Ares: A System-Oriented Wargame Framework for Adversarial ML

TL;DR

Ares is a system-oriented framework that models adversarial machine learning as a wargame, enabling realistic evaluation of attacks and defenses through reinforcement learning agents and system-level metrics.

Contribution

This paper introduces Ares, a novel evaluation framework that simulates adversarial ML as a competitive environment with system-level metrics and complex strategies.

Findings

White-box attacker successfully compromised adversarially trained defender

Ares enables analysis of attack-defense dynamics in a realistic setting

Framework supports evaluation of moving target defenses

Abstract

Since the discovery of adversarial attacks against machine learning models nearly a decade ago, research on adversarial machine learning has rapidly evolved into an eternal war between defenders, who seek to increase the robustness of ML models against adversarial attacks, and adversaries, who seek to develop better attacks capable of weakening or defeating these defenses. This domain, however, has found little buy-in from ML practitioners, who are neither overtly concerned about these attacks affecting their systems in the real world nor are willing to trade off the accuracy of their models in pursuit of robustness against these attacks. In this paper, we motivate the design and implementation of Ares, an evaluation framework for adversarial ML that allows researchers to explore attacks and defenses in a realistic wargame-like environment. Ares frames the conflict between the attacker and defender as two agents in a reinforcement learning environment with opposing objectives. This allows the introduction of system-level evaluation metrics such as time to failure and evaluation of complex strategies such as moving target defenses. We provide the results of our initial exploration involving a white-box attacker against an adversarially trained defender.