Together, Intel and Georgia Tech have been selected to lead a Guaranteeing Artificial Intelligence (AI) Robustness against Deception ( GARD) program team for DARPA, which aims to develop a new generation of defenses against adversarial deception attacks on ML models and applications. The program is designed to address vulnerabilities inherent in ML platforms, particularly in terms of altering, corrupting, or deceiving these systems, such as tricking the ML used by a self-driving car by making visual alterations to a stop sign.
"Intel and Georgia Tech are working together to advance the ecosystem's collective understanding of and ability to mitigate against AI and ML vulnerabilities," says Jason Martin, principal engineer at Intel Labs and principal investigator for the DARPA GARD program from Intel. "Through innovative research in coherence techniques, we are collaborating on an approach to enhance object detection and to improve the ability for AI and ML to respond to adversarial attacks.”
In the first phase of GARD, Intel and Georgia Tech are enhancing object detection technologies through spatial, temporal, and semantic coherence for both still images and videos. These three defining qualities of object detectors look for contextual clues to determine if a possible anomaly or attack is occurring. While no known real-world attacks have been made on these systems, say Georgia Tech researchers, they first identified security vulnerabilities in object detectors in 2018 with a project known as ShapeShifter.
The ShapeShifter project, say the researchers, exposed adversarial machine learning techniques that were able to mislead object detectors and even erase stop signs from autonomous vehicle detection.
"As ML technologies have developed, researchers used to think that attacking object detectors would be difficult," says Polo Chau, who serves as the lead investigator from Georgia Tech on the GARD program. "ShapeShifter showed us that was not true, they can be affected, and we can attack them in a way to have objects disappear completely or be labeled as