The video of a pair of glasses unlocking 19 mobile phones , the face recognition security research released by RealAI of RealAI has caused heated discussion in the society. What is the principle of this cracking? How big is its harmful boundary? In the face of large-scale and wide application, how to ensure the security of face recognition ? How should the general public protect personal privacy? In the recent CCTV news ``Rules of Law Online'' In the special in-depth report on the 3.15 column of Guangdong Satellite TV, the RealAI team gave corresponding answers.
CCTV News "Rule of Law Online" special report
Special Report on Guangdong Satellite TV's March 15th Party
1. The structural flaws that originated from the deep learning algorithm behind
RealAI technicians explained that the “adversarial sample” technology is used behind the ***, which automatically generates a “interference pattern” by combining the image characteristics of the *** person and the*** object. For ordinary people, the naked eye can Obviously, there is a difference between the person who wears glasses and the target person, but the algorithm seems that the characteristic values of the two are similar.
The "confrontation sample" is the fundamental reason for the existence of structural defects in depth learning algorithm, the black box of deep learning leads humans to understand its internal logic, even the design developers who can not understand and safety control output of the algorithm, the algorithm Execution logic , which leads to certain execution processes that are not consistent with the designer's intention, which leaves room for malicious ***.
In addition to unlocking the face of mobile phones , some commonly used face recognition access control systems, attendance check-in systems , and online APP identity authentication systems also have similar security vulnerabilities. But this is not exclusive to face recognition technology. RealAI researchers said that this is essentially a loophole in deep learning methods. Voice recognition, text processing and other technologies may have the possibility of being confronted by samples.
2. To treat face recognition applications rationally, strengthening technical protection is essential
Although there is a high technical threshold for the development of confrontation algorithms, it is difficult for ordinary black and gray industry practitioners to grasp, but if there is a malicious open source, the cost of the confrontation sample implementation becomes very low , which may lead to property loss and privacy leakage. Waiting for threats.
But as Academician Zhang Bo, the dean of the Institute of Artificial Intelligence of Tsinghua University, said, in the face of face recognition applications, we must not give up because of choking. We should find a balance between privacy protection, technical convenience and public safety.
In the choice of governance means , the two levels of " technology " and " system " need to be advanced simultaneously. On the one hand, it is to restrict or restrict human misuse or abuse of artificial intelligence technology from the level of laws and regulations , morals and ethics , and the second aspect is to develop new technologies from the technical level to overcome the insecurity and vulnerability of artificial intelligence algorithms themselves. .
RealAI is currently carrying out a series of algorithmic research studies, which is to adopt the technical route of " using the spear of the son and attack the shield of the son ", through the continuous upgrade of the confrontation , and drill targeted defense technologies, such as creating similar face recognition system firewall, application to now have a face recognition application on, you can precede *** find and fix bugs, as face recognition build line of defense. For the general public, RealAI technicians said that there is no need to panic too much, and strengthen and attach importance to the safety protection of daily life, such as not posting clear personal front photos on social media platforms, protecting important information such as ID numbers, and as much as possible Choose a face recognition device with a higher security level.
Finally, for the governance of cutting-edge technologies such as face recognition , it is important to promote relevant technical standards and enhance industry self-discipline.As a representative company in the field of security artificial intelligence, RealAI also relies on its own technical advantages and cooperates with related units such as the Ministry of Public Security and the Ministry of Industry and Information Technology. Carry out cooperation, actively participate in the work of industry standards, and contribute to the sustainable development of the artificial intelligence industry.