A vendor provides you with a neural network system that identifies bad entities, for some definition of "bad". Does it contain a backdoor? It is currently very difficult to look at a neural network and determine what is does. How would one design a difficult-to-detect backdoor into a deep neural net system? How would one prove a system doesn't have a backdoor?
Of course, the ultimate example of such a "system" is a double-agent human whose brain is the neural network.
No comments :
Post a Comment