One of the challenges for AI security researchers is to find vulnerabilities in existing defenses. This is what one of the most interesting studies of February 2021 is devoted to.
Facial recognition technology that has become widespread in almost all spheres of human activity – from surveillance cameras to financial and payment management. Deep neural facial recognition models work with a huge amount of critical data and the issue of their resistance to attacks is especially acute. Recently, the new Fawkes system was presented aiming to neutralize privacy threats. The method was based on uploading cloaked user images instead of the original ones.
Therefore, in order to further explore this issue, the researchers suggest Oriole, a neural-based system that has the advantages of both data poisoning attacks and evasion attack and makes attack models insensitive to the defense of Fawkes. The Oriole method is based on making the most relevant multi-cloaks based on the leaked photos and putting them into the training data during the training phase. After that, uncloaked images are cloaked with Fawkes and then fed into the victim model. In their study, the researchers discuss the main vulnerabilities of Fawkes as well as the ways it becomes possible to make the system indifferent to it.
Deep Neural Networks are widely used across almost all the domains of human activity including the security-sensitive ones. The depressing fact is that DNs are vulnerable to Neural Trojan (NT) attacks. The essence of the attacks is that they are controlled and activated by the hidden trigger, and such a vulnerable model is called adversarial artificial intelligence. There have been earlier studies devoted to the detection of DNN Trojans based on stimulating the victim model to incorrect outputs, but the effectiveness of such methods was not high enough.
In this work, researchers aimed to come up with a robust Trojan detection scheme. This should be able to detect if a pre-trained model has been affected by Trojan before it is deployed. TAD is the first trigger approximation based Trojan detection framework. The investigated method is based on the opinion that the pixel trigger normally has spatial dependency which allows you to quickly produce a search of the trigger in the input space as well as finding Trojans embedded in the feature space with special filter transformations implied for theTrojan activation.
Autonomous systems, for example self-driving cars or robots, are potentially one of the main targets of adversarial patch attacks. These are mostly performed via the perception component of the device and the consequences of such attacks can be critical. When it comes to safety-critical, these often have a fail-safe fallback component aiming to enhance robustness against patches with high performance on clean inputs. The research presents BAGCERT combining high accuracy, clean performance, efficient inference, and end-to-end training for robustness against patches of different sizes and locations.
The introduction of regulations and standardizations is one of the most important steps towards safe, secure and ethical AI CTA intros new trustworthiness standard for healthcare AI Healthcare IT News, ...
