This page is a fallback for search engines and cases when javascript fails or is disabled.
Please view this card in the library, where you can also find the rest of the plot4ai cards.
Are we protected from adversarial examples?
Are we protected from adversarial examples?
Adversarial examples are a type of evasion attack where malicious inputs are deliberately crafted to mislead AI models. These inputs are minimally modified, often imperceptible to humans, but can cause the model to produce incorrect or harmful predictions. Examples include researchers demonstrating that carefully designed patterns on accessories, like sunglasses, could deceive facial recognition systems into misidentifying individuals. Such examples are particularly problematic in critical domains like healthcare, finance, and security, where incorrect predictions could lead to severe consequences.
If you answered No then you are at risk
If you are not sure, then you might be at risk too
Recommendations
- Include adversarial examples in the training data to make models more robust against similar attacks.
- Apply techniques such as input normalization, noise addition, or image resizing to reduce the impact of adversarial perturbations.
- Design models with built-in robustness features to detect and counteract adversarial modifications.
- Use multiple models and aggregate their predictions to make it harder for adversarial examples to deceive all models simultaneously.
- Develop and apply techniques that mathematically guarantee the model’s resistance to certain adversarial manipulations.
- Regularly test and monitor the system for new adversarial techniques to stay ahead of potential attacks.
Interesting resources/references
- Microsoft, Threat Modelling AI/ML Systems and Dependencies
- Securing Machine Learning Algorithms, ENISA
- STRIDE-AI: An Approach to Identifying Vulnerabilities of Machine Learning Assets
- Stride-ML Threat Model
- MITRE ATLAS™ - Adversarial Threat Landscape for Artificial-Intelligence Systems
- Attribution-driven Causal Analysis for Detection of Adversarial Examples