Project: Neural Network’s Vulnerability to Deepfake Detectors: A case for mistrust in AI?
Recent advances in video and image manipulating techniques have revealed a weakness of machine learning techniques. Especially deep neural networks (DNN) which gained huge success in pattern recognition (e.g. face recognition or road sign models) tasks has shown to be vulnerable to so called adversarial examples. These machine learning models missclassify perturbed examples that are only slightly different from correctly classified examples drawn from training data set. The perturbation is a addition of a certain noise signal whose existence cannot be recognized by human beings. Since manipulated videos or photos can induce misinformation and reduce trust in media for example GAN (Generative Adversarial networks) are considered to be threat to real world systems.
In this project I want to analyze how the problem of adversarial examples is faced in the AI research. In a first step I want to find out whether there are known and agreed upon theoretical explanations for the neural network’s vulnerability to adversarial perturbation.
From an philosophy of science point of view this may shed light the epistemological power of machine learning algorithms: its generalization performance. The existence of successful adversarial examples may suggest that machine learning techniques may not learn the true underlying concepts that determine the correct output label.
Since it is held that such missclassifications represents a possibly severe security problem for AI methods, in a second step, I want to understand better which defense strategies exist in the research and how they relate to realistic threat models. In this respect a closer look into the abilities and limitations of existing frameworks is necessary to evaluate how theoretical attack models relate to specific security concerns for real world systems. As a result, I expect to learn to what extent issues of (mis-)trust in real world AI systems can be reconciled with technical efforts in the adversarial example defense literature.
Scientific Interests
- Mathematics as a tool: its instrumental role in ML methods
- Model-driven vs. Data-driven science
- Philosophy of Computer Simulation and Statistics
Publications
- Christian Bischof, Nico Formanek, Petra Gehring, Michael Herrmann, Christoph Hubig, Andreas Kaminski und Felix Wolf (Hg.) (2017): Computersimulationen verstehen. Ein Toolkit für interdisziplinär Forschende aus den Geistes- und Sozialwissenschaften. Darmstadt: TU Prints, S. 35-99
- Nico Formanek & Michael Herrmann (2017): Was ist eine numerische Lösung? (draft on demand)
- Michael Herrmann (2019): Generieren wir eine Logik der Entdeckung durch Machine Learning? Steuern und Regeln: Jahrbuch Technikphilosophie 2019, S. 103-124
Recent Talks
- Monte-Carlo-Integration – Instrumentelle Rechtfertigung stochastischer Mathematik und Epistemologie der Iteration, January 2021, Kolloquium CSS Lab RWTH Aachen University
Teaching
Lecture: Modellierung, Simulation und Optimierung I and II, University of Stuttgart, 01/2019 – 07/2020