IBM is releasing an open-source software library to combat against adversarial attacks in deep neural networks (DNNs). DNNs are machine learning models that are capable of recognizing patterns.
Current artificial intelligence techniques like recognizing objects in images, speech-to-text, and video annotation is based on DNNs. According to IBM, while DNNs are usually very accurate, they are vulnerable to adversarial attacks and can be used to misclassify or incorrectly predict outcomes.
“Adversarial attacks pose a real threat to the deployment of AI systems in security critical applications. Virtually undetectable alterations of images, video, speech, and other data have been crafted to confuse AI systems. Such alterations can be crafted even if the attacker doesn’t have exact knowledge of the architecture of the DNN or access to its parameters,” IBM Research team’s Maria-Irina Nicolae and Mathieu Sinn wrote in a post.
Outside of applications, the researchers say these adversarial attacks can impact the physical world by evading facial recognition systems and defeating visual recognition systems such as autonomous cars.
The Adversarial Robustness Toolbox is designed to help both researchers and developers defend against these attacks and improve the security of their AI systems. “The Adversarial Robustness Toolbox is designed to support researchers and developers in creating novel defense techniques, as well as in deploying practical defenses of real-world AI systems. Researchers can use the Adversarial Robustness Toolbox to benchmark novel defenses against the state-of-the-art. For developers, the library provides interfaces which support the composition of comprehensive defense systems using individual methods as building blocks,” the researchers wrote.
The library is written in Python, and will include algorithms for creating adversarial examples, and methods for defending DNNs.
According to the researchers, the toolbox takes a three-fold approach to defending DNNs: measuring model robustness, model hardening and runtime detection.
The release will also include documentations and tutorials for getting started. Currently, the toolbox supports TensorFlow and Keras deep learning frameworks. Going forward, the team intends to extend capabilities to other popular frameworks like PyTorch and MNet.
“Currently, the library is primarily intended to improve the adversarial robustness of visual recognition systems, however, we are working on future releases that will comprise adaptations to other data modes such as speech, text or time series,” the team wrote.