University of Leicester
Browse
- No file added yet -

The feasibility and inevitability of stealth attacks

Download (1.82 MB)
journal contribution
posted on 2024-08-16, 15:47 authored by Ivan Y Tyukin, Desmond J Higham, Alexander Bastounis, Eliyas Woldegeorgis, Alexander GorbanAlexander Gorban

We develop and study new adversarial perturbations that enable an attacker to gain control over decisions in generic Artificial Intelligence (AI) systems including deep learning neural networks. In contrast to adversarial data modification, the attack mechanism we consider here involves alterations to the AI system itself. Such a stealth attack could be conducted by a mischievous, corrupt or disgruntled member of a software development team. It could also be made by those wishing to exploit a ‘democratization of AI’ agenda, where network architectures and trained parameter sets are shared publicly. We develop a range of new implementable attack strategies with accompanying analysis, showing that with high probability a stealth attack can be made transparent, in the sense that system performance is unchanged on a fixed validation set which is unknown to the attacker, while evoking any desired output on a trigger input of interest. The attacker only needs to have estimates of the size of the validation set and the spread of the AI’s relevant latent space. In the case of deep learning neural networks, we show that a one-neuron attack is possible—a modification to the weights and bias associated with a single neuron—revealing a vulnerability arising from over-parameterization. We illustrate these concepts using state-of-the-art architectures on two standard image data sets. Guided by the theory and computational results, we also propose strategies to guard against stealth attacks.

Funding

UKRI, EPSRC [UKRI Turing AI Fellowship ARaISE EP/V025295/1

UKRI Trustworthy Autonomous Systems Node in Verifiability

UK Research and Innovation

Find out more...

Mathematics of Adversarial Attacks

Engineering and Physical Sciences Research Council

Find out more...

Inference, COmputation and Numerics for Insights into Cities (ICONIC)

Engineering and Physical Sciences Research Council

Find out more...

History

Author affiliation

College of Science & Engineering Comp' & Math' Sciences

Version

  • VoR (Version of Record)

Published in

IMA Journal of Applied Mathematics

Volume

89

Issue

1

Pagination

44 - 84

Publisher

Oxford University Press (OUP)

issn

0272-4960

eissn

1464-3634

Copyright date

2023

Available date

2024-08-16

Language

en

Deposited by

Professor Alexander Gorban

Deposit date

2024-08-12

Usage metrics

    University of Leicester Publications

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC