目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-1039 自动识别机制在检测或处理对抗性输入扰动时能力不足 类漏洞列表 3

CWE-1039 自动识别机制在检测或处理对抗性输入扰动时能力不足 类弱点 3 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1039指自动化识别机制(如机器学习模型)在处理对抗性输入扰动时存在检测或处理不足。攻击者通过精心构造微小修改的输入(如图像或音频),诱导系统产生错误分类或识别结果。开发者需通过引入对抗训练、输入验证及异常检测机制,增强模型鲁棒性,确保其在面对恶意扰动时仍能保持准确识别,从而有效防范此类安全漏洞。

MITRE CWE 官方描述
CWE:CWE-1039 自动识别机制中对对抗性输入扰动的检测或处理不足 英文:该产品使用机器学习等自动机制,将复杂的数据输入(例如图像或音频)识别为特定的概念或类别,但未能正确检测或处理那些经过修改或构造的输入,这些输入会导致该机制检测到不同的、错误的概念。 当使用机器学习等技术对输入流进行自动分类,且这些分类结果用于安全关键决策时,分类中的任何错误都可能引入漏洞,使攻击者能够导致产品做出错误的安全决策或破坏自动识别机制的服务。如果该机制在开发或“训练”过程中使用的输入数据不足,或者未经过充分的测试和评估,攻击者便可能构造恶意输入以故意触发错误的分类。目标技术包括但不限于:自动语音识别、自动图像识别、自动网络防御、聊天机器人、大语言模型(LLMs)、生成式人工智能。例如,攻击者可能会修改路标或路面标记,以欺骗自动驾驶车辆误读标志/标记并执行危险操作。另一个例子是攻击者构造高度特定且复杂的提示词,以“越狱”聊天机器人,从而绕过安全或隐私机制,这更为人熟知的形式是提示注入攻击(prompt injection attacks)。
常见影响 (4)
IntegrityBypass Protection Mechanism
When the automated recognition is used in a protection mechanism, an attacker may be able to craft inputs that are misinterpreted in a way that grants excess privileges.
AvailabilityDoS: Resource Consumption (Other), DoS: Instability
There could be disruption to the service of the automated recognition system, which could cause further downstream failures of the software.
ConfidentialityRead Application Data
This weakness could lead to breaches of data privacy through exposing features of the training data, e.g., by using membership inference attacks or prompt injection attacks.
OtherVaries by Context
The consequences depend on how the application applies or integrates the affected algorithm.
缓解措施 (5)
Architecture and DesignAlgorithmic modifications such as model pruning or compression can help mitigate this weakness. Model pruning ensures that only weights that are most relevant to the task are used in the inference of incoming data and has shown resilience to adversarial perturbed data.
Architecture and DesignConsider implementing adversarial training, a method that introduces adversarial examples into the training data to promote robustness of algorithm at inference time.
Architecture and DesignConsider implementing model hardening to fortify the internal structure of the algorithm, including techniques such as regularization and optimization to desensitize algorithms to minor input perturbations and/or changes.
ImplementationConsider implementing multiple models or using model ensembling techniques to improve robustness of individual model weaknesses against adversarial input perturbations.
ImplementationIncorporate uncertainty estimations into the algorithm that trigger human intervention or secondary/fallback software when reached. This could be when inference predictions and confidence scores are abnormally high/low comparative to expected model performance.
CVE ID标题CVSS风险等级Published
CVE-2025-3578 AiDex 安全漏洞 — AiDex 8.1AIHighAI2025-04-15
CVE-2025-26644 Microsoft Windows Hello 安全漏洞 — Windows 10 Version 1809 5.1 Medium2025-04-08
CVE-2023-20071 Cisco Firepower Threat Defense 安全漏洞 — Cisco Firepower Threat Defense Software 5.8 Medium2023-11-01

CWE-1039(自动识别机制在检测或处理对抗性输入扰动时能力不足) 是常见的弱点类别,本平台收录该类弱点关联的 3 条 CVE 漏洞。