Facially manipulated images and videos or DeepFakes can be used maliciously to fuel misinformation or defame individuals. Therefore, detecting DeepFakes is crucial to increase the credibility of social media platforms and other media sharing web sites. State-of-the art DeepFake detection techniques rely on neural network based classification models which are known to be vulnerable to adversarial examples. In this work, we study the vulnerabilities of state-of-the-art DeepFake detection methods from a practical stand point. We perform adversarial attacks on DeepFake detectors in a black box setting where the adversary does not have complete knowledge of the classification models. We study the extent to which adversarial perturbations transfer across different models and propose techniques to improve the transferability of adversarial examples. We also create more accessible attacks using Universal Adversarial Perturbations which pose a very feasible attack scenario since they can be easily shared amongst attackers. We perform our evaluations on the winning entries of the DeepFake Detection Challenge (DFDC) and demonstrate that they can be easily bypassed in a practical attack scenario by designing transferable and accessible adversarial attacks. Read More
Monthly Archives: February 2021
Adversarial Deepfakes: Evaluating Vulnerability of Deepfake Detectors to Adversarial Examples
Recent advances in video manipulation techniques have made the generation of fake videos more accessible than ever before. Manipulated videos can fuel disinformation and reduce trust in media. Therefore detection of fake videos has garnered immense interest in academia and industry. Recently developed Deepfake detection methods rely on DeepNeural Networks (DNNs) to distinguish AI-generated fake videos from real videos. In this work, we demonstrate that it is possible to bypass such detectors by adversarially modifying fake videos synthesized using existing Deepfake generation methods. We further demonstrate that our adversarial perturbations are robust to image and video compression codecs, making them a real-world threat. We present pipelines in both white-box and black-box attack scenarios that can fool DNN based Deepfake detectors into classifying fake videos as real. Read More
Re-imagining Algorithmic Fairness in India and Beyond
Conventional algorithmic fairness is West-centric, as seen in its sub-groups, values, and optimisations. In this paper, we de-center algorithmic fairness and analyse AI power in India. Based on 36 qualitative interviews and a discourse analysis of algorithmic deployments in India, we find that several assumptions of algorithmic fairness are challenged in India. We find that data is not always reliable due to socio-economic factors, users are given third world treatment by ML makers, and AI signifies unquestioning aspiration. We contend that localising model fairness alone can be window dressing in India, where the distance between models and oppressed communities is large. Instead, we re-imagine algorithmic fairness in India and provide a roadmap to re-contextualise data and models, empower oppressed communities, and enable Fair-ML ecosystems. Read More
Vokenization: Improving Language Understanding with Contextualized, Visual-Grounded Supervision
Humans learn language by listening, speaking, writing, reading, and also, via interaction with the multimodal real world. Existing language pretraining frameworks show the effectiveness of text-only self-supervision while we explore the idea of a visually-supervised language model in this paper. We find that the main reason hindering this exploration is the large divergence in magnitude and distributions between the visually-grounded language datasets and pure-language corpora. Therefore, we develop a technique named “vokenization” that extrapolates multimodal alignments to language-only data by contextually mapping language tokens to their related images (which we call “vokens”).The “vokenizer” is trained on relatively small image captioning datasets and we then apply it to generate vokens for large language corpora. Trained with these contextually generated vokens, our visually-supervised language models show consistent improvements over self-supervised alternatives on multiple pure-language tasks such as GLUE, SQuAD, and SWAG. Read More
Employee Surveillance Is Rising to New Dystopian Heights
Amazon’s new driver surveillance cameras may put employee privacy in the backseat.
The way to becoming a trillion-dollar company isn’t paved with philanthropy — on the contrary, it lies in pushing legal limits to new dystopian heights.
Recently, Amazon revealed the use of constant monitoring cameras in company vehicles — to “improve driver behavior,” according to an informational video from the firm.
However, in light of how Amazon develops surveillance techniques to monitor warehouse workers — both on and off the clock — Amazon delivery drivers’ lives could become a lot harder. Read More
Dahua Provides “Uyghur Warnings” To China Police
Understanding Robotic Process Automation
The Institute for Robotic Process Automation & Artificial Intelligence defines RPA as follows,“Robotic process automation (RPA) is the application of technology that allows employees in a company to configure computer software or a bot to capture and interpret existing applications for processing a transaction, manipulating data, triggering responses, and communicating with other digital systems.”
In simple terms, RPA is the automation of repetitive, rule-based manual tasks (performed on windows) by the use of automation agents that can run attended or unattended without making any errors. Read More
Tips for Running High-Fidelity Deep Reinforcement Learning Experiments
Despite recent incredible algorithmic advances in the field, deep reinforcement learning (DRL) remains notorious for being computationally expensive, prone to “silent bugs”, and difficult to tune hyperparameters. These phenomena make running high-fidelity, scientifically-rigorous reinforcement learning experiments paramount.
In this article, I will discuss a few tips and lessons I’ve learned to mitigate the effects of these difficulties in DRL — tips I never would have learned from a reinforcement learning class. Read More
They Stormed the Capitol. Their Apps Tracked Them
In 2019, a source came to us with a digital file containing the precise locations of more than 12 million individual smartphones for several months in 2016 and 2017. The data is supposed to be anonymous, but it isn’t. We found celebrities, Pentagon officials and average Americans.
… A source has provided another data set, this time following the smartphones of thousands of Trump supporters, rioters and passers-by in Washington, D.C., on January 6, as Donald Trump’s political rally turned into a violent insurrection. At least five people died because of the riot at the Capitol. Key to bringing the mob to justice has been the event’s digital detritus: location data, geotagged photos, facial recognition, surveillance cameras and crowdsourcing. Read More
Fractals can help AI learn to see more clearly—or at least more fairly
Large datasets like ImageNet have supercharged the last 10 years of AI vision, but they are hard to produce and contain bias. Computer generated datasets provide an alternative.
Most image-recognition systems are trained using large databases that contain millions of photos of everyday objects, from snakes to shakes to shoes. With repeated exposure, AIs learn to tell one type of object from another. Now researchers in Japan have shown that AIs can start learning to recognize everyday objects by being trained on computer-generated fractals instead.
It’s a weird idea but it could be a big deal. Generating training data automatically is an exciting trend in machine learning. And using an endless supply of synthetic images rather than photos scraped from the internet avoids problems with existing hand-crafted data sets. Read More
Rick's Cafe AI 