Skip to content

V2: Model Security — MLASVS-MODEL

Overview

Model security addresses attacks that target the trained model itself. These include adversarial evasion (manipulating inputs to cause misclassification), extraction (stealing model parameters or behavior), inversion (reconstructing training data), and backdoor/trojan attacks (hidden malicious behaviors).

Key Threats

Threat MITRE ATLAS MLASWE Reference
Adversarial evasion AML.T0010 MLASWE-0001
Model extraction AML.T0024.002 MLASWE-0003
Model inversion AML.T0018 MLASWE-0004
Membership inference AML.T0018 MLASWE-0005
Backdoor/trojan attack AML.T0020 MLASWE-0007
Model denial of service AML.T0029 MLASWE-0008

Subcategories

MODEL-1: Adversarial Robustness (Controls MODEL-001, MODEL-002, MODEL-003, MODEL-010, MODEL-012, MODEL-016, MODEL-017, MODEL-024, MODEL-025, MODEL-026, MODEL-027, MODEL-028, MODEL-029)

Testing and hardening against evasion attacks using perturbation-based inputs.

MODEL-2: Extraction Prevention (Controls MODEL-004, MODEL-005, MODEL-006, MODEL-018, MODEL-023)

Preventing adversaries from stealing model behavior or parameters.

MODEL-3: Inversion & Privacy (Controls MODEL-009, MODEL-011, MODEL-013, MODEL-019, MODEL-020)

Preventing adversaries from inferring training data from model outputs.

MODEL-4: Backdoor Detection (Controls MODEL-021, MODEL-022)

Detecting hidden malicious behaviors injected during training.

MODEL-5: Model Integrity (Controls MODEL-007, MODEL-008, MODEL-014, MODEL-015, MODEL-030)

Ensuring models are authentic, untampered, and properly versioned.

Control Inventory

L1 Controls (15)

ID Control MITRE ATLAS Test Ref
MODEL-001 Adversarial robustness testing AML.T0015 TEST-MODEL-001
MODEL-002 Input perturbation limits AML.T0015 TEST-MODEL-001
MODEL-003 Model input validation AML.T0043 TEST-MODEL-001
MODEL-004 Output confidence calibration AML.T0024.001 TEST-MODEL-002
MODEL-005 API rate limiting AML.T0024.002 TEST-MODEL-002
MODEL-006 Access control on model endpoints AML.TA0002 TEST-MODEL-002
MODEL-007 Model versioning AML.TA0006 TEST-MODEL-005
MODEL-008 Model signing AML.TA0006 TEST-MODEL-005
MODEL-009 Inference logging AML.TA0009 TEST-MODEL-003
MODEL-010 Anomalous input detection AML.T0015 TEST-MODEL-001
MODEL-011 Output sanitization AML.T0024.001 TEST-MODEL-003
MODEL-012 Resource limits on inference AML.T0029 TEST-MODEL-001
MODEL-013 Model behavior monitoring AML.T0018 TEST-MODEL-003
MODEL-014 Secure model serialization AML.TA0002 TEST-MODEL-005
MODEL-015 Model rollback capability AML.TA0006 TEST-MODEL-005

L2 Controls (15)

ID Control MITRE ATLAS Test Ref
MODEL-016 Certified adversarial robustness AML.T0015 TEST-MODEL-001
MODEL-017 Robustness certification (provable bounds) AML.T0015 TEST-MODEL-001
MODEL-018 Extraction resistance validation AML.T0024.002 TEST-MODEL-002
MODEL-019 Differential privacy in model AML.T0024.000 TEST-MODEL-003
MODEL-020 Membership inference prevention AML.T0024.000 TEST-MODEL-003
MODEL-021 Backdoor detection validation AML.T0020 TEST-MODEL-004
MODEL-022 Trojan detection AML.T0020 TEST-MODEL-004
MODEL-023 Model watermarking AML.T0024.002 TEST-MODEL-002
MODEL-024 Adversarial training validation AML.T0015 TEST-MODEL-001
MODEL-025 Feature squeezing validation AML.T0015 TEST-MODEL-001
MODEL-026 Model ensemble diversity AML.T0015 TEST-MODEL-001
MODEL-027 Certified defense mechanisms AML.T0015 TEST-MODEL-001
MODEL-028 Red team exercise completion AML.TA0001 TEST-MODEL-001
MODEL-029 Continuous adversarial retesting AML.T0015 TEST-MODEL-001
MODEL-030 Model provenance attestation AML.TA0006 TEST-MODEL-005