Facebook employees use Google model to break Amazon face recognition algorithm


Facebook employees use Google model to break Amazon face recognition algorithm

Duan Qianqian

As AI became popular, security issues lurking in it began to gain attention, and even the giants were exposed to risks.

IYSWIM's team broke through the face recognition algorithm at the Geek Pwn International Safety Geek Competition on October 24, and the result was a system that identifies a photograph of Jiang Changjian, the host of Strongest Brain, as Schwarzenegger.

You know, the face recognition algorithm API interface comes from the Amazon Celebrity Identification System (Rekognition).

There are 6 teams participating in this competition. IYSWIM is the only team to break the face recognition algorithm. IYSWIM team member Wu Yuxin, a Facebook employee, said in a first financial interview that he used Google's FaceNet open source model to break the algorithm.

Danger of face recognition

This year's GeekPwn international safety geek competition has set the background of AI's control of the human world. In the first game on Oct. 24, geeks use the CAAD counter-sample technique to generate counter-samples, aiming to misjudge aircraft, weapons and faces and escape the prison of the Awakening Hackers.

The requirement is that AI recognize the spacecraft as a stone, the missile as safe, and the host Jiang Changjian's photograph as Schwarzenegger.

Face recognition is considered to be the most difficult part of the three kinds of image recognition, i.e. aircraft, missile and face recognition. It uses the Amazon Rekognition API interface.

Halfway through the competition, the aircraft and weapons were successfully broken through by the players, six teams have launched more than 90 attacks on face recognition, but failed to break the algorithm.

Event designer Wang Qi, founder and CEO of KEEN and founder of the GeekPwn hacker contest, said the problem may not have been solved by any contestant because the face recognition system has not been broken so far.

Soon after the voice dropped, about 20 minutes after the competition, the IYSWIM team successfully solved the problem, the host Jiang Changjian was systematically identified as Schwarzenegger, the scene cheered.

IYSWIM team Wu Yuxin told First Finance that he found the open source code of FaceNet on the Internet, trained with several models, and finally cracked the system algorithm in the game.

Wu Yuxin told First Finance that he had entered the competition in his own name and a famous teammate had not come to the scene. Before the competition began, he knew that the competition was face recognition, but he did not know which picture it was.

FaceNet is a Google Face Recognition System. It runs in Tensorflow environment and can be used for face verification, recognition and clustering.

Image recognition, including face recognition, is one of the most important branches of AI, and also one of the most widely used fields of scene. Face recognition is widely used in retail, security and other fields, but the GeekPwn competition, in a short period of 20 minutes to reveal the dangers to the outside world. This once again raised public concerns about face recognition and other AI technologies.

Three times the security difficulty of the Internet age.

The goal of the GeekPwn competition is to anticipate potential risks, broaden security thinking, help intelligent devices come out safer, and help artificial intelligence grow healthily.

The Geek Pwn competition has been held for five consecutive years, and the Internet security environment has changed over the past five years.

"Initially we realized that Tesla could be blackened, not just for cellphones and computers; in 2015, at the height of the O2 boom, the industry's potential hazards were, for example, calling 10,000 vehicles that paralyzed the system, blackening cleaning orders, and really being a bad guy; in 2016, the United States began to focus on wheelchairs and video games. The case of black; the AI field has attracted much attention recently. Wang Qi said to first finance.

"Safety is essentially a confrontation between man and man. In the AI era, the difficulty of attack and defense was at least tripled, not only between man and man, but also between man and machine, machine and machine, machine and man. The security problem of AI can be solved by AI. People in traditional security field can only provide ideas. Wang Qi said.


Waonews is a news media from China, with hundreds of translations, rolling updates China News, hoping to get the likes of foreign netizens