Is Automated Data Poisoning a Way to Stop AI Data Theft?

What if stolen data could be made useless to hackers but useful to authorized users?

Researchers say the have developed a tools that can make stolen high-value proprietary data used in AI systems useless. This, assuming it works, could be the tool of choice of security officers.

The technique was created by researchers from China and Singapore (which does not instill a lot of confidence, but maybe …). It works by injecting plausible but fake data into the AI’s knowledge graph.

Inserting fake data into computers is not new. The tool, however, is new. Using this tool, authorized users with the key can distinguish fake data from real data and allow the AI to ignore the fake data.

They CLAIM that it reduces the accuracy for unauthorized users to list a bit over 5 percent while not degrading the accuracy for authorized users at all. Even better, it only increases overhead by 15 percent, which may well be tolerable.

They also claim that even when the attackers know that the data is polluted and try to clean it up, the system retains over 80 percent of the pollution.

Noted Cryptography and lecturer at Harvard’s Kennedy School says that data poisoning has never worked well.

On the other end of the spectrum, US cybersecurity and AI consultant Joseph Steinberg disagrees and says it could work.

This is not a silver bullet, but certainly an interesting area of investigation that is worthy of continued research. Credit: CSO Online

by