Researchers develop AI to fool facial recognition tech
A team from the University of Toronto has created an algorithm to disrupt the technology
A team of engineering researchers from the University of Toronto have created an algorithm to dynamically disrupt facial recognition systems.
Led by professor Parham Aarabi and graduate student Avishek Bose, the team used a deep learning technique called "adversarial training", which pits two artificial intelligence algorithms against each other.
Aarabi and Bose designed a set of two neural networks, the first one identifies faces and the other works on disrupting the facial recognition task of the first. The two constantly battle and learn from each other, setting up an ongoing AI arms race.
"The disruptive AI can 'attack' what the neural net for the face detection is looking for," Bose said in an interview with Eureka Alert.
"If the detection AI is looking for the corner of the eyes, for example, it adjusts the corner of the eyes so they're less noticeable. It creates very subtle disturbances in the photo, but to the detector, they're significant enough to fool the system."
The result looks similar to an Instagram filter that can be applied to photos to protect privacy. The algorithm targets very specific pixels in the image, making subtle changes that are almost imperceptible to the human eye.
"The key here was to train the two neural networks against each other, with one creating an increasingly robust facial detection system, and the other creating an ever stronger tool to disable facial detection," added Bose.
Concerns over privacy and data security are high with questions being asked of the likes of Google, Amazon and the Metropolitan Police in London who are implementing and providing facial recognition technology.
Google has unveiled doorbells that use facial recognition cameras, which will go on sale in British suburbs, raising concerns about invasion of privacy.
Amazon has come under fire from the American Civil liberties Union (ACLU) and others for providing the US police force with its facial recognition software.
London's Met police were said to be using 'dangerously inaccurate' facial recognition technology that is claimed to have a failure rate of 98%.
Aarabi believes 'anti' facial recognition systems can benefit personal privacy as the neural nets become more and more advanced.
"Personal privacy is a real issue as facial recognition becomes better and better," added Aarabi. "This is one way in which beneficial anti-facial-recognition systems can combat that ability."
"Ten years ago these algorithms would have to be human-defined, but now neural nets learn by themselves, you don't need to supply them anything except training data.
"In the end, they can do some really amazing things. It's a fascinating time in the field, there's enormous potential."
Image credit: Shutterstock
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now