Towards trusted AI Week 10 – fooling AI with a simple sticker

Secure AI Weekly admin todayMarch 15, 2021 73

Background
share close

It turns out that even complex systems can sometimes be deceived with an ordinary pen and paper


OpenAI’s state-of-the-art machine vision AI is fooled by handwritten notes

The Verge, March 8, 2021

A team from the OpenAI Machine Learning Lab found that their famous computer vision system can be tricked with just the most common objects – a piece of paper and a pen.

As it turned out, a very simple attack can be made by writing a certain name of an object and sticking it on another object. The researchers themselves call this typographic attacks, in which the system recognizes one object after another by such simple manipulations. The principle of operation of such an attack is similar to the adversarial images aimed at commercial machine vision systems, with the exception that the attack with paper and pen is much easier to perform. According to the researchers, there is no need to worry about this attack, as it is possible thanks to CLIP’s unusual machine learning architecture, used in one of the experimental systems of the company.

Algorithm helps artificial intelligence systems dodge “adversarial” inputs

MIT News, March 8, 2021

The work of smart systems is directly related to the processing of incoming information. Unfortunately, such input information is not always reliable. An image modified in an adversarial attack by just a few pixels invisible to the human eye can radically affect the behavior of an autonomous vehicle.

A new deep learning algorithm presented by MIT researchers is designed to help autonomous vehicles navigate their surroundings while developing healthy skepticism for all incoming data in them. As part of the research, the specialists used both a reinforcement learning algorithm and a deep neural network. Both of them were implemented in computer training while playing Go and chess video games. As a result, the team has built an approach dubbed CARRL, which stands for Certified Adversarial Robustness for Deep Reinforcement Learning.

“You often think of an adversary being someone who’s hacking your computer, but it could also just be that your sensors are not great, or your measurements aren’t perfect, which is often the case. Our approach helps to account for that imperfection and make a safe decision. In any safety-critical domain, this is an important approach to be thinking about,” commented Michael Everett, a postdoc in MIT’s Department of Aeronautics and Astronautics (AeroAstro). 

 

Written by: admin

Rate it
Previous post