ATLAS object Mitigation = STIX object course-of-action
Mitigations represent security concepts and classes of technologies that can be used to prevent a technique or sub-technique from being successfully executed.
https://attack.mitre.org/mitigations/
Mitigations have IDs in format: AML.MNNNN
For example, Mitigation AML.M0000 - Limit Public Release of Information: https://atlas.mitre.org/mitigations/AML.M0000
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "course-of-action"
AND IS_ARRAY(doc.external_references)
LET matchingExtRefs = (
FOR extRef IN doc.external_references
FILTER extRef.external_id == "AML.M0000"
RETURN extRef
)
FILTER LENGTH(matchingExtRefs) > 0
LET keys = ATTRIBUTES(doc)
LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
RETURN KEEP(doc, filteredKeys)
[
{
"created": "2023-04-12T00:00:00.000Z",
"description": "Limit the public release of technical information about the machine learning stack used in an organization's products or services. Technical knowledge of how machine learning is used can be leveraged by adversaries to perform targeting and tailor attacks to the target system. Additionally, consider limiting the release of organizational information - including physical locations, researcher names, and department structures - from which technical details such as machine learning techniques, model architectures, or datasets may be inferred.",
"external_references": [
{
"source_name": "mitre-atlas",
"url": "https://atlas.mitre.org/mitigations/AML.M0000",
"external_id": "AML.M0000"
}
],
"id": "course-of-action--40076545-e797-4508-a294-943096a12111",
"modified": "2024-10-01T00:00:00.000Z",
"name": "Limit Public Release of Information",
"spec_version": "2.1",
"type": "course-of-action"
}
]
To return all Mitigation objects:
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "course-of-action"
LET keys = ATTRIBUTES(doc)
LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
RETURN KEEP(doc, filteredKeys)
26 results in v4.7.0.
FOR doc IN mitre_atlas_vertex_collection
FILTER doc._stix2arango_note == "v4.7.0"
AND doc.type == "course-of-action"
RETURN doc.name
[
"Limit Public Release of Information",
"Limit Model Artifact Release",
"Passive ML Output Obfuscation",
"Model Hardening",
"Restrict Number of ML Model Queries",
"Control Access to ML Models and Data at Rest",
"Use Ensemble Methods",
"Sanitize Training Data",
"Validate ML Model",
"Use Multi-Modal Sensors",
"Input Restoration",
"Restrict Library Loading",
"Encrypt Sensitive Information",
"Code Signing",
"Verify ML Artifacts",
"Adversarial Input Detection",
"Vulnerability Scanning",
"Model Distribution Methods",
"User Training",
"Control Access to ML Models and Data in Production",
"Generative AI Guardrails",
"Generative AI Guidelines",
"Generative AI Model Alignment",
"AI Bill of Materials",
"AI Telemetry Logging",
"Maintain AI Dataset Provenance"
]
To see what course-of-action objects are linked to/from;
FOR doc IN mitre_atlas_edge_collection
FILTER CONTAINS(doc.source_ref, "course-of-action")
OR CONTAINS(doc.target_ref, "course-of-action")
AND doc._stix2arango_note == "v4.7.0"
LET source_ref_prefix = SPLIT(doc.source_ref, "--")[0]
LET target_ref_prefix = SPLIT(doc.target_ref, "--")[0]
RETURN DISTINCT {
"relationship_type": doc.relationship_type,
"source_ref_object_type": source_ref_prefix,
"target_ref_object_type": target_ref_prefix,
"_is_ref": doc._is_ref
}
ATLAS Case Studies
ATLAS case studies demonstrate AI attacks on production systems.
Unfortunately, ATLAS case-studies are not represented as STIX objects.
Introducing CTI Butler…
If you don’t want to work directly with a database, CTI Butler stores all versioned ATLAS STIX data in a graph format, all accessible via API with rich filtering options.
Here are some basic examples of what is possible…
Get a specific object by ID
curl -X 'GET' \
'http://api.ctibutler.com/v1/atlas/objects/?atlas_id=AML.TA0002' \
-H 'accept: application/json' \
-H 'API-KEY: REDACTED'
{
"page_size": 50,
"page_number": 1,
"page_results_count": 1,
"total_results_count": 1,
"objects": [
{
"created": "2024-10-29T21:59:42.801158Z",
"description": "The adversary is trying to gather information about the machine learning system they can use to plan future operations.\n\nReconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting.\nSuch information may include details of the victim organizations' machine learning capabilities and research efforts.\nThis information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to obtain relevant ML artifacts, targeting ML capabilities used by the victim, tailoring attacks to the particular models used by the victim, or to drive and lead further Reconnaissance efforts.\n",
"external_references": [
{
"source_name": "mitre-atlas",
"url": "https://atlas.mitre.org/tactics/AML.TA0002",
"external_id": "AML.TA0002"
}
],
"id": "x-mitre-tactic--9ceaa8fe-57f1-4923-a4a5-121b5111139c",
"modified": "2024-10-29T21:59:42.801158Z",
"name": "Reconnaissance",
"spec_version": "2.1",
"type": "x-mitre-tactic",
"x_mitre_shortname": "reconnaissance"
}
]
}
Or search by name;
curl -X 'GET' \
'http://api.ctibutler.com/v1/atlas/objects/?atlas_id=&name=ML' \
-H 'accept: application/json' \
-H 'API-KEY: REDACTED'
{
"page_size": 50,
"page_number": 1,
"page_results_count": 33,
"total_results_count": 33,
"objects": [
{
"created": "2024-10-29T22:00:02.926756Z",
"description": "The adversary is attempting to gain some level of access to a machine learning model.\n\nML Model Access enables techniques that use various types of access to the machine learning model that can be used by the adversary to gain information, develop attacks, and as a means to input data to the model.\nThe level of access can range from the full knowledge of the internals of the model to access to the physical environment where data is collected for use in the machine learning model.\nThe adversary may use varying levels of model access during the course of their attack, from staging the attack to impacting the target system.\n\nAccess to an ML model may require access to the system housing the model, the model may be publically accessible via an API, or it may be accessed indirectly via interaction with a product or service that utilizes ML as part of its processes.\n",
"external_references": [
{
"source_name": "mitre-atlas",
"url": "https://atlas.mitre.org/tactics/AML.TA0000",
"external_id": "AML.TA0000"
}
],
"id": "x-mitre-tactic--2666e534-bf47-4656-9404-e90afe41f4a7",
"modified": "2024-10-29T22:00:02.926756Z",
"name": "ML Model Access",
"spec_version": "2.1",
"type": "x-mitre-tactic",
"x_mitre_shortname": "ml-model-access"
},
{
"created": "2024-10-29T22:00:56.286475Z",
"description": "The adversary is leveraging their knowledge of and access to the target system to tailor the attack.\n\nML Attack Staging consists of techniques adversaries use to prepare their attack on the target ML model.\nTechniques can include training proxy models, poisoning the target model, and crafting adversarial data to feed the target model.\nSome of these techniques can be performed in an offline manner and are thus difficult to mitigate.\nThese techniques are often used to achieve the adversary's end goal.\n",
"external_references": [
{
"source_name": "mitre-atlas",
"url": "https://atlas.mitre.org/tactics/AML.TA0001",
"external_id": "AML.TA0001"
}
],
"id": "x-mitre-tactic--528bc2da-8855-44c0-9e45-ab92c179bf6f",
"modified": "2024-10-29T22:00:56.286475Z",
"name": "ML Attack Staging",
"spec_version": "2.1",
"type": "x-mitre-tactic",
"x_mitre_shortname": "ml-attack-staging"
},
{
You can play with CTI Butler web here.
CTI Butler
One API. Much CTI. CTI Butler is the API used by the world's leading cyber-security companies.
Discuss this post
Head on over to the dogesec community to discuss this post.
Never miss an update
Sign up to receive new articles in your inbox as they published.