Researchers at the Massachusetts Institute of Technology (MIT) have demonstrated a new way to fool computer vision algorithms that enable artificial intelligence systems to see.
The researchers exploited the Google Cloud Vision API that enables anyone to perform image labeling, face and landmark detection, optical character recognition, and tagging of explicit content. Traditional hacking approaches are inefficient and impractical when targeting large images with tens of thousands of pixels. To overcome this problem, the MIT team adapted a "natural evolution strategies" method that generates smaller populations of images around the larger image, with large random groups of pixels being perturbed instead of single pixels. Then, given the classifier's output on these randomly perturbed images, the system recovers what the contribution of each individual pixel is to the classification output, according to MIT researcher Andrew Ilyas.
The researchers used this method to create "adversarial images" that would trick a computer vision program into seeing an object that was not really there.
From IEEE Spectrum
View Full Article
Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA
No entries found