Artificial intelligence (AI) systems have become an integral part of our lives, from virtual assistants on our smartphones to powerful search engines. These AI systems are often built using artificial neural networks (ANN), which are inspired by the complex networks of neurons in the human brain. However, despite their remarkable capabilities, ANNs can sometimes be easily confused.
Researchers at the University of Tokyo Graduate School of Medicine, Jumpei Ukita and Professor Kenichi Ohki, have been studying the human brain alongside their work in computer science. Their deep understanding of the brain inspired them to explore how to improve the resilience of ANNs against adversarial attacks.
Adversarial attacks are attempts to manipulate a neural network by subtly altering input patterns. In some cases, an input that appears perfectly normal to us can be misinterpreted by an ANN. For example, an image-classifying system might mistake a cat for a dog, or a driverless car might misinterpret a stop signal.
Typically, defenses against adversarial attacks focus on introducing noise to the input layer of a neural network. However, Ukita and Ohki took a unique approach by adding noise not only to the input layer but also to deeper layers within the network. This concept, which they refer to as “feature-space adversarial examples,” involves misleading the network’s hidden layers with artifacts that intentionally lead to misclassification.
By injecting random noise into these hidden layers, the researchers found that the adaptability and defensive capability of the network increased. Their approach proved successful in reducing the network’s susceptibility to simulated adversarial attacks.
Although the new defense method is effective against the specific type of attack tested, Ukita and Ohki recognize the importance of further development. They aim to improve the method’s effectiveness against anticipated attacks and explore its potential to defend against other types of attacks.
The constant arms race between attackers and defenders in the realm of AI necessitates continuous innovation. Ukita and Ohki believe that by continually iterating and innovating new defense ideas, it becomes possible to protect the systems that we rely on daily.
FAQ:
What are adversarial attacks?
Adversarial attacks are attempts to manipulate a neural network by subtly altering input patterns, causing the network to misclassify the input.
How do these attacks affect AI systems?
Adversarial attacks can lead to misinterpretations or incorrect decisions by AI systems. This can have serious consequences in applications such as driverless cars or medical diagnostic systems.
How did the researchers improve ANN defense?
The researchers added noise not only to the input layer but also to deeper layers within the network. This increased the adaptability and defensive capability of the network, reducing its vulnerability to adversarial attacks.