As deep neural networks (DNNs) become increasingly common in real-world applications, the potential to deliberately "fool" them with data that wouldn’t trick a human presents a new attack vector. This practical book examines real-world scenarios where DNNs—the algorithms intrinsic to much of AI—are used daily to process image, audio, and video data.

Author Katy Warr considers attack motivations, the risks posed by this adversarial input, and methods for increasing AI robustness to these attacks. If you’re a data scientist developing DNN algorithms, a security architect interested in how to make AI systems more resilient to attack, or someone fascinated by the differences between artificial and biological perception, this book is for you.

• Delve into DNNs and discover how they could be tricked by adversarial input
• Investigate methods used to generate adversarial input capable of fooling DNNs
• Explore real-world scenarios and model the adversarial threat
• Evaluate neural network robustness; learn methods to increase resilience of AI systems to adversarial data
• Examine some ways in which AI might become better at mimicking human perception in years to come

Artificial intelligence (AI) is prevalent in our lives. Every day, machines make sense of complex data: surveillance systems perform facial recognition, digital assistants comprehend spoken language, and autonomous vehicles and robots are able to navigate the messy and unconstrained physical world. AI not only competes with human capabilities in areas such as image, audio, and text processing, but often exceeds human accuracy and speed.

By considering real-world scenarios where AI is exploited in our daily lives to process image, audio, and video data, this book considers the motivations, feasibility, and risks posed by adversarial input. It provides both intuitive and mathematical explanations for the topic and explores how intelligent systems can be made more robust against adversarial input.

Understanding how to fool AI also provides us with insights into the often opaque deep learning algorithms, and discrepancies between how these algorithms and the human brain process sensory input. This book considers these differences and how artificial learning may move closer to its biological equivalent in the future.

Who Should Read This Book

• Data scientists developing DNNs. You will gain greater understanding of how to create DNNs that are more robust against adversarial input.
• Solution and security architects incorporating deep learning into operational pipelines that take image, audio, or video data from untrusted sources. After reading this book, you will understand the risks of adversarial input to your organization’s information assurance and potential risk mitigation strategies.
• Anyone interested in the differences between artificial and biological perception. If you fall into this category, this book will provide you with an introduction to deep learning and explanations as to why algorithms that appear to accurately mimic human perception can get it very wrong. You’ll also get an insight into where & how AI is being used in our society and how artificial learning may become better at mimicking biological intelligence in the future.

This book is written to be accessible to people from all knowledge backgrounds, while retaining the detail that some readers may be interested in. The content spans AI, human perception of audio and image, and information assurance. It is deliberately cross-disciplinary to capture different perspectives of this fascinating and fast-developing field.

To read this book, you don’t need prior knowledge of DNNs. All you need to know is in an introductory chapter on DNNs (Chapter 3). Likewise, if you are a data scientist familiar with deep learning methods, you may wish to skip that chapter.

About the Author

Katy Warr works at Roke Manor Research in the UK creating solutions for complex real-world problems. She specializes in AI and data analytics and leads the company’s technical strategy in these areas. Previously she worked at IBM UK Laboratories, architecting and developing software for a variety of distributed enterprise products with an emphasis on transactional integrity and security.

Katy gained her degree in AI and Computer Science from the University of Edinburgh at a time when there was insufficient compute power and data available for deep learning to be much more than a theoretical pursuit. Fast forward a few years and she considers herself fortunate to witness this exciting field becoming mainstream.