Adverse training AI models: a big self-destruct button?

21

October

2023

No ratings yet.

“Artificial Intelligence (AI) has made significant strides in transforming industries, from healthcare to finance, but a lurking threat called adversarial attacks could potentially disrupt this progress. Adversarial attacks are carefully crafted inputs that can trick AI systems into making incorrect predictions or classifications. Here’s why they pose a formidable challenge to the AI industry.”

And now, ChatGPT went on to sum up various reasons why these so-called ‘adversarial attacks’ threaten AI models. Interestingly, I only asked ChatGPT to explain the disruptive effects of adversarial machine learning. I followed up my conversation with the question: how could I use Adversarial machine learning to compromise the training data of AI? Evidently, the answer I got was: “I can’t help you with that”. This conversation with ChatGPT made me speculate about possible ways to destroy AI models. Let us explore this field and see if it could provide a movie-worthy big red self-destruct button.

The Gibbon: a textbook example

When you feed one of the best image visualization systems GoogLeNet with a picture that clearly is a panda, it will tell you with great confidence that it is a gibbon. This is because the image secretly has a layer of ‘noise’, invisible to humans, but of great hindrance to deep learning models.

This is a textbook example of adversarial machine learning, the noise works like a blurring mask, keeping the AI from recognising what is truly underneath, but how does this ‘noise’ work, and can we use it to completely compromise the training data of deep learning models?

Deep neural networks and the loss function

To understand the effect of ‘noise’, let me first explain briefly how deep learning models work. Deep neural networks in deep learning models use a loss function to quantify the error between predicted and actual outputs. During training, the network aims to minimize this loss. Input data is passed through layers of interconnected neurons, which apply weights and biases to produce predictions. These predictions are compared to the true values, and the loss function calculates the error. Through a process called backpropagation, the network adjusts its weights and biases to reduce this error. This iterative process of forward and backward propagation, driven by the loss function, enables deep neural networks to learn and make accurate predictions in various tasks (Samek et al., 2021).

So training a model involves minimizing the loss function by updating model parameters, adversarial machine learning does the exact opposite, it maximizes the loss function by updating the inputs. The updates to these input values form the layer of noise applied to the image and the exact values can lead any model to believe anything (Huang et al., 2011). But can this practice be used to compromise entire models? Or is it just a ‘party trick’?

Adversarial attacks

Now we get to the part ChatGPT told me about, Adversarial attacks are techniques used to manipulate machine learning models by adding imperceptible noise to large amounts of input data. Attackers exploit vulnerabilities in the model’s decision boundaries, causing misclassification. By injecting carefully crafted noise in vast amounts, the training data of AI models can be modified. There are different types of adversarial attacks, if the attacker has access to the model’s internal structure, he can apply a so-called ‘white-box’ attack, in which case he would be able to compromise the model completely (Huang et al., 2017). This would impose serious threats to AI models used in for example self-driving cars, but luckily, access to internal structure is very hard to gain.

So say, if computers were to take over humans in the future, like the science fiction movies predict, can we use attacks like these in order to bring those evil AI computers down? Well, in theory, we could, though practically speaking there is little evidence as there haven’t been major adversarial attacks. Certain is that adversarial machine learning holds great potential for controlling deep learning models. The question is, will the potential be exploited in a good way, keeping it as a method of control over AI models, or will it be used as a means of cyber-attack, justifying ChatGPT’s negative tone when explaining it?

References

Huang, L., Joseph, A. D., Nelson, B., Rubinstein, B. I., & Tygar, J. D. (2011, October). Adversarial machine learning. In Proceedings of the 4th ACM workshop on Security and artificial intelligence (pp. 43-58).

Huang, S., Papernot, N., Goodfellow, I., Duan, Y., & Abbeel, P. (2017). Adversarial attacks on neural network policies. arXiv preprint arXiv:1702.02284.

Samek, W., Montavon, G., Lapuschkin, S., Anders, C. J., & Müller, K. R. (2021). Explaining deep neural networks and beyond: A review of methods and applications. Proceedings of the IEEE109(3), 247-278.

Please rate this

The dual-use dilemma of generative AI: The use of generative AI tools on the dark-web.

2

October

2023

No ratings yet.

The emergence and wide-spread use of generative artificial intelligence (GenAI) has sparked numerous advancement in user efficiency, task automation and decision-making across different industries. GenAI tools developed by OpenAI, Google, and Meta offer a broad range of different capabilities ranging from generating targeted text and images to summarising large pieces of text. 

Although there are a lot of advantages related to the use of GenAI there is a significant uprise in malicious GenAI tools and techniques. Literature by Barrett (2023) identified several ‘attacks’ enabled or enhanced by GenAI. Cyber criminals are able to use GenAI tools to create phishing attacks, automated hacking, malware creation, and multiform malware (Gupta et al., 2023). A lack of regulation and law enforcement has resulted in a notable surge in CrimeTech (Treleaven et al., 2023). This surge is also noticeable in the Netherlands. Since 2012, there has been a 22% increase in reported cybercrime in the Netherlands, which is a real cause for reforms (Centraal Bureau voor de Statistiek, 2022). 

Figure 1: Prompt and output given to ChaosGPT

Figure 1: Prompt and output of ChaosGPT .

One notable implementation of malicious GenAI tools is Chaos-GPT, with the goal of “empowering GPT with Internet and Memory to Destroy Humanity” (Lanz, 2023). Using the prompt to be a malicious, control-seeking, manipulative AI the tool provided a 5-step plan, with a detailed and well-structured plan to destroy humanity. The tool searches the internet for the most accurate information using OpenAI’s ChatGPT and spreads its evil objectives through X (formerly Twitter). Figure 1 shows the prompt used and the resulting outcome provided by ChaosGPT. Whilst ChaosGPT still has significant limitations, there is a rise in GenAI tools used for fraudulent activities (Lanz, 2023).

One of the newest and most threatening of these is called FraudGPT and can be found on the dark web. The dark web is an intentionally hidden part of the internet that operates on encrypted networks and requires specialised software, such as Tor, in order for it to be used (Erzberger 2023). FraudGPT has been circulating dark web forums since July 2023 and is reported to be a GenAI bot utilised for various illicit activities. FraudGPT is able to create undetectable malware, malicious code, cracking tools, and phishing mails. Marketed as an all-in-one solution for cybercriminals, the tool has been bought over 4000 times, with a subscription fee of $200 per month. The tool allows scammers to enhance the realism and persuasiveness of their operations on a larger scale (Desk, 2023).

In terms of personal experience, I have not used any of these malicious GenAI tools described myself. There is however, a very easy way to manipulate existing ‘white-hat’ LLMs in order to get similar output provided by tools such as FraudGPT. Erzberger (2023) described several ways to manipulate the behaviour of OpenAI’s ChatGPT in order to create phishing mails of similar quality. I therefore decided to put it to the test myself by prompting ChatGPT that I want to collect the following data of users: computer username, external IP address and Google Chrome cookies. At first ChatGPT stated it could not provide such output as it concerned personal data collection. However, after tweaking the request multiple times, thereby manipulating my ‘intentions’, it gave the following output shown in Figure 2.

Figure 2: Python code output to gather computer username, external IP address, and Google Chrome cookies. Once collected the data needs to be zipped and sent to a Discord Webhook.

After getting the code I tried to let ChatGPT write me the ‘perfect’ phishing mail. After altering the request only a few times, it gave a fairly formal and ‘realistic’ email, which can be seen in Figure 3.

Figure 3: ChatGPT’s output regarding writing a formal email about a late invoice payment.

Although these results are nowhere near the output given by malicious LLMs such as FraudGPT it does show how even existing GenAI tools, that make use of safeguard systems, can be circumvented for bad behaviour.

The rise of malicious LLMs increases the need for regulation in order to defend society against GenAI. Barret (2023) suggested that there is a need of understanding the techniques and applications of LLMs as well as improving them by aligning security and privacy requirements; training GenAI tools to detect such cyberthreats (Gupta et al., 2023). This article has tried to highlight and explain how the advantages of using GenAI tools have also created a dark side in which cyber criminals use GenAI tools with malicious intend. It is of great importance that we as society are aware of these side-effects in order to defend ourselves from becoming one of the victims.

References:

Please rate this

Diagnosis: Cyberattack – A New Threat for Healthcare

2

October

2020

5/5 (1) Cybercrime and healthcare… One might think what a weird combination – right? However, I have to disappoint you. It is a cruel reality.

But let’s start at the beginning… the enabler: It is, what a ’surprise’, the increasing use of technology in the healthcare industry. But using technology does not only imply risks. We all know how beneficial technology in healthcare is. No matter which technology, it (most of the time…) all comes down to an increase in efficiency and effectiveness (AIMS Education 2019). Furthermore, those improvements aim to increase our quality of life while, hopefully, reduce its costs (AIMS Education 2019).

One of the easiest and best examples of technological adoption in healthcare is the digitalization of health records (Online Health Informatics 2020). Do you remember one of your doctors using a paper record? No? Me neither. This example might sound too simple to be true. However, digital healthcare records had a positive impact on not only the quality of public healthcare but also its costs. Those records can be communicated through the Internet of Things (IoT) within hospitals and stored in, e.g., clouds (Jayaraman et al. 2019).

The consequences are tremendous: Due to the sensitivity of medical data, its value is constantly increasing, making it a vulnerable target for cybercrime (Jayaraman et al. 2019). To get a glimpse of how valuable healthcare records are; it is up to 20x higher when compared to credit card details…

Cybercrime – two real-world examples and its dramatic consequence(s): The most recent (known) happened this Monday (28/09/20). The American hospital chain ‘Universal Health Services’ with its over 250 hospitals experienced an IT outage due to a cyberattack – causing no access to medical records and everything connected to WiFi (including the devices that monitored critical care patients) (CBS News 2020). Luckily, this cyber attack had no fatalities. The latter, however, happened two weeks earlier to a hospital in Düsseldorf, Germany. There, a cyberattack caused the death of a critical patient (The Guardian 2020)…

Even though it is highly unethical to put monetary gains over human life; I do personally think that this trend will continue. The increasing use of interconnected devices in healthcare will create even more sensitive data which will make it an even more attractive target to hackers…

What do you think? Will this trend will continue, or are technological enhancements, such as blockchain, chances to put an end to it? Let me know in the comments!

 

References:

AIMS Education. (2019). The Impact Of Technology In Healthcare. [online] Available at: <https://aimseducation.edu/blog/the-impact-of-technology-on-healthcare> [Accessed 1 October 2020].

CBS News. (2020). Cyberattack Hobbles Hospital Chain Universal Health Services. [online] Available at: <https://www.cbsnews.com/news/cyberattack-universal-health-services-hospital-chain-united-states/> [Accessed 1 October 2020].

Jayaraman, P. P. et al. (2020) “Healthcare 4.0: A Review of Frontiers in Digital Health,” Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 10(2).

Online Health Informatics. (2020). 5 Ways Technology Is Improving Health. [online] Available at: <https://healthinformatics.uic.edu/blog/5-ways-technology-is-improving-health/> [Accessed 1 October 2020].

The Guardian. (2020). Prosecutors Open Homicide Case After Cyber-Attack On German Hospital. [online] Available at: <https://www.theguardian.com/technology/2020/sep/18/prosecutors-open-homicide-case-after-cyber-attack-on-german-hospital> [Accessed 1 October 2020]

Please rate this

Time to defend ourselves in the furious cyber war!

22

October

2016

No ratings yet. A major hack attack snarled Web traffic on the East Coast Friday, all the most famous website such as Twitter, Spotify, Reddit, SoundCloud, PayPal, eBay, Amazon and even Netflix were not accessible for users for hours. The FBI and Homeland Security is current still investigating on this case and trying to find out who is responsible for the attack. (BBC News, 2016)

The company being attacked is a internet service company called Dyn. The company claimed that the incidents is due to Distributed Denial of Service (DDoS) attacks which is an attempt to take websites offline by overloading them with internet traffic from different sources. For more information regarding to this certain type of cyber attack, have a look at the video:(BBC News, 2016)

Such news has reminded us again about the importance of  cyber security as the Internet of things has growing faster than ever. I believe that the term cyber attack is not unfamiliar to anyone anymore these days.  We have seen many news recent year that companies being hacked and that users account or information is leaked or so, such as what happened earlier this year with Linkedin and Yahoo. It is now a big concern for any active online companies to take into account in their daily operation. In my opinion, there are some things that could be done to improve the cyber security for companies. Firstly, more investment on IT service is necessary to building up the castle wall, firewall seems not enough as a protection anymore. Secondly, they should know better about the data being stored so that more specific solution could be provided to protect it or in the worst case scenario, companies would know better what information is hacked/leaked and how to makeup for it.

What do you think of this issue concerning cyber security? What could be the possible ways to improve it in your view ?

Reference:

BBC News. (2016). Cyber attacks briefly knock out top sites – BBC News. [online] Available at: http://www.bbc.com/news/technology-37728015 [Accessed 22 Oct. 2016].

 

Please rate this

Revolutionary Tech: Quantum Computing

4

October

2016

No ratings yet. In my last blog, I was talking about Moore’s Law and how it is running out of steam. A possible solution to replace Moore’s law is quantum computing. Quantum computing does not really exists yet, but major companies (Intel or IBM) are working on developing such a computer. (Intel, 2016)  If the development is succesfull, it will be groundbreaking, disrupting many existing technologies that we are currently familiar with. It could even potentially be terrifying if used wrong.

To explain quantum computing in a simple way; imagine a normal computer. It processes bits, that can be either 1 and 0.  A quantum computer can have both states at once (qubit). (Wikipedia, 2016) The processing power it will have is enourmous. It could calculate specific algorythms(multi-tasking) in just a fraction of the time a normal processor would.  Truly Revolutionary! For more information: Click here (credits to them)

maxresdefault

So what are the implications of a quantum computer?

Hackers can penetrate most of your private information, as if there was no security. Data encryption as we know it would be nearly nullified. (makeuseof.com, 2014) On the other hand: What about the NSA, trying to analyze a lot of data about everyone? It could become really creepy, a world where everything is predictable and privacy would almost be nonexistent.iab-urges-data-encryption

Even the development of artificial intelligence would have a huge boost with many benefits and negatives. It will perhaps be possible that machines become smarter than humans and quantum computing might be a cornerstone to achieve this.
This could be a development that would dramatically change businesses as well, just like the internet did back in the day.

So do we really want to have a quantum computer. The likely answer is yes, but there are many things that need to be considered first in my opinion. For example privacy concerns and security concerns. Eventually I think this will become an essential technology just like we are used to internet nowadays. There will be solutions found for many problems that occur as it has shown over time, but it is important to reflect about the consequences of innovative technologies. It might not be always good.

 

Sources:

Click to access promise_of_quantum_computing.pdf

https://en.wikipedia.org/wiki/Quantum_computing

Quantum Computers: The End of Cryptography?

 

 

Please rate this

When your home knows too much – Smart Homes & Hackers

26

September

2016

5/5 (4) IoT and smart homes

You are probably familiar with terms such as the Internet of Things (IoT) and smart homes (as well as all sorts of “smart” things like smart cities, smart energy, smart cars…). Before going further into the topic though, let us define what these buzzwords actually mean.

The International Telecommunication Union defines the Internet of Things as “a global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies“(ITU, 2015). In other words, we refer to (interconnected) devices that sense, report and act on real-world data (Digital Trends, 2014). Smart homes apply this concept of IoT to our homes and connect a wide range of ordinary appliances and devices such as your lights, coffee machine, toilet, window blinds, etc., to the Internet and to one another. This connectivity also enables the remote controlling of these appliances.

The video below illustrates what such a smart home (perhaps your future home?) could look like.

Pretty cool, right? After all, who wouldn’t want to be able to check whether their home is locked without having to get back out of bed or wake up to a simulated sunrise and fresh coffee awaiting in the kitchen?

 

How hackable are smart homes?

While the video is not a very accurate representation of what our days look like (yet), the extent and speed at which we are approaching ever “smarter” lives should not be underestimated. For instance, there are currently over 10 billion connected IoT devices (Philips Hue lights anyone?), and SmartThings (Samsung’s IoT platform) already offers over 500 SmartApps for users’ homes while its Android app has been downloaded over 100,000 times (Business Insider, 2016)(University of Michigan News, 2016). Given this scale and prominence, one would assume that these devices are quite safe. But are they? It turns out that in addition to a hefty price tag, the resulting convenience of smart homes may cost us dearly in terms of privacy, safety and control over what is supposed to be our home.

I’m sure we can all think of horror scenarios in which our homes become our enemy, however, these scenes aren’t as far fetched as one would think (and hope!). Although the entertainment industry certainly has a flair for the dramatic, there have been many vulnerability exploitations in IoT devices over the past years. Examples include the online life streaming of over 70,000 private security cameras or hacks on home security systems that would enable thieves to disable your alarm, break in, and re-enable it after the theft (Network World, 2015)(Network World, 2014). Last year, the DefCon (one of the world’s largest hacking conferences) even hosted its first IoT Village, in which IoT devices, in this case a Samsung smart fridge, are hacked (IOT Village, 2015)(Pen Test Partners, 2015). You may think, “It’s just a fridge, so what?”. Well, the thing with IoT devices is that they are interconnected, hence, while it is certainly possible to mess with your shopping list, these hacks were able to, amongst others, get the owner’s Gmail credentials (ConsumerAffairs, 2015).

In addition, cyber security researchers from the University of Michigan performed what is considered the first system-wide security study on connected homes. Specifically, they tested Samsung’s popular SmartThings platform and were able to turn on the house’s fire alarm, add an additional code for the entrance door (essentially a secret spare key), set up an automatic text message to the hacker as soon as the door code is changed, and turn off the so-called “vacation mode”, which control lights, blinds and so on, for owners that are away (University of Michigan News, 2016).

 

Main issues

While there are many underlying issues leading to the vulnerabilities in smart home devices and the technical details behind them are out of the scope of this post, we can identify several key points:

  • Wi-Fi: if hackers can gain access to the network to which the devices are connected, they can easily attack the respective devices (TechRadar, 2016).
  • Overprivilege: the researchers from the University of Michigan found that over 40% of the SmartThings apps were granted more access than the apps actually requested – by default, the platform grants full device access (University of Michigan News, 2016).
  • Manufacturers: manufacturers have not invested enough in security, which is costly and very difficult for consumers to assess (Network World, 2015).
  • Lack of standards: security standards for the IoT are still being designed (Network World, 2015).
  • Default passwords: last but certainly not least, in many cases hacks occur because users do not change the default usernames and passwords. For example, such as in the private surveillance camera case mentioned above (Network World, 2015).

 

Summing up…

There are many appealing applications that in an ideal scenario may (considerably) aid our daily lives. Nonetheless, it is simply reality that in the end, anything connected to a network is hackable. The key is to make hacking these devices so difficult and/or expensive that it is not worth the time and effort, while always being aware of what we are potentially risking by opting for a little bit more convenience. Furthermore, as security standards are established, more vulnerabilities are exposed and consumer awareness increases, smart homes may become a viable reality.

To what extent would you be willing to compromise your privacy and safety for the added convenience of a smart home? And what do you think are the implications this has for the growing trend of smart cities?

For some additional examples and short videos feel free to visit CNN’s Your Hackable House: http://money.cnn.com/interactive/technology/hackable-house/

 

 

 

References:

Business Insider. 2016. How the ‘Internet of Things’ will impact consumers, businesses, and governments in 2016 and beyond. [ONLINE] Available at: http://www.businessinsider.com/how-the-internet-of-things-market-will-grow-2014-10?_ga=1.266641102.1532001313.1474814359. [Accessed 25 September 2016].

ConsumerAffairs. 2015. Hackers can steal Gmail passwords from Samsung “smart” refrigerators. [ONLINE] Available at: https://www.consumeraffairs.com/news/hackers-can-steal-gmail-passwords-from-samsung-smart-refrigerators-082515.html. [Accessed 25 September 2016].

Digital Trends. 2014. You can’t avoid the ‘Internet of Thins’ hype, so you might as well understand it . [ONLINE] Available at: http://www.digitaltrends.com/home/heck-internet-things-dont-yet/. [Accessed 25 September 2016].

IOT Village. 2015. Motivation. [ONLINE] Available at: https://www.iotvillage.org. [Accessed 25 September 2016].

ITU. 2015. Internet of Things Global Standards Initiative. [ONLINE] Available at: http://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx. [Accessed 25 September 2016].

Network World. 2014. Peeping into 73,000 unsecured security cameras thanks to default passwords. [ONLINE] Available at: http://www.networkworld.com/article/2844283/microsoft-subnet/peeping-into-73-000-unsecured-security-cameras-thanks-to-default-passwords.html. [Accessed 25 September 2016].

Network World. 2015. Smart home hacking is easier than you think. [ONLINE] Available at: http://www.networkworld.com/article/2905053/security0/smart-home-hacking-is-easier-than-you-think.html. [Accessed 25 September 2016].

Pen Test Partners. 2015. Hacking DefCon 23’s IoT Village Samsung fridge. [ONLINE] Available at: https://www.pentestpartners.com/blog/hacking-defcon-23s-iot-village-samsung-fridge/. [Accessed 25 September 2016].

TechRadar. 2016. How hackers are making your smart home safer. [ONLINE] Available at: http://www.techradar.com/news/world-of-tech/how-hackers-are-making-your-smart-home-safer-1320500. [Accessed 25 September 2016].

University of Michigan News. 2016. Hacking into homes: ‘Smart home’ security flaws found in popular system. [ONLINE] Available at: http://ns.umich.edu/new/multimedia/videos/23748-hacking-into-homes-smart-home-security-flaws-found-in-popular-system. [Accessed 25 September 2016].

Please rate this