{"id":2096,"date":"2020-07-03T15:58:00","date_gmt":"2020-07-03T13:58:00","guid":{"rendered":"https:\/\/www.servicemeister.org\/2020\/07\/03\/angriffe-auf-ki-wie-sich-algorithmen-manipulieren-lassen\/"},"modified":"2020-07-16T14:40:28","modified_gmt":"2020-07-16T12:40:28","slug":"attacks-on-ai-how-algorithms-can-be-manipulated","status":"publish","type":"post","link":"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/","title":{"rendered":"Attacks on AI: How algorithms can be manipulated"},"content":{"rendered":"\n<p><em><em>Whether autonomous vehicles or smart chatbots \u2013 cyber attackers can trick artificially intelligent software models. \u201cHackers can manipulate neural networks and lead them astray,\u201d says Nurullah Demir, an expert in cybersecurity and AI. How algorithms can be sabotaged and protected.<\/em><\/em><\/p>\n\n\n\n<p><strong>By Nils Klute, Specialist IT Editor and IoT Project Manager at eco \u2013 Association of the Internet Industry<\/strong><\/p>\n\n\n\n<p>The future belongs to artificial intelligence (AI). Processes can be optimized, supported, and automated. According to a <a href=\"https:\/\/international.eco.de\/presse\/new-eco-study-investigates-economic-potential-of-artificial-intelligence\/\">study by the eco Association<\/a> from 2019, a total potential of around 488 billion Euro will be released in German industry by 2025. This represents great opportunities, but also risks: Eight out of ten Germans (85 percent) are concerned about the safety of products, applications, and services based on AI, according to a recent <a href=\"https:\/\/www.vdtuev.de\/news\/ki-studie\">German-language survey<\/a> by the German Association of Technical Inspection Agencies (VdT\u00dcV).<\/p>\n\n\n\n<p><strong>Deceive AI algorithms and gradually retrain them<\/strong><strong><\/strong><\/p>\n\n\n\n<p>A 2017 <a href=\"https:\/\/arxiv.org\/pdf\/1707.08945.pdf\">study by the University of Michigan<\/a>, for example, shows why these concerns are justified. Researchers had succeeded in <a href=\"https:\/\/spectrum.ieee.org\/cars-that-think\/transportation\/sensors\/slight-street-sign-modifications-can-fool-machine-learning-algorithms\">optically deceiving<\/a> image recognition algorithms such as those used by autonomous vehicles. In so-called <a href=\"https:\/\/arxiv.org\/abs\/1602.02697\">adversarial attacks<\/a>, attackers retrain AI systems in a targeted manner. The result: Instead of a stop sign, the AI identifies e.g. a traffic sign for speed control. \u201cHackers can manipulate neural networks and lead them astray,\u201d says <a href=\"https:\/\/www.internet-sicherheit.de\/team\/demir-nurullah\/\">Nurullah Demir<\/a>, an expert in cybersecurity and AI at the <a href=\"https:\/\/www.internet-sicherheit.de\/?L=2\">Institute for Internet Security<\/a>, if(is).<\/p>\n\n\n\n<p>How the AI invaders do it: \u201cThe attacks can be divided into white box or black box attacks,\u201d says Demir. In a white-box attack, the hackers have access to all the data processed by an AI, know the neural network, its structure, and its weak points. Demir: \u201cMany AI software models are open source. Anyone can see them.\u201d This knowledge can be exploited by attackers. Take the traffic sign recognition example above: The researchers manipulate the input image data, observe how the effects work and retrain an AI in small steps. \u201cWhat looks like a stop sign with harmless stickers on it to the driver, is misinterpreted by the misguided algorithm as a <a href=\"https:\/\/www.youtube.com\/watch?v=gkKyBmULVvM&amp;feature=youtu.be\">green traffic light or a pedestrian<\/a>,\u201d says Demir. However: \u201cEven if invaders have no access to AI algorithms, attacks are still possible.\u201d In the so-called black box attacks, for example, the hackers evaluate the results of an AI system (Optimized Brute Force Method). To do this, they run hundreds of thousands of queries to find a generic example that can be used to manipulate the algorithm, as the IBM Research team has also <a href=\"https:\/\/www.youtube.com\/watch?v=RYpmTldTkcw&amp;feature=youtu.be&amp;t=1612\">shown<\/a>.<\/p>\n\n\n\n<p><strong>Motives and goals of AI attackers<\/strong><strong><\/strong><\/p>\n\n\n\n<p>Attacks like these require a high level of technical effort and expertise. Possible invaders are therefore looking for particularly lucrative targets. \u201cBut what the criminals are pursuing, like the attacks themselves, cannot be generalized,\u201d says Demir. Not only can autonomous vehicles be sabotaged, but also voice assistants, for example: Experiments show that an AI can mistake <a href=\"https:\/\/nicholas.carlini.com\/code\/audio_adversarial_examples\/\">music for speech<\/a> and then execute commands.<\/p>\n\n\n\n<p>How to protect AI systems: \u201cThere is no such thing as 100% secure,\u201d says Demir. \u201cThus, the attackers take advantage of the weaknesses that AI systems have by nature, so to speak.\u201d For example, neural networks are <a href=\"https:\/\/www.servicemeister.org\/en\/2020\/03\/24\/vertrauen-in-ki-warum-sich-algorithmen-erklaeren-muessen\/\">not transparent<\/a>; no one understands exactly what&#8217;s going on inside them. As a result, algorithms are not able to justify decisions. In addition, the models are continuously developed further in a self-learning, self-organizing and self-optimizing manner \u2013 there are no final software versions unlike computer programs.<\/p>\n\n\n\n<p><strong>Protect and secure AI, validate and check data sources<\/strong><strong><\/strong><\/p>\n\n\n\n<p>\u201cOne of the best protection options is therefore the actual data which an AI processes,\u201d says Demir. \u201cUsers should check sources and data to make sure nobody has tampered with them.\u201d For example, when companies share data, users should carefully validate the source. In this way, companies ensure that their AI only processes data that it is supposed to process. \u201cIn order to increase the resilience of the algorithms, users can integrate potential attacks into their own data set and train them as well,\u201d says Demir. An algorithm can be protected by feeding it with known enemy examples (so-called Adversarial Examples). <a href=\"https:\/\/www.servicemeister.org\/en\/2020\/03\/12\/differential-privacy-eine-rechnung-die-aufgeht\/\">Differential privacy<\/a> is also a good way to secure the exchange of information: With the mathematical method, data can be deliberately noisy without losing its statistical significance.<\/p>\n\n\n\n<p>One thing is certain: Attacks on AI are a young and current topic in science,\u201d says Demir. \u201cAttacks are difficult to observe and possible harm is hard to predict.\u201d For users, it&#8217;s not just a matter of knowing the danger: \u201cYou need to get on board and secure your systems.\u201d<\/p>\n\n\n\n<p><em>The if(is) was founded in 2005 at the Westf\u00e4lische Hochschule, Gelsenkirchen by Prof. Norbert Pohlmann was founded to create innovations in the field of application-oriented Internet security research. Since the start of Service-Meister, the institute has supported the work in the AI project as a <a href=\"https:\/\/www.servicemeister.org\/en\/the-consortium\/\">consortium partner<\/a>. <\/em><\/p>\n\n\n\n<p><strong><strong><strong>You liked this article? <\/strong><a href=\"https:\/\/www.servicemeister.org\/en\/newsletter\/\"><strong>Then subscribe to our <\/strong><\/a><strong><a rel=\"noreferrer noopener\" href=\"https:\/\/www.servicemeister.org\/en\/newsletter\/\" target=\"_blank\">newsletter<\/a> and receive regular updates on similar topics and the Project Service-Meister<\/strong><\/strong><\/strong> <strong>and discuss with us about this and similar exciting topics in our <a href=\"https:\/\/www.linkedin.com\/groups\/8912754\/\">LinkedIn Group<\/a><\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Whether autonomous vehicles or smart chatbots \u2013 cyber attackers can trick artificially intelligent software models. \u201cHackers can manipulate neural networks and lead them astray,\u201d says Nurullah Demir, an expert in cybersecurity and AI. How algorithms can be sabotaged and protected.<\/p>\n","protected":false},"author":5,"featured_media":2066,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[94,95,96,97,79],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Attacks on AI: How algorithms can be manipulated - Service-Meister<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attacks on AI: How algorithms can be manipulated - Service-Meister\" \/>\n<meta property=\"og:description\" content=\"Whether autonomous vehicles or smart chatbots \u2013 cyber attackers can trick artificially intelligent software models. \u201cHackers can manipulate neural networks and lead them astray,\u201d says Nurullah Demir, an expert in cybersecurity and AI. How algorithms can be sabotaged and protected.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/\" \/>\n<meta property=\"og:site_name\" content=\"Service-Meister\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-03T13:58:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-07-16T12:40:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.servicemeister.org\/wp-content\/uploads\/2020\/07\/Security.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Hauke Timmermann\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Hauke Timmermann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/\"},\"author\":{\"name\":\"Hauke Timmermann\",\"@id\":\"https:\/\/www.servicemeister.org\/#\/schema\/person\/1721e0365900aa18e0eacba04dc664fd\"},\"headline\":\"Attacks on AI: How algorithms can be manipulated\",\"datePublished\":\"2020-07-03T13:58:00+00:00\",\"dateModified\":\"2020-07-16T12:40:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/\"},\"wordCount\":845,\"publisher\":{\"@id\":\"https:\/\/www.servicemeister.org\/#organization\"},\"keywords\":[\"Adversarial Attacks\",\"Black-Box-Attacken\",\"Differential Privacy\",\"IT Security\",\"KI-\u00d6kosystem\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/\",\"url\":\"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/\",\"name\":\"Attacks on AI: How algorithms can be manipulated - Service-Meister\",\"isPartOf\":{\"@id\":\"https:\/\/www.servicemeister.org\/#website\"},\"datePublished\":\"2020-07-03T13:58:00+00:00\",\"dateModified\":\"2020-07-16T12:40:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/www.servicemeister.org\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Attacks on AI: How algorithms can be manipulated\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.servicemeister.org\/#website\",\"url\":\"https:\/\/www.servicemeister.org\/\",\"name\":\"Service-Meister\",\"description\":\"KI Service - Industrie 4.0\",\"publisher\":{\"@id\":\"https:\/\/www.servicemeister.org\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.servicemeister.org\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.servicemeister.org\/#organization\",\"name\":\"Service-Meister\",\"url\":\"https:\/\/www.servicemeister.org\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.servicemeister.org\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.servicemeister.org\/wp-content\/uploads\/2019\/05\/cropped-ServiceMeister_Logo.jpg\",\"contentUrl\":\"https:\/\/www.servicemeister.org\/wp-content\/uploads\/2019\/05\/cropped-ServiceMeister_Logo.jpg\",\"width\":1584,\"height\":516,\"caption\":\"Service-Meister\"},\"image\":{\"@id\":\"https:\/\/www.servicemeister.org\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.servicemeister.org\/#\/schema\/person\/1721e0365900aa18e0eacba04dc664fd\",\"name\":\"Hauke Timmermann\",\"url\":\"https:\/\/www.servicemeister.org\/en\/author\/htn_eco\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attacks on AI: How algorithms can be manipulated - Service-Meister","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/","og_locale":"en_US","og_type":"article","og_title":"Attacks on AI: How algorithms can be manipulated - Service-Meister","og_description":"Whether autonomous vehicles or smart chatbots \u2013 cyber attackers can trick artificially intelligent software models. \u201cHackers can manipulate neural networks and lead them astray,\u201d says Nurullah Demir, an expert in cybersecurity and AI. How algorithms can be sabotaged and protected.","og_url":"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/","og_site_name":"Service-Meister","article_published_time":"2020-07-03T13:58:00+00:00","article_modified_time":"2020-07-16T12:40:28+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.servicemeister.org\/wp-content\/uploads\/2020\/07\/Security.jpg","type":"image\/jpeg"}],"author":"Hauke Timmermann","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Hauke Timmermann","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/#article","isPartOf":{"@id":"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/"},"author":{"name":"Hauke Timmermann","@id":"https:\/\/www.servicemeister.org\/#\/schema\/person\/1721e0365900aa18e0eacba04dc664fd"},"headline":"Attacks on AI: How algorithms can be manipulated","datePublished":"2020-07-03T13:58:00+00:00","dateModified":"2020-07-16T12:40:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/"},"wordCount":845,"publisher":{"@id":"https:\/\/www.servicemeister.org\/#organization"},"keywords":["Adversarial Attacks","Black-Box-Attacken","Differential Privacy","IT Security","KI-\u00d6kosystem"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/","url":"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/","name":"Attacks on AI: How algorithms can be manipulated - Service-Meister","isPartOf":{"@id":"https:\/\/www.servicemeister.org\/#website"},"datePublished":"2020-07-03T13:58:00+00:00","dateModified":"2020-07-16T12:40:28+00:00","breadcrumb":{"@id":"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.servicemeister.org\/en\/2020\/07\/03\/attacks-on-ai-how-algorithms-can-be-manipulated\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.servicemeister.org\/en\/"},{"@type":"ListItem","position":2,"name":"Attacks on AI: How algorithms can be manipulated"}]},{"@type":"WebSite","@id":"https:\/\/www.servicemeister.org\/#website","url":"https:\/\/www.servicemeister.org\/","name":"Service-Meister","description":"KI Service - Industrie 4.0","publisher":{"@id":"https:\/\/www.servicemeister.org\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.servicemeister.org\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.servicemeister.org\/#organization","name":"Service-Meister","url":"https:\/\/www.servicemeister.org\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.servicemeister.org\/#\/schema\/logo\/image\/","url":"https:\/\/www.servicemeister.org\/wp-content\/uploads\/2019\/05\/cropped-ServiceMeister_Logo.jpg","contentUrl":"https:\/\/www.servicemeister.org\/wp-content\/uploads\/2019\/05\/cropped-ServiceMeister_Logo.jpg","width":1584,"height":516,"caption":"Service-Meister"},"image":{"@id":"https:\/\/www.servicemeister.org\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.servicemeister.org\/#\/schema\/person\/1721e0365900aa18e0eacba04dc664fd","name":"Hauke Timmermann","url":"https:\/\/www.servicemeister.org\/en\/author\/htn_eco\/"}]}},"_links":{"self":[{"href":"https:\/\/www.servicemeister.org\/en\/wp-json\/wp\/v2\/posts\/2096"}],"collection":[{"href":"https:\/\/www.servicemeister.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.servicemeister.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.servicemeister.org\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.servicemeister.org\/en\/wp-json\/wp\/v2\/comments?post=2096"}],"version-history":[{"count":2,"href":"https:\/\/www.servicemeister.org\/en\/wp-json\/wp\/v2\/posts\/2096\/revisions"}],"predecessor-version":[{"id":2099,"href":"https:\/\/www.servicemeister.org\/en\/wp-json\/wp\/v2\/posts\/2096\/revisions\/2099"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.servicemeister.org\/en\/wp-json\/wp\/v2\/media\/2066"}],"wp:attachment":[{"href":"https:\/\/www.servicemeister.org\/en\/wp-json\/wp\/v2\/media?parent=2096"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.servicemeister.org\/en\/wp-json\/wp\/v2\/categories?post=2096"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.servicemeister.org\/en\/wp-json\/wp\/v2\/tags?post=2096"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}