|
|
|
|
|
|
by Tiki
3025 days ago
|
|
|
People building automated vehicle algorithms must have their hands full, I can't even begin to think how you'd wrangle the amount of noise that exists in the real world. Then you have to imagine all the ways that a system can be exploited in the ways that it's supposed to function. How does it handle a road side advertisement with a stop sign? A cardboard cutout of a person next to the side of the road? All the reflective materials and their individual properties? I know a lot of it is radar related so it's not just image processing, but I can imagine a lot of ways that could be fooled and go wrong as well. |
|
|
I believe that most ML applications are fool-able by attacks of the same type as would fool a human doing the same task as the ML. The really big difference is the scale of attack required to fool ML vs a human.
For example, let's consider ML processing of camera+lidar data, similar to Google's self driving system, versus a cardboard cut-out of a puppy in the road. A human could be fooled by a really elaborate cardboard cut-out, or one viewed at a high speed. ML is likely to be fooled by a cut-out as well, but the elaborateness required of the cut-out would likely be lower (people would notice it doesn't look normal, while the ML has a much smaller dataset than the average person, and hasn't focussed on cute furry puppies as much). The ML would also likely be much better at dealing with high speeds than a human would be, because we don't have built in lidars and our brains work order of magnitudes slower; but taken to an extreme (ML can't complete processing in time to identify fake), the ML would not be able to tell the difference.
There are certainly other ways to go about it, but I think this is the most straight forward and general 'attack', in that false positives are unavoidable in ML (and in humans).