The defence mechanism applies random image adjustments.
A new mechanism for defending AI models from cyber-attacks has been developed by Birmingham City University (BCU).
In partnership with Covatic, the defence mechanism involves applying simple and random image adjustments – like rotations or resizing – before processing, making the AI system becomes more resilient to deception and manipulation.
One such method, known as a ‘black-box attack’, allows attackers to test an AI model repeatedly to gather intelligence and find ways to manipulate its decisions. This could allow an AI-powered self-driving car to misread a stop sign as a speed limit sign; or misdiagnose a patient based on the images it’s provided.
Compared to regular adversarially trained AI models with no defence, image adjustments saw a 21 percent improvement in competitive performance and compared to other defence methods such as Random Noise Defence, the margin of improvement increased to between 2.3-4.6 percent on different AI systems.
Atif Azad, Professor of Artificial Intelligence at BCU, said: “As AI plays a bigger role in critical areas like healthcare and self-driving technology, addressing security risks is essential. This research takes an important step toward making AI systems more resilient against cyber threats.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
