103 research outputs found
Artificial Intelligence: Too Fragile to Fight?
The article of record may be found at https://www.usni.org/magazines/proceedings/2022/february/artificial-intelligence-too-fragile-fightInformation Warfare Essay Contest - First PrizeArtificial intelligence (Al) has become the technical focal point for advancing naval and Department of Defense (DoD) capabilities. Secretary of the Navy Carlos Del Toro listed AI first among his priorities for innovating U.S. naval forces. Chief of Naval Operations Admiral Michael Gilday listed it as his top priority during his Senate confirmation hearing. This focus is appropriate: ai/ offers many promising breakthroughs in battlefield capability and agility in decision making. Yet, the proposed advances come with substantial risk: automation-including AI- has persistent, critical vulnerabilities that must be thoroughly understood and adequately addressed if defense applications are to remain resilient and effective.Booz Allen Hamilito
Hindering Adversarial Attacks with Multiple Encrypted Patch Embeddings
In this paper, we propose a new key-based defense focusing on both efficiency
and robustness. Although the previous key-based defense seems effective in
defending against adversarial examples, carefully designed adaptive attacks can
bypass the previous defense, and it is difficult to train the previous defense
on large datasets like ImageNet. We build upon the previous defense with two
major improvements: (1) efficient training and (2) optional randomization. The
proposed defense utilizes one or more secret patch embeddings and classifier
heads with a pre-trained isotropic network. When more than one secret
embeddings are used, the proposed defense enables randomization on inference.
Experiments were carried out on the ImageNet dataset, and the proposed defense
was evaluated against an arsenal of state-of-the-art attacks, including
adaptive ones. The results show that the proposed defense achieves a high
robust accuracy and a comparable clean accuracy compared to the previous
key-based defense.Comment: To appear in APSIPA ASC 202
Spotting adversarial samples for speaker verification by neural vocoders
Automatic speaker verification (ASV), one of the most important technology
for biometric identification, has been widely adopted in security-critical
applications, including transaction authentication and access control. However,
previous work has shown that ASV is seriously vulnerable to recently emerged
adversarial attacks, yet effective countermeasures against them are limited. In
this paper, we adopt neural vocoders to spot adversarial samples for ASV. We
use the neural vocoder to re-synthesize audio and find that the difference
between the ASV scores for the original and re-synthesized audio is a good
indicator for discrimination between genuine and adversarial samples. This
effort is, to the best of our knowledge, among the first to pursue such a
technical direction for detecting adversarial samples for ASV, and hence there
is a lack of established baselines for comparison. Consequently, we implement
the Griffin-Lim algorithm as the detection baseline. The proposed approach
achieves effective detection performance that outperforms all the baselines in
all the settings. We also show that the neural vocoder adopted in the detection
framework is dataset-independent. Our codes will be made open-source for future
works to do comparison.Comment: Submitted to ASRU 202
- …