Wednesday,February 19, 2020
Innovative test procedure to make the reliability of AI solutions measurable
Machine learning methods and artificial intelligence (AI) systems are already in use today in numerous IT infrastructures and networked terminal devices as a central component in the fields of analysis, forecasting and control. At the same time, there are increasing calls in Germany for more security in the use of artificial intelligence (AI). This is evidenced by a representative survey that has now been published by the TÜV Association. According to this survey, 78% of the participants would like to see laws and regulations introduced to regulate AI. 85% of those interviewed are even of the opinion that AI products should only be placed on the market after their security has been verified by independent bodies. In order to make this possible, TÜV Informationstechnik GmbH (TÜViT) took up this cause several months ago and since then has been purposefully developing itself into an "Algorithmen-TÜV". Against this background, TÜViT and Fraunhofer AISEC are currently developing processes to make the trustworthiness of AI applications both measurable and verifiable, as this is of the utmost importance not only for companies in all industries, but also for government institutions.
"Since AI has a lot of potential for companies and is increasingly being used in areas where security is critical, we would like to support companies in the development of AI solutions. For this reason, TÜViT is currently working together with Fraunhofer AISEC on a research project to test artificial intelligence," explains Dirk Kretzschmar, Managing Director of TÜV Informationstechnik GmbH. "The objective is to develop a comprehensive framework that makes the robustness of AI applications against possible attacks measurable by means of tests that have been specifically developed for this purpose."
With the help of the innovative test procedure, which in the future will enable a valid risk assessment to be carried out, AI solutions will become more transparent and comparable – and therefore certifiable. The focus here is on the aspect of IT security and therefore the question of how the robustness of an AI algorithm against hacker attacks can be determined. While AI is already better than humans in some areas today to some extent, even the slightest manipulation may well have devastating effects. "Data can be modified in such a way that the algorithm suddenly interprets a stop sign as a right-of-way sign," explains Vasilios Danos, an IT Security Consultant at TÜV Informationstechnik GmbH. "To the human eye, this manipulation would be almost imperceptible."
"In our joint project, test methods are developed that allow a quantitative evaluation of the robustness and stability of the AI algorithm and its embedding in the overall system," adds Prof. Dr. Claudia Eckert, who is the Head of the Fraunhofer AISEC Institute. "With the help of the methods developed in the Cognitive Security Technologies Department, a quantitative risk assessment of the core AI components can be carried out that takes into account the operational environment." Whether an AI application is reliable or not will become evident in the future on the basis of AI certification.
"We do not believe that placing one’s trust in the AI developers alone or even the manufacturers' own declarations is a solid basis for this. From our point of view it is necessary to carry out AI tests in a certified and independent laboratory. I say this because this is where expert knowledge and the corresponding equipment are called for. Fraunhofer AISEC has been researching for several years into methods to make AI applications more robust and secure them against manipulation, thereby making it an ideal project partner," adds Dirk Kretzschmar.
As soon as the basic framework is completed, pilot projects with manufacturers and developers of AI solutions can be conducted. Initial tests and certifications are planned for the middle of 2020.
TÜV Informationstechnik GmbH focuses solely on security in information technology and, as an independent testing service provider for IT security, is an international leader. Numerous corporations already benefit from the TÜViT-tested security. Its portfolio includes cyber security, software and hardware evaluation, IoT/Industry 4.0, data protection, ISMS, Smart Energy, mobile security, automotive security, eID and identity verification services as well as the testing and certification of data centers for physical security and high availability. TÜV Informationstechnik, founded in 1995 and headquartered in Essen, Germany, is a member of the TÜV NORD GROUP, one of the world's largest technology service providers with over 10,000 employees and business activities in 70 countries worldwide. TÜViT is the brand of the IT division of the TÜV NORD GROUP and is one of six global business units. The IT business unit includes the companies TÜV Informationstechnik GmbH and TÜV NORD IT Secure Communications GmbH & Co. KG, a Berlin-based consulting company founded in January 2018.