Hostile machine learning is a relatively new but nevertheless a growing problem for AI innovation. Gartner reports that by 2022, 30 percent of all cyber attacks will involve data poisoning or other enemy attack vectors. As ML becomes more popular, it makes sense for more and more attacks to be used to disrupt machine learning and the system innovations it enables.
How do enemy attacks work?
Enemy machine learning (ML) attacks all focus on making small, malicious changes to reference data, hindering ML’s initial training and in-depth learning, or interfering with an already trained ML. The purpose of enemy attacks is to bypass existing parameters and data rules to confuse ML instructions and cause the system to fail. Attackers infiltrate a mixture of toxic / polluting and evasive attacks and obstruct the operation of the machines. Toxic and polluting attacks bring small changes to training data, often over a long period of time, in an inexhaustible way to slowly train ML systems to make bad decisions in the future. Attackers who use toxic attacks typically look for backdoors to the system’s training data and disguise the malicious data by mislabeling it like other training data, allowing it to pass through the classifier. These disguised pieces of training data are often difficult to detect, especially because erroneous inputs and operations only fail long after the ML training phase.
Bypass attacks. Bypass attacks typically occur after the ML system has been trained. Enemies trying to do this want to punch holes in the system’s existing training parameters. If a hole or vulnerability is found, this discovery is used to “circumvent” security fuses and gain access to the algorithms and codes that control ML system operations. Attacks of this type can damage everything from planned outputs to data quality to system secrecy.
Examples of hostile attacks related to machine learning
In the real world so far only a few hostile machine learning attacks have been successfully launched, but given that Amazon, Google, Tesla and Microsoft are among the known victims, companies of any size and level of development could face the consequences in the future.
Data and IT professionals are currently practicing enemy attacks in the lab, experimenting with potential attacks to see how different ML scripts and ML-capable technologies respond to these attacks.
Next Theoretical attacks can be successfully launched, according to experts:
-
3D printing of human facial features to deceive facial recognition technology.
-
Adding new markings to roads v brain for road signs to mislead self-driving cars
-
Insert additional text into military drone command texts, changing their path or attack vector .
-
Changing the command recognition of the home assistant IoT technology so that it performs the same operation (or no operation)
A real example of attacking machine learning
One of the most famous examples of a real-life hostile machine learning attack in 2016 was Microsoft’s Tay Twitter stick. Microsoft released Tay as a Twitter robot for understanding conversation, an artificial intelligence designed to make Twitter users more engaging in conversational skills
Several Twitter users chose to overwhelm Tay with offensive remarks, which in less than 24 hours completely changed Tay’s tone and made the stick completely hateful, racist and completely soaked with hatred.
Hardware, software, tests, curiosities and colorful news from the IT world by clicking here
