New Algorithms for Machine Learning to Resist Interference

Attacks on machine learning models will have serious consequences, but what if they are prevented in advance? Just as humans are vaccinated against the coming virus. According to the official website of the Australian Federal Organization for Scientific and Industrial Research (CSIRO), a research team of CSIRO has recently developed a set of latest artificial intelligence (AI) algorithms to help machine learning withstand possible interference.

Machine learning is the core of artificial intelligence and the fundamental way to make computers intelligent. The main purpose of machine learning is to allow computers to simulate or realize human learning behavior in order to acquire new knowledge or skills, and reorganize the existing knowledge structure, so as to continuously improve its performance.

Although machine learning can learn the correct working methods in large data training, it is also vulnerable to malicious interference. Usually the attacker "deceives" the machine learning model by inputting malicious data, which results in serious failure.

This time, Richard Nock, the leader of the "Data61" machine learning group, who developed the new algorithm, said that the attacker would add a layer of interference wave to the image to achieve the purpose of "deception" and thus make the machine learning model produce wrong image classification.

The new algorithm developed by Nock and his team members can help the machine learn to "practice" its anti-jamming ability through a similar idea of vaccination. This is an anti-interference training for machine learning model. For example, in the field of image recognition, the algorithm can modify or distort the image set slightly, and stimulate the machine learning model to "understand" to more and more strong anti-interference ability, and form the relevant self-anti-interference training model.

After such small-scale distortion training, the final anti-interference training model will be more powerful. When the real attack comes, the machine learning model will have the "immune" function.

Editor-in-chief circle

Using tricks to interfere with machine recognition of images, this method has been used in network black production. The human eye does not seem to have any distinct difference. If a layer of interference wave is applied specifically to the machine, the judgment of the machine will be greatly degraded. The so-called vaccination, in fact, is to "fight with poison with poison", so that the machine can first see the pictures that have been slightly modified, and self-study in training, so as to eventually identify this layer of malicious interference, reveal the true face of the picture Lushan. The learning function of machine is powerful. Teach it how to deal with it, and it can improve itself. But attack and defense always go hand in hand, which is an endless technological game.