Researchers develop a technique to vaccinate algorithms against adversarial attacks
Researchers with CSIRO’s Data61 have developed a method to employ machine learning in order to “vaccinate” systems against adversarial attacks, which are attempts to tamper with machine learning models by feeding them malicious data. For instance, by distorting images in various ways, threat actors may be able to bypass surveillance algorithms.
The new research[pdf] shows that the threat of adversarial attacks can be mitigating by following an approach that resembles vaccination. Dr Richard Nock of Data61 explains that “we implement a weak version of an adversary, such as small modifications or distortion to a collection of images, to create a more ‘difficult’ training data set. When the algorithm is trained on data exposed to a small dose of distortion, the resulting model is more robust and immune to adversarial attacks.”