Google ‘optical illusion’ stickers make AI hallucinate

0
66


‘Optical illusion’ stickers that trick artificial intelligence into seeing something that’s not there have been created by Google researchers.

The team designed a pattern that fools AI software into thinking it is looking at a toaster instead of a different object.

Images such as these could be used to ‘attack’ image recognition systems, including those used in self-driving cars to avoid collisions.

Hackers could use a sticker on a road sign to fool a vehicle’s AI system into thinking it has seen a stop signal on a high-speed road.

Scroll down for video

'Optical illusion' stickers (left) that trick AI into seeing something that's not there have been created by Google researchers. The team designed a pattern that fools AI software into thinking it is looking at a toaster (red bar) instead of a banana (green bars)

‘Optical illusion’ stickers (left) that trick AI into seeing something that’s not there have been created by Google researchers. The team designed a pattern that fools AI software into thinking it is looking at a toaster (red bar) instead of a banana (green bars)

HOW IT WORKS 

Patterns designed to fool AI systems into seeing objects that aren’t there are called ‘adversarial images’.

They exploit weaknesses in the way computers look at the world by making them prioritise certain pixels in the image they are analysing.

The researcher said their stickers work because the pattern they created is more noticeable to image-recognition systems than real-world objects.

The toaster-inspired pattern effectively ‘distracts’ the software from seeing anything else in an image.

The researchers even offer printable versions of the AI-fooling sticker to try at home. 

A mask or pair of glasses fitted with certain patterns could help people slip past AI security systems designed to recognise faces.

For their study, the San Francisco-based researchers created a colourful computer-generated design by sampling hundreds of photographs of toasters.

When the image was placed next to an item, such as a banana, a number of neural networks believed they were seeing a toaster instead.

The team even offers printable versions of the AI-fooling sticker to try at home.

‘These adversarial patches can be printed, added to any scene, photographed, and presented to image classifiers,’ the researchers, led by Google’s Tom Brown, wrote in their paper.

‘Even when the patches are small, they cause the classifiers to ignore the other items in the scene and report a chosen target class.’

Images designed to fool AI systems into seeing objects that aren’t there are called ‘adversarial images’.

They exploit weaknesses in the way computers look at the world by making them prioritise certain pixels in the image they are analysing.

The researchers even offer printable versions of the AI-fooling sticker to try at home (pictured). Images such as these could be used to 'attack' image recognition systems, including those used in self-driving cars to avoid collisions

The researchers even offer printable versions of the AI-fooling sticker to try at home (pictured). Images such as these could be used to 'attack' image recognition systems, including those used in self-driving cars to avoid collisions

The researchers even offer printable versions of the AI-fooling sticker to try at home (pictured). Images such as these could be used to ‘attack’ image recognition systems, including those used in self-driving cars to avoid collisions

The researcher said their stickers work because the pattern they created is more noticeable to image-recognition systems than real-world objects.

The toaster-inspired pattern effectively ‘distracts’ the software from seeing anything else in a scene.

‘While images may contain several items, only one target label is considered true, and thus the network must learn to detect the most ‘salient’ item in the frame,’ they wrote.

When the pattern took up at least 10 per cent of a scene, it consistently tricked image-recognition software, the researchers found.

Patterns designed to fool AI systems  exploit weaknesses in the way computers look at the world by making them prioritise certain pixels in the scene they are analysing. Pictured is an AI system (right grph) tasked with recognising a banana (green bar) in a scene (left image)

Patterns designed to fool AI systems  exploit weaknesses in the way computers look at the world by making them prioritise certain pixels in the scene they are analysing. Pictured is an AI system (right grph) tasked with recognising a banana (green bar) in a scene (left image)

Patterns designed to fool AI systems exploit weaknesses in the way computers look at the world by making them prioritise certain pixels in the scene they are analysing. Pictured is an AI system (right grph) tasked with recognising a banana (green bar) in a scene (left image)

When a picture of a real toaster was placed next to an object (left), it was less likely to distract the software (right), even at larger sizes

When a picture of a real toaster was placed next to an object (left), it was less likely to distract the software (right), even at larger sizes

When a picture of a real toaster was placed next to an object (left), it was less likely to distract the software (right), even at larger sizes

The researcher said their stickers work because the pattern they created is more noticeable to image-recognition systems. The toaster-inspired pattern (left) effectively 'distracts' the software (red bar) from seeing anything else in a scene (green bar)

The researcher said their stickers work because the pattern they created is more noticeable to image-recognition systems. The toaster-inspired pattern (left) effectively 'distracts' the software (red bar) from seeing anything else in a scene (green bar)

The researcher said their stickers work because the pattern they created is more noticeable to image-recognition systems. The toaster-inspired pattern (left) effectively ‘distracts’ the software (red bar) from seeing anything else in a scene (green bar)

When a picture of a real toaster was placed next to an object, it was less likely to distract the software, even at larger sizes. 

Unlike other adversarial images, the Google stickers are flexible, can be printed at home, and don’t need to be ‘tuned’ based on the image they are overriding.

According to the researchers, this flexibility ‘allows attackers to create a physical-world attack without prior knowledge of the lighting conditions, camera angle, type of classifier being attacked, or even the other items within the scene.’

After an image is generated it could be ‘distributed across the Internet for other attackers to print out and use’, they said.





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here