Hacking your vision, with Deep Learning…
We know that deep learning is vulnerable to “adversarial” example, where you make changes that completely fool your AI. You know — people are going to f**k with stop-signs and there will be crashes, death, and mayhem!. The question is, are our brains susceptible to the same kind of stuff?
SciFi has always assumed that the brain might be hackable, and, sadly, it looks like this might be the case in reality too. Follow the chain here
1. You can mess with machine learning by tweaking the example images just a little bit. As an example, a wee bit of noise (indistinguishable to the human eye) makes google think a panda is a gibbon…
2. These tweaked examples can often transfer across domains. Basically, you train your StopSignHack™ at home using your own neural-network, and then put it out there on a real stop-sign, causing chaos (and getting arrested. Why nobody ever talks about that part, I don’t know).
3. Therefore, it might be possible to transfer these hacks across to humans too (!), after all, we are just another domain, no? (And yeah, we have any number of cognitive issues ourselves!
1. You can mess with machine learning by tweaking the example images just a little bit. As an example, a wee bit of noise (indistinguishable to the human eye) makes google think a panda is a gibbon…
2. These tweaked examples can often transfer across domains. Basically, you train your StopSignHack™ at home using your own neural-network, and then put it out there on a real stop-sign, causing chaos (and getting arrested. Why nobody ever talks about that part, I don’t know).
3. Therefore, it might be possible to transfer these hacks across to humans too (!), after all, we are just another domain, no? (And yeah, we have any number of cognitive issues ourselves!
In a new paper, Elsayed et al. test this hypothesis, and discover that, yes indeed, the human brain is hackable.
They tweaked the machine learning models to mimic the way us humans process stuff visually, and then — this is key — did this in a “time limited setting” (think “show the examples briefly, and have you make a snap judgement”). It turns out that “a brief image presentation limits the time in which the brain can utilize recurrent and top-down processing pathways … and is believed to make the processing in the brain more closely resemble that in a feedforward artificial neural network”
Mind you, if you look at the image longer, the top-down and recurrent effects take over, and also allow for higher cognitive mechanisms to kick in (“Wait, what? That isn’t a cat! Let me look closer!” etc.)
Mind you, if you look at the image longer, the top-down and recurrent effects take over, and also allow for higher cognitive mechanisms to kick in (“Wait, what? That isn’t a cat! Let me look closer!” etc.)
Mind you, this is both good news and bad news. The good news is that we can use this type of feedback to create deep-learning models that are more robust against adversarial attacks. The bad news is that we can go in the other direction, and use deep-learning adversarial attacks to create examples that fool humans far more effectively . A specific example of this could be that, “for instance, an ensemble of deep models might be trained on human ratings of face trustworthiness. It might then be possible to generate adversarial perturbations which enhance or reduce human impressions of trustworthiness, and those perturbed images might be used in news reports or political advertising.”
(•) In case you’re wondering how they generated the images, they did it by
a) disrupting object edges, especially by mid-frequency modulations perpendicular to the edge
b) enhancing edges both by increasing contrast and creating texture boundaries
c) modifying texture
d) taking advantage of dark regions in the image, where the perceptual magnitude of small perturbations can be larger.
In short, a bunch of photoshop work — it’s not that complicated…
a) disrupting object edges, especially by mid-frequency modulations perpendicular to the edge
b) enhancing edges both by increasing contrast and creating texture boundaries
c) modifying texture
d) taking advantage of dark regions in the image, where the perceptual magnitude of small perturbations can be larger.
In short, a bunch of photoshop work — it’s not that complicated…
Comments