At a Glance – Adversarial Attacks

Fooling even the most sophisticated AI

No machine learning algorithm is perfect. Whilst the margin of error might be tiny, any computer which uses such algorithms sometimes makes mistakes. Even Google isn’t immune. Earlier this month, research conducted by a team of students from MIT showed that Google’s neural network could be tricked into misidentifying a 3D printed turtle as a gun. The group used a hacking technique known as an adversarial attack, altering the image that the software received. In other words, an adversarial attack is a smokescreen for computers.

There are two types of adversarial attacks. Non-targeted attacks are designed to produce any kind of misidentified classification, whereas targeted adversarial attacks seek a specific wrong result. Both kinds of adversarial attack can be used to target any technology which employs machine learning algorithms. As more and more of society is structured around Artificial Intelligence, this could become a huge problem. If adversarial attacks can fool Google’s AI, they could easily confuse other artificially intelligent systems. What if your self driving car was suddenly made to ‘see’ a pedestrian, and swerved off of the road? As well as confusing autonomous technology, adversarial attacks can enable the sale of illegal items through mainstream e-commerce sites and trick filtering systems into accepting offensive or banned content.

Although adversarial attacks have the potential to affect all of us, they’re currently limited in scope. However, as developments in AI make intelligent technology more commonplace, this could soon change. At the moment, developers have yet to find a way around adversarial attacks. Finding a solution is vital to the adoption of reliable, trustworthy AI.