Tech

New AI model can help prevent costly and damaging data breaches


WHO

Credit: Public Domain Pixabay / CC0

Royal privacy experts have created an AI algorithm that automatically checks privacy protection systems for potential data leaks.

This is the first time that AI has been used to automatically detect vulnerabilities in this type of system, examples of which are used by Google Maps and Facebook.

Experts, from Imperial’s Computational Privacy Group, looked at attacks on query-based systems (QBS)—controlled interfaces through which analysts can query data to extract useful aggregate information about the world. They then developed a new AI-powered method called QuerySnout to detect attacks on QBS.

QBS provides analysts with access to a collection of statistics gathered from individual-level data such as location and demographics. They’re currently used in Google Maps to show live information about how busy an area is, or in Facebook’s Audience Measurement feature to estimate audience size in a location or demographic. specifically to help promote advertising.

In their new study, published as part of the 29th ACM Conference on Computer and Communications Security, the team included Ana Maria Cretu of the Institute of Data Science, Dr Florimond Houssiau, Dr Antoine Cully and Dr. Yves-Alexandre de Montjoye found that precision attacks against QBS can be easily detected automatically at the touch of a button.

According to senior author, Dr. Yves-Alexandre de Montjoye: “The attacks to date have been developed by hand using a high level of expertise. This means that it takes a long time to be discovered. vulnerabilities, putting systems at risk.

“QuerySnout has outperformed humans in detecting vulnerabilities in real-world systems.”

The need for query-based systems

Our ability to collect and store data has exploded over the past decade. While this data can help advance scientific advances, most of it is personal and therefore its use raises serious concerns about privacy, which is protected by legislation such as the European Union’s General Data Protection Regulation.

Thus, allowing data to be put to good use while preserving our fundamental right to privacy is an important and timely question for data scientists and privacy experts alike. private.

QBS has the potential to enable large-scale analysis of privacy-preserving anonymous data. In QBS, a manager retains control of the data and can therefore audit and review queries submitted by analysts to ensure that the responses returned do not reveal personal information about the data. individuals.

However, illegitimate attackers can bypass such systems by designing queries to infer personal information about specific people by exploiting vulnerabilities or implementation flaws of the system.

System check

The risk of unknown powerful “zero-day” attacks in which attackers took advantage of vulnerabilities in the system has stalled the development and deployment of QBS.

To test the robustness of these systems, in a manner similar to penetration testing in cybersecurity, data breach attacks can be simulated to detect information leaks and identify vulnerabilities. potential vulnerabilities.

However, manually designing and implementing these attacks against complex QBS is a difficult and lengthy process.

As a result, the researchers say, limiting the likelihood of strong attacks left unaddressed is essential to enable QBS to be usefully and securely deployed while maintaining privacy rights of individuals.

QuerySnout

The Imperial team has developed a new AI-powered method called QuerySnout, which works by learning what questions to ask the system to get answers. It then learns to combine responses automatically to detect potential security holes.

Using machine learning, the model can generate an attack that consists of a set of queries that combine responses to reveal a specific piece of personal information. The process is fully automated and uses a technique known as ‘evolutionary search’ that allows the QuerySnout model to discover the right sets of questions to ask.

This takes place in a ‘black box setup’ meaning that the AI ​​only needs to access the system but doesn’t need to know how the system works to detect vulnerabilities.

“We demonstrate that QuerySnout finds attacks more robust than those currently known on real-world systems,” said first co-author Ana-Maria Cretu. That means our AI model is better than humans at finding these attacks.”

Next step

For now, QuerySnout only tests some small functionality. According to Dr. de Montjoye, “The main challenge going forward will be to scale the search to a much larger number of functions to ensure it uncovers even the most advanced attacks. ”

Even so, this model could allow analysts to test how robust QBS is against different types of attackers. The development of QuerySnout represents an important step forward in ensuring individual privacy regarding query-based systems.

More information:
Talk: www.sigsac.org/ccs/CCS2022/

Quote: New AI model can help prevent costly and damaging data breach (2022, Nov 8) retrieved Nov 8, 2022 from https://techxplore.com/news/2022-11 -ai-costly-reaches.html

This document is the subject for the collection of authors. Apart from any fair dealing for personal study or research purposes, no part may be reproduced without written permission. The content provided is for informational purposes only.

news7f

News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button