V.I. Budzko1, V.G. Belenkov2, V.I. Korolev3, D.A. Melikov4
1–4 FRC CSC RAS (Moscow, Russia)
1 National Research Nuclear University MEPhI (Moscow, Russia)
4 Financial University under the Government of the Russian Federation (Moscow, Russia)
1 vbudzko@ipiran.ru, 2 vbelenkov@ipiran.ru, 3 vkorolev@ ipiran.ru, 4 mda-17@yandex.ru
The current stage of development of Russian society is characterized by the digital transformation of all its spheres, including economics, science, healthcare, education, culture, etc. One of the directions of such transformation is the widespread use of artificial intelligence technologies (AIT). AIT have a significant potential to transform society and people's lives – from trade and healthcare to transport and cybersecurity, as well as the environment. At the same time, AIT entail risks of managing information security (IS), which can negatively affect individuals, groups, organizations, sectors of the economy and society as a whole.
The article analyzes additional features of managing automated systems (AS) IS of due to their use of the capabilities of AIT and multilayer neural networks (MNN). The characteristic features of the threats associated with the training and testing of MNN and influencing the AIT-risks for such AS are also identified.
The paper presents a classification of AS security threats using vulnerabilities specific to the MNN. The features that have a significant impact on the way AIT-risks are implemented when using software components using and not using MNN are determined.
The article defines the features of managing AS information security due to their use of the capabilities of AIT and MNN, which must be taken into account when developing, implementing and operating such AS.
Budzko V.I., Belenkov V.G., Korolev V.I., Melikov D.A. About the features of managing the security of automated systems that include neural network technologies. Highly Available Systems. 2023. V. 19. № 3. P. 5−17. DOI: https://doi.org/ 10.18127/j20729472-202303-01 (in Russian)
- ISO/IEC 22989:2022 «Information technology – Artificial intelligence – Artificial intelligence con-cepts and terminology», 2022.
- Uorr K. Nadezhnost' nejronnyh setej: ukreplyaem ustojchivost' II k obmanu. SPb.: Piter. 2021. 272 s. (Seriya «Bestsellery O’Reilly») (in Russian).
- ETSI GR SAI 004: «Securing Artificial Intelligence (SAI). Problem Statement». 2020.
- ETSI GR SAI 005: «Securing Artificial Intelligence (SAI). Mitigation Strategy Report». 2021.
- GOST R ISO/MEK 27005–2010. «Informacionnaya tekhnologiya. Metody i sredstva obespeche-niya bezopasnosti. Menedzhment riska informacionnoj bezopasnosti» (in Russian).
- GOST R 50922-2006. «Zashchita informacii. Osnovnye terminy i opredeleniya» (in Russian).
- GOST R 59709-2022. «Zashchita informacii. Upravlenie komp'yuternymi incidentami. Ter-miny i opredeleniya» (in Russian).
- NIST AI 100-2e2023 IPD «Adversarial Machine Learning. A Taxonomy and Terminology of At-tacks and Mitigations», 2023.
- GOST R MEK 62628-2021, «Nadezhnost' v tekhnike. Rukovodstvo po obespecheniyu nadezhnosti programmnogo obespecheniya» (in Russian).
- GOST 27.002-2015. «Nadezhnost' v tekhnike. Terminy i opredeleniya» (in Russian).
- NIST SP 1270 (2022) «Towards a Standard for Identifying and Managing Bias in Artificial Intelli-gen¬ce», 2022.
- NIST AI 100-1 «Artificial Intelligence Risk Management Framework (AI RMF 1.0)». 2023.