Birmingham City University (BCU), in partnership with Covatic, a leading provider of user privacy solutions, has unveiled research focused on protecting AI models from cyber threats.
A number of cutting edge industries are integrating AI models, as these systems exhibit high accuracy in analyzing data in all formats. However, they remain vulnerable to deceptive or adversarial attacks that aim at deceiving AI systems by subtly altering input data.
One such method, known as a ‘black-box attack’, allows cyber attackers to test an AI model repeatedly to gather intelligence and find ways to manipulate its decisions. This could allow an AI-powered self-driving car, for example, to misread a stop sign as a speed limit sign; or misdiagnose machine instrument readings based on the images it’s provided.
Research from BCU, which was recently published in Expert Systems with Applications, has introduced a new defense mechanism for these AI models. By applying simple and random image adjustments – like rotations or resizing – before processing, the AI system becomes more resilient to deception and manipulation. Compared to regular adversarially trained AI models with no defense, image adjustments saw a 21 percent improvement in competitive performance, and compared to other defense methods such as Random Noise Defense, the margin of improvement increased to between 2.3-4.6 percent on different AI systems.
Atif Azad, Professor of Artificial Intelligence at BCU, said: “As AI plays a bigger role in critical areas, addressing security risks is essential. This research takes an important step toward making AI systems more resilient against cyber threats.”
