How to Ensure Machine Learning Models Are Fake-Proof

[relemedf5w023]

Sergey Stelmakh | 04/21/2021
Alex Saad-Falcon
Alex Saad-Falcon
Machine learning (ML) models are not infallible. To prevent them from being exploited by attackers, researchers have developed various methods to make them more robust. Research engineer Alex Saad-Falcon explains how to protect neural networks from attacks on InformationWeek.

All neural networks are susceptible to “adversarial attacks,” where an attacker produces an example designed to fool the network. If successful, the attacker can exploit any system that uses a neural network. Fortunately, there are known techniques that can mitigate or even prevent this type of attack. As companies become more aware of the dangers of adversarial attacks, the field of adversarial ML is growing rapidly.

Facial recognition systems
Let's look at a small but illustrative example of how morocco mobile database vulnerabilities of face recognition systems (FRS) can be exploited.

With the increasing availability of big data sets for FRS projects, machine learning methods such as deep neural networks are becoming extremely attractive due to their ease of creation, training, and deployment. At the same time, FRS based on neural networks inherit their vulnerabilities. If left unchecked, FRS will be vulnerable to sPhysical attacks
The simplest and most obvious attack is a “presentation attack,” where the attacker simply shows a photo or video of a person—the intended victim—to the camera. The attacker can also use a realistic mask to fool the FRS. While such attacks can be quite effective, they are easily detected by third-party observers or operators.

A more subtle variant is the physical perturbation attack. To fool the FRS, the attacker wears something special, such as tinted glasses. Typically, the human will correctly classify the person, realizing that it is a stranger, while the FRS neural network can be fooled.

veral types of attacks.