A new study reveals that artificial intelligence systems are more susceptible to adversarial attacks than previously believed, making them vulnerable to manipulation that can lead to incorrect decisions. Researchers found that adversarial vulnerabilities are widespread in AI deep neural networks, raising concerns about their use in critical applications. To assess these vulnerabilities, the team developed QuadAttacK, a software that can test neural networks for susceptibility to adversarial attacks.
Artificial intelligence tools hold promise for applications ranging from autonomous vehicles to the interpretation of medical images. However, a new study finds these AI tools are more vulnerable than previously thought to targeted attacks that effectively force AI systems to make bad decisions.
At issue are so-called ‘adversarial attacks,’ in which someone manipulates the data being fed into an AI system in order to confuse it, says Tianfu Wu, co-author of the study and an associate professor of electrical and computer engineering at North Carolina State University.
The study, presented at the Thirty-seventh Conference on Neural Information Processing Systems, focused on determining the prevalence of these adversarial vulnerabilities in AI deep neural networks. The researchers discovered that the vulnerabilities are much more common than previously believed.
What’s more, we found that attackers can take advantage of these vulnerabilities to force the AI to interpret the data to be whatever they want, Wu explains. This means that attackers can manipulate an AI system into misidentifying objects or making incorrect judgments.
To test the vulnerability of deep neural networks to adversarial attacks, the researchers developed a software called QuadAttacK. This software can be used to evaluate any deep neural network for susceptibility to adversarial attacks. The team tested four commonly used networks and found that all four were highly vulnerable.
We were surprised to find that all four of these networks were very vulnerable to adversarial attacks, Wu says. We were particularly surprised at the extent to which we could fine-tune the attacks to make the networks see what we wanted them to see.
The researchers have made QuadAttacK available to the public so that others can test their neural networks for vulnerabilities. While solutions to minimize these vulnerabilities are still being developed, the findings stress the need to enhance AI systems’ robustness against adversarial attacks, particularly in applications with potential human life implications.
As AI becomes increasingly integrated into critical systems, it is essential to address these vulnerabilities to ensure the safety and reliability of the technology. By understanding and addressing the weaknesses of AI systems, researchers can work towards creating more robust and secure artificial intelligence tools.
The study was supported by the U.S. Army Research Office and the National Science Foundation. The researchers’ findings underscore the importance of ongoing research and development in the field of AI to protect against adversarial attacks and ensure the trustworthiness of AI systems in various applications.
The implications of this research extend to industries such as autonomous vehicles, cybersecurity, healthcare, and many others. As AI continues to advance, it is crucial to stay vigilant and proactive in addressing vulnerabilities to ensure the technology’s benefits are not compromised by malicious manipulation.
