BSides Oslo 2023 on September 21, 2023 at Vulkan Arena - Securing AI against adversarial attacks using causality

Securing AI against adversarial attacks using causality

  • Length: 20 minutes.
  • Scheduled: 12:50 (UTC+2)

Even the best-performing AI systems we have today can be fooled by input that has been carefully tampered with. By adding just the right noise to an image, a classification system can be tricked, while to a human the change is almost imperceptible. Many think that this is because humans, unlike AIs, don’t just learn statistical patterns, we learn causal patterns.

Humans can identify intuitively the information in an image which causes that image to be of e.g. a cat, and separate that information from the rest of the image information - such as background, lighting, camera angle etc. In order to make AI systems that are as hard to fool as humans, we need to teach the AI this same notion of causality.

This talk will explore how that can be achieved why it makes AI robust to attacks.

Preben Monteiro Ness

Preben Monteiro Ness

Originally from Trondheim, I graduated from Cambridge in 2019 with a BA and Master’s in Information Engineering. As a student, I spent time with the Machine Intelligence lab and published a paper on uncertainty estimation in speech recognition systems. Since then I have worked as an AI engineer and researcher in various industry positions before I started as a PhD student at Simula here in Oslo last year. I am now researching how we can protect AI systems from adversarial attacks.