How Exposing AI to Adversarial Training Can Revolutionize How AI Works
AI and Data Science Newsposted by ODSC Team October 26, 2022 ODSC Team
Researchers from Los Alamos National Laboratory are working on a way to help artificial intelligence researchers comprehend neural network behavior. In doing so, they found an interesting surprise. As neural networks are being employed in more fields, understanding how and why they operate is going to become more important, especially with tools such as facial recognition, and autonomous cars, becoming more prevalent in society.
This comes from a recent paper that was presented at the Conference on Uncertainty in Artificial Intelligence. The lead author, Haydn Jones, a researcher in the Advanced Research in Cyber Systems group at Los Alamos, breaks down the issue. “The artificial intelligence research community doesn’t necessarily have a complete understanding of what neural networks are doing; they give us good results, but we don’t know how or why…Our new method does a better job of comparing neural networks, which is a crucial step toward better understanding the mathematics behind AI.”
The importance is getting a better understanding of neural networks, and identifying what causes certain behavior. At issue is the network itself, though they can perform at a high level, if left untrained to deal with new circumstances, they can often make mistakes. For example, a neural network trained to drive a car can identify a stop sign and act accordingly, but if there is an abnormality, such as the sign being missing, or even if it’s partially covered, it will not stop.
Because of this, researchers have sought out different ways to improve how neural networks deal with more dynamic situations. One such approach is simply just forcing a network to confront abnormalities. This method is called adversarial training, and as the networks learn, they become more difficult to trick or not behave in the fashion expected. But the team found something interesting during these tests related to network architecture. As the severity of the attacks increases, no matter the architecture, neural networks will behave similarly.
As Jones explains, “We found that when we train neural networks to be robust against adversarial attacks, they begin to do the same things.” This finding can have drastic consequences for the AI community as there have been major efforts to find the right architecture. Whereas, it seems adversarial training sees different architectures converge to similar solutions.
Jones goes on, “By finding that robust neural networks are similar to each other, we’re making it easier to understand how robust AI might really work. We might even be uncovering hints as to how perception occurs in humans and other animals.”