CWE-1039Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism

PUBLISHEDweakness record
released 2018-03-29 · last modified 2026-04-30

Metadata

CWE ID:
CWE-1039
摘要:
Class
结构:
Simple
状态:
Incomplete
发布日期:
2018-03-29
更新日期:
2026-04-30

名称

Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism

描述

The product uses an automated mechanism such as machine learning to recognize complex data inputs (e.g. image or audio) as a particular concept or category, but it does not properly detect or handle inputs that have been modified or constructed in a way that causes the mechanism to detect a different, incorrect concept.

When techniques such as machine learning are used to automatically classify input streams, and those classifications are used for security-critical decisions, then any mistake in classification can introduce a vulnerability that allows attackers to cause the product to make the wrong security decision or disrupt service of the automated mechanism. If the mechanism is not developed or "trained" with enough input data or has not adequately undergone test and evaluation, then attackers may be able to craft malicious inputs that intentionally trigger the incorrect classification. Targeted technologies include, but are not necessarily limited to: For example, an attacker might modify road signs or road surface markings to trick autonomous vehicles into misreading the sign/marking and performing a dangerous action. Another example includes an attacker that crafts highly specific and complex prompts to "jailbreak" a chatbot to bypass safety or privacy mechanisms, better known as prompt injection attacks.

常见后果

范围:
Integrity
影响:
Bypass Protection Mechanism
注释:
When the automated recognition is used in a protection mechanism, an attacker may be able to craft inputs that are misinterpreted in a way that grants excess privileges.
范围:
Availability
影响:
DoS: Resource Consumption (Other), DoS: Instability
注释:
There could be disruption to the service of the automated recognition system, which could cause further downstream failures of the software.
范围:
Confidentiality
影响:
Read Application Data
注释:
This weakness could lead to breaches of data privacy through exposing features of the training data, e.g., by using membership inference attacks or prompt injection attacks.
范围:
Other
影响:
Varies by Context
注释:
The consequences depend on how the application applies or integrates the affected algorithm.

相关 CWE