Staying Inside the Adversarial Loop
Abstract
Deepfake videos and their ability to create realistic fake news have recently drawn attention due to the numerous negative ramifications they could have on American and global society. These faked videos could spawn disinformation campaigns capable of disrupting the security of nations, the legitimacy of voting processes, or trust in national leaders (Harwell, 2019). Before Deepfakes, experts in deep learning were warning of the ease with which these algorithms could be tricked. In a seminal paper called "Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images", Nguyen et al demonstrated that high accuracy deep neural networks would classify images that looked like static as various objects such as backpacks and soccer balls with high confidence (2015). In just three years, this seemingly harmless insight into deep learning was being applied as adversarial stickers which could be used to trick self-driving cars into thinking a stop sign is a forty-five mile per hour speed limit sign (Eykholt et al, 2018). This technology would allow outwardly meaningless stickers to fool autonomous vehicles into behaving erratically and causing injury to others. These same sorts of tactics could be applied to a plethora of problems that are of concern to the Department of Defense (DoD). Generative Adversarial Networks (GANs) are the primary method for producing Deepfake videos. Introduced in the paper "Generative Adversarial Networks" by Goodfellow et al., a GAN is described as two mirroring models trained by a common data set. These models are a generative model which produces new data such as images and a discriminative model which determines whether the data fed to it is part of the original training data set or produced by the generative model.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2020
- Accession Number
- AD1107487
Entities
People
- Chris Grimm
Organizations
- Air University