Skip to content

Latest commit

 

History

History
46 lines (32 loc) · 3.2 KB

attack-tree.md

File metadata and controls

46 lines (32 loc) · 3.2 KB

Attack Tree Analysis for fluxml/flux.jl

Objective: Exfiltrate Data or Manipulate Model Output

Attack Tree Visualization

                                 Exfiltrate Data or Manipulate Model Output
                                                /       |       \
                                               /        |        \
                                              /         |         \
                                             /          |          \

| | | | 1. Compromise Model Training/Inference | 2. Exploit Flux.jl Library Vulnerabilities | 3. Inject Malicious Model/Weights |

| / | \ | / \ | / | | / | \ | / \ | / | | / | \ | / \ | / |

| 1.1 | | 1.3 | | | 2.2 | 2.4 | 3.1 | | |Data | |Evasion | | |Deser- |Untrusted |Pre- | | |Pois-| |Attacks | | |ializ- |Input |trained| | |oning| | [CRIT] | | |ation |Handling |Model | | | [CRIT] | | | | [CRIT] | [CRIT] | [CRIT] | |

Attack Tree Path: Data Poisoning -> Model Output Manipulation

1 -> 1.1

Attack Tree Path: Evasion Attack -> Model Output Manipulation

1 -> 1.3

Attack Tree Path: Pre-trained Malicious Model -> Data Exfiltration/Output Manipulation

3 -> 3.1

Attack Tree Path: Untrusted Input Handling -> Code Injection/Data Exfiltration/Output Manipulation

2 -> 2.4 -> (Further exploitation)

Attack Tree Path: Deserialization Vulnerability -> Code Injection/Data Exfiltration/Output Manipulation

2 -> 2.2 -> (Further exploitation)