Researchers develop AI to fool facial recognition tech

A team from the University of Toronto has created an algorithm to disrupt the technology

AI artificial intelligence

A team of engineering researchers from the University of Toronto have created an algorithm to dynamically disrupt facial recognition systems.

Led by professor Parham Aarabi and graduate student Avishek Bose, the team used a deep learning technique called "adversarial training", which pits two artificial intelligence algorithms against each other.

Aarabi and Bose designed a set of two neural networks, the first one identifies faces and the other works on disrupting the facial recognition task of the first. The two constantly battle and learn from each other, setting up an ongoing AI arms race.

"The disruptive AI can 'attack' what the neural net for the face detection is looking for," Bose said in an interview with Eureka Alert.

Advertisement - Article continues below

"If the detection AI is looking for the corner of the eyes, for example, it adjusts the corner of the eyes so they're less noticeable. It creates very subtle disturbances in the photo, but to the detector, they're significant enough to fool the system."

The result looks similar to an Instagram filter that can be applied to photos to protect privacy. The algorithm targets very specific pixels in the image, making subtle changes that are almost imperceptible to the human eye.

"The key here was to train the two neural networks against each other, with one creating an increasingly robust facial detection system, and the other creating an ever stronger tool to disable facial detection," added Bose.

Concerns over privacy and data security are high with questions being asked of the likes of Google, Amazon and the Metropolitan Police in London who are implementing and providing facial recognition technology.

Google has unveiled doorbells that use facial recognition cameras, which will go on sale in British suburbs, raising concerns about invasion of privacy.

Amazon has come under fire from the American Civil liberties Union (ACLU) and others for providing the US police force with its facial recognition software.

London's Met police were said to be using 'dangerously inaccurate' facial recognition technology that is claimed to have a failure rate of 98%.

Aarabi believes 'anti' facial recognition systems can benefit personal privacy as the neural nets become more and more advanced.

"Personal privacy is a real issue as facial recognition becomes better and better," added Aarabi. "This is one way in which beneficial anti-facial-recognition systems can combat that ability."

"Ten years ago these algorithms would have to be human-defined, but now neural nets learn by themselves, you don't need to supply them anything except training data.

Advertisement - Article continues below

"In the end, they can do some really amazing things. It's a fascinating time in the field, there's enormous potential."

Image credit: Shutterstock 

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now


Software migration to Qs answered

11 Nov 2019
Careers & training

IT manager job description: What does an IT manager do?

28 Oct 2019
Business strategy

The IT Pro Panel

28 Oct 2019

How to protect against a DDoS attack

25 Oct 2019

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019

Five signs that it’s time to retire IT kit

29 Nov 2019