Will Knight reports in MIT Technology Review:
Almost anything bad you can think of doing to a machine-learning model can be done right now. And defending it is really, really hard. Researchers have demonstrated various ways in which machine-learning programs could be manipulated by exploiting their propensity to spot patterns in data. They are vulnerable, in part, because they lack actual intelligence.
The latest artificial-intelligence techniques are being adopted by companies at a blistering pace. Before long, hackers might start taking a closer look, too, and they could cause all sorts of trouble by tricking these systems with illusory data.
Speaking at a recent AI conference in Barcelona, Spain, Ian Goodfellow, a research scientist at OpenAI who has done pioneering work on deceiving machine-learning systems, said attacking the systems is easy. “Almost anything bad you can think of doing to a machine-learning model can be done right now,” he said. “And defending it is really, really hard.”
In the last few years, researchers have demonstrated various ways in which machine-learning programs could be manipulated by exploiting their propensity to spot patterns in data. They are vulnerable, in part, because they lack actual intelligence. For instance, it is possible to use a billboard to trick the vision systems on self-driving cars into seeing things that aren’t there. Inaudible signals can trick voice-controlled assistants into taking unwanted actions, like visiting a website and downloading a piece of malware.
Goodfellow and others are developing countermeasures. It is possible to train a machine-learning system to recognize and then ignore misleading examples. But it is tricky to protect against every possible assault.
Fooling machine-learning systems may become more than an academic exercise. “This is very real,” says Patrick McDaniel, a professor at Pennsylvania State University who has explored the issue. “Machine-learning systems are driving all kinds of functions that could be monetized by adversaries, and so organized and sophisticated attackers will embrace these attacks.”
McDaniel points out that hackers have been outwitting machine-learning systems for years. Spammers, for instance, have fed learning algorithms with false e-mails to enable spam messages to pass through later. He says it may not be long before more sophisticated attacks emerge.
“The first attacks will come very soon against online classification systems,” McDaniel says. This could include modern spam filters, systems designed to detect illicit or copyright material, and advanced machine-learning-based computer security systems.
A new paper suggests that the problem could be more widespread than previously known. It shows that certain deceptions can be reused against different machine-learning systems, or even against a large “black box” system about which an attacker does not have prior knowledge.
Bugs lurking in these popular machine-learning tools could provide another way to target them. New machine-learning tools are developing at a rapid pace, and are often released for free online before being employed in active services such as image recognition or natural language analysis tools.
Speaking at the same conference in Spain, Octavian Suciu, a PhD student at the University of Maryland, highlighted a number of such vulnerabilities in some popular tools. Suciu analyzed the source code for these programs, and he found it could be manipulated. He found problems with the way some tools store information in memory, meaning that feeding in a very large piece of data could overwrite part of the program, changing its behavior.
Suciu speculates that the approach could provide a handy way to manipulate, for example, a tool that offers stock predictions, which could then be used to short the market. “If [a model] tells you that the stock will go up, you could change the prediction to say that it would go down,” he says.
3 comments:
Are you looking for unique, custom photos of your site? Then let us help turn your site into the extra 'Wow!' yam. We provide one of the best responsive web design services in the United States, and our design experience is unique! Choose us to create your business card and company card. We can design your email newsletter and customize your social media pages to fit your website design. As experienced designers, our team of creative in the US provides you with the best products, no matter what you need. You have a new company web and a new website, but what about your design brochure? Yes - a well-designed guidebook can also play an important role in the marketing of your business. Whatever you want in your guide, we have our own design team available to design according to your needs. Of course, we can give some good examples of design that we have made for other customers.
The best services in the UK include specific services that guarantee high efficiency, timely delivery and value for money, with a promise of a high level of dedication. Only Crowd Content can offer this exceptional service that we strive to meet the expectations of our valued customers. So contact us to get previous experience.
Toll Coffee Roasting also appreciates input from its customers. They welcome feedback from patrons regarding their roasting profiles, flavor preferences, and coffee selections. They can improve their products and guarantee that clients obtain coffee that suits their tastes thanks to this feedback loop.
Post a Comment