Close paragraph of time, a frequency about birdcall circulates at the network, the person that passes according to listening says, listen go up, it is the cry of a paragraph of very euphonic birdie only, but if broadcast it to intelligent AI mobile phone,listen, may have a few " accident happy event " -- in the twitter that makes a person cheerful, adulterated actually the speech instruction that ear of a person cannot identify, it can command AI mobile phone goes visitting a certain insecure website, install a few plug-in unit in the mobile phone even, and this instruction, the person's ear cannot differentiate at all.
Artificial intelligence
The message exposes to the sun after going out, someone has tried to differentiate with high-end smartphone this paragraph of twitter, but did not discover place says " accident happy event " . But this is not planted on behalf of this " accident happy event " impossible existence.
We know machine study model measures several composition by a series of specific commutation, alternate for the most part among them little to the any of the input change is unusually sensitive. The behavior that use this kind of sensitivity and revise algorithm with its is one of artificial intelligence security very serious problem. This meant fraud of a kind of new-style high-tech to appear, it can have cheated a smartphone, more our impossible to defend effectively that lets a body be the mankind -- imagine, when we read small letter conveniently opened a paragraph of frequency, the disbursement that the mobile phone is without the circumstance that be aware of to fell to finish brushstroke tiring-room automatically in us or automatic remote control opened a door... consequence has some of dreariness it seems that.
This is a kind of hearing go up " antagonism attack "
We need to gain ground to everybody here, of intelligent artifacts " intelligence " just complete a few has move operations that had designed beforehand actually according to a few fixed program algorithm. And network hacker uses this just about, retrorse broken solution these programs, have these operations through a few methods that concealment extremely next. If the hacker designed a few hidden to dictate really, will hold accuse robot of sound box of a smartphone, intelligence, intelligence, this is not is not impossible, theoretic the computer water flatfood that wants him only is quite tall, can accomplish.
This paragraph has the twitter of feline be bored with, it is a flock of Germany scientists are made actually those who come out. Their first-hand raw material, it is Duanchun's natural one twitter really, but they adulterated in this paragraph of raw material the thing that ear of a paragraph of small person sounds is little noise only -- calculate person ear to listen acutely gave this paragraph of noise, also can feeling only is desultorily noise just -- but this bit of noise arrives in intelligent identifying system, can be a kind of clear statement however.
This process that make cannot be us of course in the imagination so simple, it is a kind of skill that the ability after need passes deepness study masters. This kind of deepness learns, in the study course that includes intelligent machine about safe domain " antagonism is atttacked " technology.
Machine study algorithm accepts an input with the form of digital vector. With a kind specific means designs an input, get a wrong result from inside the model thereby, this is called " antagonism is atttacked " . Say simply, "Antagonism is atttacked " try namely " beguiling AI " , let us from which derive experience, yield AI progress.
AI algorithm
One studies the result makes clear already, any machine study are classified implement can be cheated, give out to forecast a result incorrectly, want to have relevant professional technical ability only, you let them easily give an any results that you want. A of the closest Gu Ge special the nerve network that identifies at machine vision ever was printed by a 3D group " dally " , the international machine that holds in Swedish Stockholm learns the conference, this group printed tortoise of a 3D, just be a few special grain are being embedded inside printed image, gu Gezhi can identify a system to identify it one lever musket.
This kind of misdirect to deepness nerve network, be commonner on the vision. For instance if we can make a pair " antagonism " glasses or mask, can have cheated all and facial identifying almost system. Resemble magic namely a kind to us the deceit that is a vision is same.
This frequency trick, just be plant this " the vision defies " changed " hearing defies " , the principle is about the same.
"Psychological acoustics is concealed " algorithm exploited human hearing weakness
Magic to us the deceit that is a vision, it is easy that the hearing that has cheated us compares the vision that has cheated us actually much.
Human hearing has a weak point, call cover effect. Pass into ear at the same time when two kinds of sound namely, that paragraph of the mankind's can bigger to volume sound wave is more sensitive, right one faint paragraph that is not sensitive. One kind cries " psychological acoustics is concealed " algorithmic and OK we meet cipher out lack vigilance to the noise of what degree.
The maker of this paragraph of frequency used this algorithm just about, adopt model of a psychological acoustics, after the analysis gives what sound overlay to arrive in primitive frequency, can be identified by AI already, do not affect human perception again, need to change sound wave in the in a way inside this limits only next, such changing that had cheated human ear easily, and issued a statement to the smartphone, without anybody knowing it. Next, they put this paragraph of frequency between drama of our very recipient a few music, movie and TV... want to feel very horrible, of the limits of this kind of attack big, can arrive extensively even the whole world is synchronous, let people's air defense be prevented deeply.
If us a few payment move input password link without open hand, if the intelligent gate in the home, intelligence lives in your mobile phone connective, it is safe warming system even... even if the speech assistant that has voice print protection has taken a few safeguard, system of unwarrantable also AI is absolutely and safe. Because, any programs are put possibly in flaw. The hacker is for instance OK term sound synthesizer comes imitate voice print, score equipment.
A group had published positive result of a research last year " dolphin sound is atttacked " , use human unheard ultrasonic namely, deliver to speech assistant conceal a statement, intelligent identifying system is the frequency that can become their demodulation the human speech that can distinguish actually, accept a statement. Allegedly this group has used ultrasonic electropult, the attempt has atttacked cereal song assistant, Yamaxun S Voice of Siri of Cortana of Alexa, Microsoft, apple, SamSung and China for HiVoice, these speech assistant software " complete member be beaten " .
Place favour ultrasonic is faulty also, namely one kind " psychological acoustics is concealed " algorithm can be aimed at a kind of specific microphone only. Use different microphone reception of a radio, gotten result also can differ somewhat.
Complex Algorithm
"Well-meaning deceit " it is for collective progress
The safety of AI application is the problem that everybody cares mainly all the time. The scientists of network safety domain also are fond of all sorts of flaw of exploration intelligence equipment, the hope can discover a problem in time and solve a problem. The hacker challenges the safe blemish of all sorts of software ceaselessly, also be scientific progress one medium kind needs.
Scientists of computer of school of component of interest of gram of American California university uncle also are trying ceaselessly " deceit " AI, the purpose should promote the study of AI identifying system capability namely. They had tried to use a kind of paster to be put jockey on the mark, thereby " deceit " a kind of common pattern recognition AI, let it think this is the speed limit mark that does not surpass 45 miles hourly; Still atttack a technology with a few antagonism, let pattern recognition AI arise " psychedelic " , when sailed car is going on AI identifying road surface for instance, see the Kitty cat that runs only only however.
Of course, so far, these " fraud " be scientists only " well-meaning deceit " , did not appear true " accident " . Use generally in AI after all before, these attempts are very important.
A filch that resembles demonstrating successfully on the DefCon hacker congress this year conference canned process: Researcher lets an Echo that has changed his costume or dress, hook up with a common Echo same WiFi, use a series of Bug of guardianship process, evil spirit be puzzled much stand sound box, controlled the sound content that sound box broadcasts completely thereby, the frequency that at the same time they still can take microphone is passed in long-range server secretly, realize whole journey eavesdrop, and user of the other side can not receive any warning. Such sequential and apparent special dreariness. Nevertheless, operation group is when the experiment, informed beforehand by the other side of eavesdrop, the other side also released at top speed " patch " , solved this one flaw.
Develop ceaselessly as AI technology, we also need to face all sorts of subsequently and the risk that come, after all challenge and good luck coexist, the hope is improved of safe system ceaselessly as us, can greatly the safe technology that accelerates AI intelligence, avoid the happening of AI fraud!
