10/21/2019 / By Ralph Flores
This one’s for sci-fi lovers: A team of machine learning researchers from KU Leuven in Belgium found a simple hack to trick surveillance systems into thinking that a person is invisible.
In their paper, which they presented in this year’s Conference on Computer Vision and Pattern Recognition, the team revealed how wearing a colorful printed patch no bigger than a vinyl record is enough to evade an artificial intelligence system designed to detect humans.
“We believe that, if we combine this technique with a sophisticated clothing simulation, we can design a T-shirt print that can make a person virtually invisible for automatic surveillance cameras,” the researchers wrote in their report.
The team also uploaded a video to demonstrate how the patch works. In the video, two researchers stood in front of a camera outfitted with an algorithm that identifies objects and humans in the frame. While the program marked the person without the patch, his counterpart (who was wearing the patch) wasn’t detected. As it was flipped to its blank side, the camera then detected both researchers.
The patch, which the team called the “adversarial patch,” works just like an invisibility cloak when it comes to hiding a person from detection. However, unlike the magical garment — which actually makes a person invisible when wearing it — the adversarial patch is designed to fool the A.I.’s image recognition system using a technique called an adversarial attack.
In machine learning, an adversarial attack occurs when data is “deliberately engineered” to dupe a model. The attack takes advantage of the limited intelligence of computer vision systems to misclassify images. An earlier study by a team from Carnegie Melon University used patterned eyeglass frames to trick A.I. systems into thinking a man was movie star Milla Jovovich.
For their study, the KU Leuven team looked at the possibility of designing printable adversarial patches to fool A.I. systems that detect humans. In particular, the team targeted the YOLOv2, a neural network model that uses grids and anchor points to identify objects in a frame, and the INRIA Person Dataset, a detection program for upright people in images and video.
Results from their real-world test were promising: The patch worked well in hiding people from object detectors, as well as minimizing its accuracy.
“[This suggests] that security systems using similar detectors might be vulnerable to this kind of attack,” they concluded.
“If we combine this technique with a sophisticated clothing simulation, we can design a T-shirt print that can make a person virtually invisible.” (Related: AI-enabled cameras said to predict crime before it happens… are “precrime” arrests next?)
If the concept of being able to evade A.I.-powered surveillance seems too good to be true, it’s because it is – for now at least. The pattern could only trick the YOLOv2 algorithm. In a tweet, Google researcher David Ha noted that the program doesn’t work against more advanced computer vision systems that are already in place. It also doesn’t work if an actual person is looking at the image.
While the idea of being invisible from the prying eyes of Big Brother is a pipe dream for now, the KU Leuven team is looking at ways to make the patches more robust and easily transferable.
The study is a small but important development for those looking to fly under the radar — especially if what they’re up against can locate a person in just seven minutes, as was the case for a BBC reporter looking to evade Chinese authorities in this report.
How long can a BBC reporter stay hidden from CCTV cameras in China? @TheJohnSudworth has been given rare access to put the world's largest surveillance system to the test pic.twitter.com/vLGQYN7ZB9
— BBC News (World) (@BBCWorld) December 10, 2017
Learn more about how technology can turn on us at FutureTech.news.
Sources include:
Tagged Under: adversarial attack, adversarial patch, AI, AI surveillance, artificial intelligence, badtech, breakthrough, cctv, clothing simulation, computer vision, Cybercrime, discoveries, Facial recognition, future tech, hacking, human detection, innovation, inventions, machine learning, off grid, police state, privacy watch, security system, simulation, surveillance, surveillance cameras, virtual invisibility
COPYRIGHT © 2017 INFORMATIONTECHNOLOGY.NEWS