How can we better protect ourselves from malicious deception of artificial intelligence

Automation, the process of minimizing the amount of human labor for the production and delivery of goods, has become an important part of our society since the industrial revolution. Thanks to automated systems, we can produce and deliver goods quickly and cheaply. As a result, prosperity has improved significantly in the last century.

In recent years, we have even taken it a step further by using artificially intelligent systems (AI systems) based on deep neural networks. Such AI systems make it possible to find precise solutions to complex problems.

“While neural networks, by exploiting large amounts of data, make it possible to tackle very complex challenges, they were recently discovered to have a serious security flaw, namely their vulnerability to hostile examples,” Utku said.

In this context, the term hostile examples refers to inputs made with malicious intent for the purpose of misleading automated decision-making systems.

Hostile examples are widely recognized as one of the biggest security flaws in neural networks. After all, it is challenging to distinguish real input from these hostile examples, especially in connection with images (eg biomedical images and radar images), «Utku continues.

“In my PhD, I studied the phenomenon of hostile specimens in more detail in the context of deep neural networks, paying particular attention to the following topics: (1) properties of hostile specimens, (2) hostile attacks on biomedical segmentation model images, (3) hostile attacks on models for recognizing human activity in radar images and (4) defense against enemy examples, ”explains Utku.

“More specifically, my research has led to the development of two new hostile attacks on machine learning models, as well as a new defense, and where these developments allow for a deeper understanding of the properties of hostile examples”

“Thanks to my research, we are one step closer to understanding hostile examples and addressing this vulnerability that threatens artificial intelligence systems,” Utku concludes.

Read a more comprehensive summary or the full PhD

PhD title: Dissemination of hostile examples in neural networks: attacks, defenses and opportunities

Contact: Utku Özbulak, Wesley De Neve, Arnout Van Messem

Utku Ozbulak (Izmir, Turkey, 1991) studied from 2009 to 2014 at Yasar University in Turkey, where he obtained a bachelor’s degree in computer science. Immediately after graduating, he started as a Business Intelligence consultant in Istanbul, where he worked for globally recognized companies such as The Coca Cola Company, Turkish Airlines and Bosch-Siemens Hausgeraete. After two years of industry experience, he decided to study for a master’s degree in computer science at the University of Southampton, UK, and graduated with honors in 2017. From September 2017, he continued his academic career at Ghent University with a view to obtaining a PhD degree. in Computer Science Engineering. He conducted doctoral research on the newly opened global campus of Ghent University in South Korea (in the Center for Biosystems and Biotechnology Computer Science) and the home campus of Ghent University in Belgium (in IDLab). His primary research focus has been on gaining a better understanding of hostile examples: carefully cured data points that force machine learning models to make mistakes during testing. As a doctoral researcher, he contributed to two published a1 journal publications, both as lead author, and to five published conference papers, four of which as lead author.

Editor: Jeroen Ongenae – Final Editor: Ilse Vercruysse – Illustrator: Roger Van Hecke

Leave a Comment