-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Home
Welcome to the Adversarial Robustness Toolbox wiki!
Deep neural networks (DNN) achieve state-of-the-art performance in various tasks in machine learning and artificial intelligence and are providing huge power to AI developers and data scientists. But as it is said, with great power comes great responsibility. Instead of fearing what autonomous AI can do to the human race, there is a greater fear around how the power of AI in the wrong hands can be misused. The quest to understand this phenomenon has turned into an arms race of attack and defense strategies.
Exposing and fixing vulnerabilities in software systems is nothing new. There are multiple insidious ways that malicious or bad actors are finding to exploit vulnerabilities in AI systems. As outlined in this research paper, the potential for adversarial AI to trick both humans and computers is huge. When we are looking at the usage of AI, for example, in self-driving autonomous vehicles, and what a potential image data set contamination can lead to, the results can be really scary.
Researchers, AI developers, and data scientists are getting together to tackle the tough questions:
- Do we know where every data item in the training and test sets came from and whether they have been tampered with?
- Do we know how to filter and transform input to AI systems in a wide enough range of ways to have confidence that the outcome is robust?
- Do we have ways to test the output of classifiers to ensure they are not brittle?
- A PwC report indicates that adversarial networks are going to be one the top AI trends for 2018. It’s the classic good versus evil fight: “One network, the generator, creates fake data that looks exactly like the real data set. The second network, the discriminator, ingests real and synthetic data. Over time, each network improves, enabling the pair to learn the entire distribution of the given data set.”
As Val Bercovici, Founder and CEO of PencilDATA, explains “…before companies train AI software using the data they’ve collected, they have to be certain that the data is authentic, that it has been cleansed, that the people behind the datapoints have been honest in their answers.”
To counter these threats, IBM Research Ireland is releasing the Adversarial Robustness Toolbox (ART), a software library to support both researchers and developers in defending DNNs against adversarial attacks, making AI systems more secure.
ART is available in open source and supports multiple frameworks!
The Adversarial Robustness Toolbox is designed to support researchers and AI developers in creating novel defense techniques and deploying practical defenses of real-world AI systems. For AI developers, the library provides interfaces that support the composition of comprehensive defense systems using individual methods as building blocks.
ART provides an implementation for many state-of-the-art methods for attacking visual recognition classifiers. For example:
- Deep Fool
- Fast Gradient Method
- Jacobian Saliency Map
On the other side of the spectrum, defense methods are also supported. For example:
- Feature squeezing
- Spatial smoothing
- Label smoothing
The details behind the work from IBM research can be found in the research paper. The ART toolbox is developed with the goal of helping developers better understand
- Measuring model robustness
- Model hardening
- Runtime detection
IBM has a long history of supporting open source technologies that enable enterprise developers to be more productive and build reliable, innovative systems (see Hyperledge Fabric on GitHub). IBM Research has a history of releasing open source technologies in cutting-edge innovation areas including Quantum Computing (see QSKit – the Quantum Software Development Kit on GitHub).
In partnership with IBM’s Center for Open-Source Data and Artificial Intelligence Technologies (CODAIT), IBM Research also recently released FfDL (Fabric for Deep Learning), which provides a consistent way to deploy, train, and visualize deep learning jobs across multiple frameworks like TensorFlow, Caffe, PyTorch, and Keras. With the Adversarial Robustness Toolbox, we are taking this multi-framework support forward.
You can take these libraries and launch attacks on FfDL trained models, or use Deep Learning as a service within Watson Studio.
This adds another toolbox in our mission to democratize AI and bring it closer to the developers! Both ART and FfDL are available on GitHub to deploy, use, and extend. We are looking forward to your feedback.
In this fight of good AI versus evil AI, join us to collaborate and be on the right side of AI history!
Links:
ART IBM research paper ART GitHub repository FfDL GitHub repository FfDL blog DLaaS in Watson