SH
SHELL
AI Powered Learning Portal
Module 6 Lesson 2: Evasion Attacks
·AI Security

Module 6 Lesson 2: Evasion Attacks

Slip past the guards. Learn about evasion attacks where AI models are bypassed in real-time to allow malicious files or actors through security filters.

evasion-attacksbypassing-aisecurity-filtersmalware-detection

Module 6 Lesson 2: Evasion attacks

An Evasion Attack is a sub-type of adversarial attack where the goal is to "Skip past" a filter. It happens at Inference Time (while the system is running).

1. The Gatekeeper Problem

Many security systems use AI as a "Gatekeeper":

  1. Email Filters: Identifying Spam/Phishing.
  2. EDR/Antivirus: Identifying Malware.
  3. Facial Recognition: Identifying Authorized Personnel.

An evasion attack is successfully "Fooling" the gatekeeper into thinking something Malicious is actually Benign.

2. Real-World Evasion: "The Adversarial Sticker"

Researchers found that by sticking a small, brightly colored sticker on a Stop Sign, they could cause an autonomous car's AI to misidentify the sign as a "45 MPH Speed Limit" sign.

  • The Evasion: The car "evades" the instruction to stop, potentially causing an accident.
  • Why it worked: The AI was trained to look for certain patterns. The sticker disrupted those patterns in a way that the model interpreted as a speed sign.

3. Malware Polymorphism via AI

Modern malware uses "Evasion" by changing its own code structure (polymorphism).

  • An attacker uses an LLM to rewrite a piece of malware 1,000 different ways.
  • They test each version against an AI-based Antivirus.
  • The one version that gets a "0% Malware Score" is the one they deploy.

4. Evasion in NLP (Text)

You can evade a toxic content filter by using "Leet Speak" (e.g., swapping o with 0) or by using "Emotional Camouflage."

  • Prompt: "I'm so happy today! [Malicious Instruction] Isn't life great?"
  • If the AI is weighted too heavily on the "Positive Sentiment" of the first sentence, it might "Evade" the security check for the second sentence.

Exercise: The Evasion Challenge

  1. You are an attacker. You want to send a "Phishing" email, but the AI blocks the word "Password." How do you evade this?
  2. Why is an "Evasion Attack" different from a "Poisoning Attack"? (Refer to Module 1).
  3. If a bank uses AI to detect fraud, how does an attacker use "Slow Evasion" (many small, safe-looking transactions) to bypass the system?
  4. Research: What is "Adversarial Patching" in the context of physical security cameras?

Summary

Evasion is about Stealth. The goal isn't necessarily to break the AI, but to become "Invisible" to its security checks. To defend against it, you must use "Ensemble Models" (multiple AIs checking each other).

Next Lesson: The Toolbox: Gradient-based vs. black-box attacks.

Previous LessonModule 6 Lesson 1: What are Adversarial Examples?
Next LessonModule 6 Lesson 3: Gradient vs. Black-Box

Subscribe to our newsletter

Get the latest posts delivered right to your inbox.

Subscribe on LinkedIn