Imagine that if someone puts a "sticker" on their face, the face recognition access control system can mistake it for you and open the door easily; if you put the same "sticker" on your glasses, You can unlock your phone's face recognition in just one second and explore your privacy as if you were in an uninhabited land. This is not the imagination of a science fiction blockbuster, but a real attack and defense scene displayed at the award ceremony of the first Artificial Intelligence Security Competition.
Not long ago, the first Artificial Intelligence Security Conference was jointly sponsored by the National Industrial Information Security Development Research Center, Tsinghua University Artificial Intelligence Research Institute and Beijing Ruilai Intelligent Technology Co., Ltd. The competition ends. During the competition, discussions arose about the security risks of artificial intelligence. Experts attending the meeting said that artificial intelligence security risks are no longer future challenges, but immediate threats. We must pay attention to the construction of artificial intelligence security systems and accelerate the promotion of key technology research and offensive and defensive practices in the field of artificial intelligence security.
Artificial intelligence, like other general technologies, is making rapid progress, but it also brings certain risks and hidden dangers. Tian Tian, CEO of Ruilai Smart, who has won the "Wu Wenjun Artificial Intelligence Outstanding Youth Award", believes that the scope of artificial intelligence technology risks is gradually expanding as the application scenarios become more widespread, and the possibility of risks also increases with its application scenarios. It continues to increase with the increase in application frequency. In his view, the current security risks of artificial intelligence can be analyzed mainly from the two perspectives of "people" and "systems".
Assessing the security issues of artificial intelligence from a human perspective, the first thing to bear the brunt is the duality of technology, and the problem of abuse of artificial intelligence. Specific to the application of artificial intelligence, the most typical representative is deepfake technology, whose negative application risks continue to intensify and have caused substantial harm.
The facial recognition cracking demonstration in this competition reveals the risks of the system, which come from the fragility of the deep learning algorithm itself. The second generation of artificial intelligence with deep learning algorithms as the core is a "black box" and is unexplainable, which means that the system has structural loopholes and may be subject to unpredictable risks. A typical example is the "magic sticker" on-site demonstration. , is actually an "adversarial sample attack", which causes the system to make wrong judgments by adding disturbances to the input data.
This vulnerability also exists in the autonomous driving perception system. Under normal circumstances, after identifying roadblocks, signs, pedestrians and other targets, the self-driving vehicle will stop immediately. However, after adding interference patterns to the target objects, the vehicle's perception system may make errors and directly crash into them.
During the competition, the "White Paper on Security Development of Artificial Intelligence Computing Infrastructure" was released. It is mentioned that artificial intelligence computing power infrastructure is different from traditional computing power infrastructure. It is both "infrastructure", "artificial intelligence computing power" and "public facilities", and has the triple attributes of infrastructure, technology and public attributes. Accordingly, promoting the safe development of artificial intelligence computing power infrastructure should focus on strengthening its own security, ensuring operational safety, and assisting safety compliance.
Coordinating development and security seems to be an inevitable problem faced in the development process of every new technology. How to achieve a positive interaction between high-level development and high-level security is also one of the most important propositions in the current development of the artificial intelligence industry. , many experts on site discussed this topic.
"Artificial intelligence adversarial attack and defense include adversarial samples, neural network backdoors, model privacy issues and other technologies. If the model has errors, it needs to be repaired in a timely manner." Chen, deputy director of the State Key Laboratory of Information Security, Chinese Academy of Sciences Kai proposed a "neural network scalpel" method to perform precise "minimally invasive" repairs by locating the neurons that caused the error.
Chen Kai said that unlike traditional model repair work, which requires retraining the model or relies on a larger number of data samples, this method is similar to "minimally invasive surgery" and only requires a very small amount of data samples. Greatly improve the model repair effect.
Artificial intelligence systems in open environments face many security challenges. How to solve the security issue of the full cycle of general artificial intelligence algorithms has become a top priority.
Liu Xianglong, deputy director of the State Key Laboratory of Software Development Environment at Beihang University, said that from a technical point of view, a complete technical means from security testing to security analysis and security reinforcement should be formed, and finally a standardized test should be formed process.
He also pointed out that future artificial intelligence security should focus on comprehensive evaluation at all levels from data, algorithms to systems, and at the same time cooperate with a set of safe and trusted computing environments from hardware to software.
Su Jianming, an expert in charge of the Security Offense and Defense Laboratory of the Industrial and Commercial Bank of China Financial Research Institute, said that artificial intelligence security governance requires extensive collaboration and open innovation, and it is necessary to strengthen the interaction and cooperation of various industry participants such as governments, academic institutions, enterprises, etc., to establish a positive ecosystem rule. At the policy level, the legislative process of artificial intelligence should be accelerated, and special supervision and assessment of artificial intelligence service levels and technical support capabilities should be strengthened. At the academic level, increase incentives for artificial intelligence safety research and accelerate the transformation and implementation of scientific research results through the industry-university-research cooperation model. At the enterprise level, we will gradually promote the transformation of artificial intelligence technology from scenario expansion to safe and trustworthy development, and continue to explore artificial intelligence safety practices and solutions by participating in the formulation of standards, launching products and services.
In fact, building a safe ecosystem for artificial intelligence requires the continuous evolution of technology on the one hand, and the construction and training of specialized technical talents on the other. Tian Tian said that because artificial intelligence security research is still an emerging field, there are few specialized talents, and there is a lack of systematic research teams. This competition uses actual combat exercises to verify and improve the actual combat capabilities of the players, in order to cultivate a group of high-level, The high-level artificial intelligence security new talent team provides a "fast track".
Experts believe that in the long run, the security issues of artificial intelligence need to be broken through from the principles of algorithm models. Only by continuing to strengthen basic research can core scientific issues be solved. At the same time, they emphasized that the security of artificial intelligence Future development needs to ensure the effectiveness and positive promotion of the development of the entire society and the country, and requires the coordinated development of multiple parties including government, industry, academia, and research.
The above is the detailed content of Behind the rapid development of artificial intelligence there are multiple security risks. For more information, please follow other related articles on the PHP Chinese website!