The impact of designing for safety of AI is critical for humanity in the AI era. With humans increasingly becoming dependent of AI, there is a need for neural networks that work reliably, inspite of Adversarial attacks. Attacks can be one of 3 types: I) Similar looking adversarial images that aim to deceive both human and computer intelligence, II) Adversarial attacks such as evasion and exploratory attacks, III) Hacker introduced occlusions/perturbations to misguide AI. The vision for Safe and secure AI for popular use is achievable. To achieve safety of AI, this paper contributes both a strategy and a novel deep learning architecture. To guard AI from adversaries, paper proposes 3 strategies: 1) Introduce randomness at inference time to hide the representation learning from adversaries/attackers, 2) Detect presence of adversaries by analyzing the input sequence to AI, 3) Exploit visual similarity against adversarial perturbations. To realize these strategies, this paper proposes a novel architecture, Dynamic Neural Defense (DND). This defense has 3 deep learning architectural features: I) By hiding the way a neural network learns from exploratory attacks using a random computation graph, DND evades attack. II) By analyzing input sequence to cloud AI inference engine with CNN-LSTM, DND detects fast gradient sign attack sequence. III) By inferring with visual similar inputs generated by VAE, any AI defended by DND approach doesn’t succumb to hackers. Thus, a roadmap to develop reliable, safe & secure AI is presented.

AI, Deep Learning, AI Safety, AI Security, Neural Networks, Adversarial Attacks and Defences, autonomous AI

[1] Chakraborty, A., Alam, M., Dey, V., Chattopadhyay, A., & Mukhopadhyay, D, “Adversarial Attacks and Defences: A Survey”, CoRR, arXiv:1810.00069, 2018.
[2] Szegedy, C at el., “Intriguing properties of neural networks”, arXiv:1312.6199, 2013.
[3] Papernot, N., Goodfellow, I., Sheatsley, R., Feinman, R. and McDaniel, P., “cleverhans v1. 0.0: an adversarial machine learning library”, arXiv:1610.00768, 2016.
[4] Biggio, B at el, “Evasion attacks against machine learning at test time”, Joint European conference on machine learning and knowledge discovery in databases, Springer, pp. 387-402, 2013.
[5] Sitawarin, C., Bhagoji, A.N., Mosenia, A., Chiang, M., Mittal, P., “Darts: Deceiving autonomous cars with toxic signs”, arXiv:1802.06430, 2018.
[6] Kurakin, Alexey, I. Goodfellow, and S. Bengio. "Adversarial machine learning at scale." arXiv:1611.01236, 2016
[7] Yuan, Xiaoyong, Pan He, Qile Zhu, Xiaolin Li., "Adversarial examples: Attacks and defenses for deep learning." IEEE transactions on neural networks and learning systems, 2019.
[8] Amodei, Dario, Chris O, Jacob S, Paul C, John S, Dan M. "Concrete problems in AI safety", arXiv:1606.06565, 2016.
[9] Liu, G, Issa K, Abdallah K. "GanDef", arXiv:1903.02585, 2019.
[10] Carlini, Nicholas. "Is AmI Robust to Adversarial Examples?.", arXiv:1902.02322, 2019.
[11] Carlini, Nicholas, David W. "Defensive distillation is not robust to adversarial examples.", arXiv:1607.04311, 2016
[12] Mahmood S, Sruti B, Lujo B, and Michael K. “Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition”, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1528-1540, 2016.
[13] Tramer, Florian, A Kurakin, N Papernot, I Goodfellow, D Boneh, P McDaniel. “Ensemble adversarial training: Attacks and defenses” arXiv:1705.07204 , 2017
[14] U.Kaur, Mahajan, Singh, “Trust Models in Cloud Computing”, International Journal of Scientific Research in Network Security and Communication, Vol.6, Issue.2, pp.19-23, 2018
[15] Arora, Sharma, ”Synthesis of Cryptography and Security Attacks", International Journal of Scientific Research in Network Security and Communication, Vol.5, Issue.5, pp.1-5, 2017
[16] Das at el., "Shield: Fast, practical defense & vaccination for deep learning", 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, ACM, pp. 196-204, 2018