Researchers developed AI to trick the face recognition system. A team of engineering researchers from the University of Toronto has created an algorithm for the potential disorientation of facial recognition systems. Headed by Professor Parham Aarabi and graduate student Avishek Bose, the team used a technique called “adversarial training”, which combines and uses artificial intelligence algorithms at the same time.
Aarabi and Bose designed a set of two neural networks for that purpose, the first identifies the faces and the other disturbs the balance, and thus the disorientation of the face recognition from the first. Essentially, the two neural networks are interdependent and are constantly learning from each other, creating a continuing database of useful elements that serve this purpose.
“The AI-based disruption system can attack a nervous network to disfigure face detection and identification technology,” Bose said in an interview with Eureka Alert.
For example, when face detection through AI tries to scan the corners of the eyes, the offensive system adapts them in such a dynamic way to the photos that are less noticeable and understandable for the present technology. In fact, it creates very fine disturbances in the photograph, but for the detector, it is important enough to fool it.
The result resembles an Instagram filter that can be applied to privacy photos. The algorithm targets very specific pixels in the image, making subtle changes that are almost imperceptible to the human eye. Bose added: “The key here was to train the two neural networks against each other, one to create an increasingly powerful Face Detection system and the other to create a stronger tool to disable Face Detection.”
Concerns about privacy and data security are generally high in the general public, so this system can provide a solution to the protection of users on the internet, even in real life in the outside world.