Katy Warr - Strengthening Deep Neural Networks: Making AI Less Susceptible to Adversarial Trickery

by Katy Warr

Copyright 2019 Katy Warr. All rights reserved.

Printed in the United States of America.

Published by OReilly Media, Inc. , 1005 Gravenstein Highway North, Sebastopol, CA 95472.

OReilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com .

• Acquisitions Editor: Jonathan Hassell
• Development Editor: Michele Cronin
• Production Editor: Deborah Baker
• Copy Editor: Sonia Saruba
• Proofreader: Rachel Head
• Indexer: WordCo Indexing Services
• Interior Designer: David Futato
• Cover Designer: Karen Montgomery
• Illustrator: Rebecca Demarest

• July 2019: First Edition

See http://oreilly.com/catalog/errata.csp?isbn=9781492044956 for release details.

The OReilly logo is a registered trademark of OReilly Media, Inc. Strengthening Deep Neural Networks, the cover image, and related trade dress are trademarks of OReilly Media, Inc.

While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.

978-1-492-04495-6

[GP]

Artificial intelligence (AI) is prevalent in our lives. Every day, machines make sense of complex data: surveillance systems perform facial recognition, digital assistants comprehend spoken language, and autonomous vehicles and robots are able to navigate the messy and unconstrained physical world.AI not only competes with human capabilities in areas such as image, audio, and text processing, but often exceeds human accuracy and speed.

While we celebrate advancements in AI, deep neural networks (DNNs)the algorithms intrinsic to much of AIhave recently been proven to be atrisk from attack through seemingly benign inputs. It is possible to fool DNNs by making subtle alterations to input data that often either remain undetected or are overlooked if presented to a human.For example, alterations to images that are so small as to remain unnoticed by humans can cause DNNs to misinterpret the image content.As many AI systems take their input from external sourcesvoice recognition devices or social media upload, forexamplethis ability to be tricked by adversarial inputopens a new, often intriguing, security threat. This book is aboutthis threat, what it tells us about DNNs, and how we can subsequently make AI more resilient to attack.

By considering real-world scenarios where AI isexploited in our daily lives to process image, audio, and video data,this book considers the motivations, feasibility, and risks posed by adversarial input.It provides both intuitive and mathematical explanations for the topic and explores how intelligent systems can bemade more robust against adversarial input.

Understanding how to fool AI also provides us with insights intothe often opaque deep learning algorithms, and discrepancies between how these algorithms and the human brainprocess sensory input. This book considers these differences and how artificial learning may move closerto its biological equivalent in the future.