Connect with us


Protecting smart machines from smart attacks



smart machines

Machines’ ability to learn by processing data gleaned from sensors underlies automated vehicles, medical devices and a host of other emerging technologies. But that learning ability leaves systems vulnerable to hackers in unexpected ways, researchers at Princeton University have found.

In a series of recent papers, a research team has explored how adversarial tactics applied to artificial intelligence (AI) could, for instance, trick a traffic-efficiency system into causing gridlock or manipulate a health-related AI application to reveal patients’ private medical history. As an example of one such attack, the team altered a driving robot’s perception of a road sign from a speed limit to a “Stop” sign, which could cause the vehicle to dangerously slam the brakes at highway speeds; in other examples, they altered Stop signs to be perceived as a variety of other traffic instructions.

“If machine learning is the software of the future, we’re at a very basic starting point for securing it,” said Prateek Mittal, the lead researcher and an associate professor in the Department of Electrical Engineering at Princeton. “For machine learning technologies to achieve their full potential, we have to understand how machine learning works in the presence of adversaries. That’s where we have a grand challenge.”

Just as software is prone to be hacked and infected by computer viruses, or its users targeted by scammers through phishing and other security-breaching ploys, AI-powered applications have their own vulnerabilities. Yet the deployment of adequate safeguards has lagged. So far, most machine learning development has occurred in benign, closed environments — a radically different setting than out in the real world.

Mittal is a pioneer in understanding an emerging vulnerability known as adversarial machine learning. In essence, this type of attack causes AI systems to produce unintended, possibly dangerous outcomes by corrupting the learning process. In their recent series of papers, Mittal’s group described and demonstrated three broad types of adversarial machine learning attacks.

Poisoning the data well
The first attack involves a malevolent agent inserting bogus information into the stream of data that an AI system is using to learn — an approach known as data poisoning. One common example is a large number of users’ phones reporting on traffic conditions. Such crowdsourced data can be used to train an AI system to develop models for better collective routing of autonomous cars, cutting down on congestion and wasted fuel.

“An adversary can simply inject false data in the communication between the phone and entities like Apple and Google, and now their models could potentially be compromised,” said Mittal. “Anything you learn from corrupt data is going to be suspect.”

Mittal’s group recently demonstrated a sort of next-level-up from this simple data poisoning, an approach they call “model poisoning.” In AI, a “model” might be a set of ideas that a machine has formed, based on its analysis of data, about how some part of the world works. Because of privacy concerns, a person’s cellphone might generate its own localized model, allowing the individual’s data to be kept confidential. The anonymized models are then shared and pooled with other users’ models. “Increasingly, companies are moving towards distributed learning where users do not share their data directly, but instead train local models with their data,” said Arjun Nitin Bhagoji, a Ph.D. student in Mittal’s lab.

But adversaries can put a thumb on the scales. A person or company with an interest in the outcome could trick a company’s servers into weighting their model’s updates over other users’ models. “The adversary’s aim is to ensure that data of their choice is classified in the class they desire, and not the true class,” said Bhagoji.

In June, Bhagoji presented a paper on this topic at the 2019 International Conference on Machine Learning (ICML) in Long Beach, California, in collaboration with two researchers from IBM Research. The paper explored a test model that relies on image recognition to classify whether people in pictures are wearing sandals or sneakers. While an induced misclassification of that nature sounds harmless, it is the sort of unfair subterfuge an unscrupulous corporation might engage in to promote its product over a rival’s.

“The kinds of adversaries we need to consider in adversarial AI research range from individual hackers trying to extort people or companies for money, to corporations trying to gain business advantages, to nation-state level adversaries seeking strategic advantages,” said Mittal, who is also associated with Princeton’s Center for Information Technology Policy.

Using machine learning against itself
A second broad threat is called an evasion attack. It assumes a machine learning model has successfully trained on genuine data and achieved high accuracy at whatever its task may be. An adversary could turn that success on its head, though, by manipulating the inputs the system receives once it starts applying its learning to real-world decisions.

For example, the AI for self-driving cars has been trained to recognize speed limit and stop signs, while ignoring signs for fast food restaurants, gas stations, and so on. Mittal’s group has explored a loophole whereby signs can be misclassified if they are marked in ways that a human might not notice. The researchers made fake restaurant signs with extra color akin to graffiti or paintball splotches. The changes fooled the car’s AI into mistaking the restaurant signs for stop signs.

“We added tiny modifications that could fool this traffic sign recognition system,” said Mittal. A paper on the results was presented at the 1st Deep Learning and Security Workshop (DLS), held on May 2018 in San Francisco by the Institute of Electrical and Electronics Engineers (IEEE).

While minor and for demonstration purposes only, the signage perfidy again reveals a way in which machine learning can be hijacked for nefarious ends.

Not respecting privacy
The third broad threat is privacy attacks, which aim to infer sensitive data used in the learning process. In today’s constantly internet-connected society, there’s plenty of that sloshing around. Adversaries can try to piggyback on machine learning models as they soak up data, gaining access to guarded information such as credit card numbers, health records and users’ physical locations.

An example of this malfeasance, studied at Princeton, is the “membership inference attack.” It works by gauging whether a particular data point falls within a target’s machine learning training set. For instance, should an adversary alight upon a user’s data while picking through a health-related AI application’s training set, that information would strongly suggest the user was once a patient at the hospital. Connecting the dots on a number of such points can disclose identifying details about a user and their lives.

Protecting privacy is possible, but at this point it involves a security tradeoff — defenses that protect the AI models from manipulation via evasion attacks can make them more vulnerable to membership inference attacks. That is a key takeaway from a new paper accepted for the 26th ACM Conference on Computer and Communications Security (CCS), to be held in London in November, led by Mittal’s graduate student Liwei Song. The defensive tactics used to protect against evasion attacks rely heavily on sensitive data in the training set, which makes that data more vulnerable to privacy attacks.

It is the classic security-versus-privacy debate, this time with a machine learning twist. Song emphasizes, as does Mittal, that researchers will have to start treating the two domains as inextricably linked, rather than focusing on one without accounting for its impact on the other.

“In our paper, by showing the increased privacy leakage introduced by defenses against evasion attacks, we’ve highlighted the importance of thinking about security and privacy together,” said Song.

It is early days yet for machine learning and adversarial AI — perhaps early enough that the threats that inevitably materialize will not have the upper hand.

“We’re entering a new era where machine learning will become increasingly embedded into nearly everything we do,” said Mittal. “It’s imperative that we recognize threats and develop countermeasures against them.”

Written by Adam Hadhazy

Source: Princeton University


Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Nintendo is adding paid memberships to Animal Crossing: Pocket Camp




Animal Crossing

Nintendo plans to launch paid subscription memberships for its smartphone game Animal Crossing: Pocket Camp later this week, according to an in-game news update. The company says one plan lets you “appoint one lucky animal as your camp caretaker and get some extra help around the campsite,” while with another you’ll “receive fortune cookies and store your furniture and clothing items in warehouses.”

Nintendo released its latest mobile game, Mario Kart Tour, last month with a surprising optional subscription: a $4.99-a-month “Gold Pass” that unlocks a faster speed mode and gives users access to more in-game items. The company says it will reveal more information about the Animal Crossing memberships in videos that are due to be released on Wednesday.

Despite the hype surrounding Nintendo’s belated decision to start making smartphone games after years of pleas from investors, mobile remains a small part of the company’s overall business. Nintendo doesn’t break out specific mobile sales figures, but in its most recent earnings report said that first-half revenue for mobile and IP licensing totaled 19.9 billion yen. which is up 6.4 percent year-on-year but represents less than five percent of the company’s overall sales.

“[Mario Kart Tour] earnings are also off to a good start,” president Shuntaro Furakawa told investors at the financial results briefing after commenting on the game’s download figures. “In addition to randomized items, we have created opportunities to generate revenue such as the Gold Pass subscription to meet the various needs of consumers, allowing them to enjoy the game. By including these mechanics and multiplayer functionality, we want to make it an attractive application that will be enjoyed by consumers in the long-term.”

Nintendo’s mobile games have been hit and miss in terms of both their quality and their financial performance, but if subscriptions are a model that turns out to work, you can expect to see more of them in future titles.


By Sam Byford

Continue Reading


Web & Domain Protection Software Market SWOT Analysis by Key Players: Leaseweb, Namecheap, SiteLock, Verisign, Sucuri





The Latest research study released by HTF MI “Global Web & Domain Protection Software Market” with 100+ pages of analysis on business Strategy taken up by key and emerging industry players and delivers know how of the current market development, landscape, technologies, drivers, opportunities, market viewpoint and status. The research study provides estimates for Global Web & Domain Protection Software market Forecasted till 2025*. Some of the Major Companies covered in this Research are ZeroFOX, Comodo,, GoDaddy,, Leaseweb, Namecheap, SiteLock, Verisign, Sucuri, Cloudflare, Pointer Brand Protection, Sasahost, WebARX, AppRiver,

Click here for free sample + related graphs of the report @:

Browse market information, tables and figures extent in-depth TOC on “Web & Domain Protection Software Market by Application (Large Enterprises & Small and Medium-sized Enterprises (SMEs)), by Product Type (, Cloud-Based & On-Premise), Business scope, Manufacturing and Outlook – Estimate to 2025”.

At last, all parts of the Global Web & Domain Protection Software Market are quantitatively also subjectively valued to think about the Global just as regional market equally. This market study presents basic data and true figures about the market giving a general assessable analysis of this market based on market trends, market drivers, constraints and its future prospects. The report supplies the worldwide monetary challenge with the help of Porter’s Five Forces Analysis and SWOT Analysis.

On the basis of report- titled segments and sub-segment of the market are highlighted below:
Global Web & Domain Protection Software Market By Application/End-User (Value and Volume from 2019 to 2025) : Large Enterprises & Small and Medium-sized Enterprises (SMEs)

Market By Type (Value and Volume from 2019 to 2025) : , Cloud-Based & On-Premise

Global Web & Domain Protection Software Market by Key Players: ZeroFOX, Comodo,, GoDaddy,, Leaseweb, Namecheap, SiteLock, Verisign, Sucuri, Cloudflare, Pointer Brand Protection, Sasahost, WebARX, AppRiver,

Geographically, this report is segmented into some key Regions, with manufacture, depletion, revenue (million USD), and market share and growth rate of Web & Domain Protection Software in these regions, from 2012 to 2022 (forecast), covering China, USA, Europe, Japan, Korea, India, Southeast Asia & South America and its Share (%) and CAGR for the forecasted period 2019 to 2025.

Informational Takeaways from the Market Study: The report Web & Domain Protection Software matches the completely examined and evaluated data of the noticeable companies and their situation in the market by plans for different clear tools. The measured tools including SWOT analysis, Porter’s five powers analysis, and assumption return debt were utilized while separating the improvement of the key players performing in the market.

Key Development’s in the Market: This segment of the Web & Domain Protection Software report fuses the major developments of the market that contains confirmations, composed endeavors, R&D, new thing dispatch, joint endeavours, and relationship of driving members working in the market.

To get this report buy full copy @:

Some of the important question for stakeholders and business professional for expanding their position in the Global Web & Domain Protection Software Market :
Q 1. Which Region offers the most rewarding open doors for the market in 2019?
Q 2. What are the business threats and variable scenario concerning the market?
Q 3. What are probably the most encouraging, high-development scenarios for Web & Domain Protection Software movement showcase by applications, types and regions?
Q 4.What segments grab most noteworthy attention in Web & Domain Protection Software Market in 2019 and beyond?
Q 5. Who are the significant players confronting and developing in Web & Domain Protection Software Market?

For More Information Read Table of Content @:

Key poles of the TOC:
Chapter 1 Global Web & Domain Protection Software Market Business Overview
Chapter 2 Major Breakdown by Type [, Cloud-Based & On-Premise]
Chapter 3 Major Application Wise Breakdown (Revenue & Volume)
Chapter 4 Manufacture Market Breakdown
Chapter 5 Sales & Estimates Market Study
Chapter 6 Key Manufacturers Production and Sales Market Comparison Breakdown
Chapter 8 Manufacturers, Deals and Closings Market Evaluation & Aggressiveness
Chapter 9 Key Companies Breakdown by Overall Market Size & Revenue by Type
Chapter 11 Business / Industry Chain (Value & Supply Chain Analysis)
Chapter 12 Conclusions & Appendix

Thanks for reading this article; you can also get individual chapter wise section or region wise report version like North America, Europe or Asia.


Continue Reading


Social networks have been weaponized for the impeachment hearings




facebook, instagram whatsapp also affected

Impeachment hearings got underway in the House of Representatives this week, as you likely noticed from the wall-to-wall coverage. The process involves the sort of high-stakes, highly partisan events that naturally dominate social feeds. What television was to impeachment in the 1970s and 1990s, Facebook and Twitter — and YouTube and maybe TikTok — will be to impeachment in 2019.

The hearings on President Donald Trump’s apparent attempted bribery of Ukraine won’t be the first time a president has had to contend with, or benefit from, a hyper-partisan media. Conservative talk radio and Fox News were in full swing when Bill Clinton was impeached in 1998, even if their rhetoric looks quaint by today’s standard. But the World Wide Web was in its infancy, and the world was then still innocent of algorithmically sorted news feeds, partisan bot armies, and state-sponsored meme warfare.

Not anymore. If the first day of hearings is any indication, social networks promise to play a powerful role in shaping the way that impeachment hearings are understood by Americans. They are also playing a powerful role in shaping the hearings themselves.

As Ryan Broderick documented at BuzzFeed, Republican lawmakers used their time during Wednesday’s hearing to promote discredited conspiracy theories that are popular on right-wing message boards:

There is one America that believes what was in former FBI director Robert Mueller’s report, that there was coordinated Russian interference in the 2016 presidential election, which helped the Trump campaign. But there is a second America that believes that in the summer of 2016, the Democratic National Committee colluded with Ukrainian nationals to frame the Trump campaign for collusion with Russia, implicating a Ukrainian American DNC contractor, Alexandra Chalupa, in the collusion and the California-based cybersecurity firm CrowdStrike in the subsequent cover-up.

This unfounded theory has been propped up by a 2017 Politico story; reporting from right-wing political commentator John Solomon published earlier this year in the Hill; Attorney General Bill Barr’s summer travels; the yearlong personal investigation into Ukraine conducted by Rudy Giuliani, a lawyer working for Trump; and coverage from Fox News and conservative news sites. All of that came into play during Wednesday’s hearing, sometimes implicitly and sometimes explicitly.

After Republican members of Congress promoted these various smokescreens, right-wing media universally dismissed the hearing — either as an absurd exercise led by clowns, or as an outrageous abuse of power. Brian Stelter described the atmosphere on cable news:

Here’s what else I heard: Wednesday’s hearing was a bust. It was all just hearsay. It was a “disaster” for the Democrats and a “great day” for the Republicans. Impeachment is “stupid.” Impeachment is “fake.” There’s nothing impeachable here. There’s no reason to hold hearings. This inquiry needs to stop right now.

The message was one-sided and overwhelming. Every host and practically every guest said the Republican tribe is winning and the Democrat tribe is losing. I’m sure the president loved watching every minute of it. That’s one of the reasons why this right-wing rhetoric matters so much — because it is reassuring and emboldening Trump.

Meanwhile, if you’re reading the New York Times or watching CNN, you’re getting the sense that the case against Trump is a slam dunk, with multiple people having heard the president directly pressure his ambassador to the European Union to pursue a bribery plot. As Ezra Klein wrote recently, this impeachment is “the easiest possible test case for can our system hold a president accountable.” And yet with something like 40 percent of the country living in an alternate media universe, the basic, actual facts of the case may never penetrate into their reality.

Of course, that fear was one of the best reasons for Democrats to initiate impeachment proceedings in the first place: Show people real witnesses answering important questions over a long enough period of time — train everyone’s eyes on the same set of facts — and maybe a greater consensus will emerge.

Time will tell if they succeed. In the meantime, impeachment has proven to be big business on Facebook — where politicians are taking out highly partisan ads consistent with their respective worldviews. Emily Stewart and Rani Molla have a thorough walkthrough of how impeachment is playing out on Facebook, with Trump and Sen. Elizabeth Warren using ads to fire up their base and build their donor rolls; Tom Steyer using impeachment as a signature issue to promote his presidential candidacy; and a spice company buying tens of thousands of dollars worth of pro-impeachment advertising because they spread farther on Facebook than non-impeachment ads, resulting in a better return on investment.

Much of the debate about whether Facebook should allow political advertising noted that it represents a small fraction of the company’s business. But as the Vox writers note, that doesn’t mean it’s an insignificant business:

Facebook itself has grown into a formidable political platform in recent years, with campaigns and outside groups spending $284 million on the platform during the midterm elections, according to a report by Tech for Campaigns, a nonprofit that helps political campaigns with digital tools. While that’s just a small share of Facebook’s overall ad revenue, it’s a growing chunk of what campaigns are spending to reach constituents.

As impeachment hearings intensify, it seems likely politicians’ spending on Facebook ads will increase. And a good number of those ads, like so much about impeachment in 2019, will seem to have been created in a parallel world. In many ways, they were.



read more

By Casey Newton

Continue Reading