Evidence is growing that image recognition technology may be more susceptible to deception than previously assumed.
Engineers at the ZeroFOX security startup suspected last year that a photo in a bogus social-media profile was modified to fool content filters, as a form of adversarial attack.
One senior technology executive said hacker groups are conducting "probing attacks" on social-media filters, with emphasis "on attacking [artificial intelligence] algorithms, changing a few pixels."
Researchers also demonstrated image- ecognition systems can be deceived offline, with a team from KU Leuven in Belgium successfully fooling popular image-classification software by masking themselves from a surveillance camera with a colorful poster.
Meanwhile, Wieland Brendel at the University of Tubingen in Germany publicly released a corpus of programming code that can be used to launch adversarial attacks on image-recognition systems, so developers of neural networks for image-recognition systems can test for flaws.
From The Wall Street Journal
View Full Article - May Require Paid Subscription
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA