Menu

Engineers TV

As a member of Engineers Ireland you have access to Engineers TV, which contains presentations, technical lectures, courses and seminar recordings as well as events, awards footage and interviews.

Researchers develop a more robust machine-vision architecture by studying how human vision responds to changing viewpoints of objects.

Suppose you look briefly from a few feet away at a person you have never met before. Step back a few paces and look again. Will you be able to recognise her face? “Yes, of course,” you probably are thinking.

If this is true, it would mean that our visual system, having seen a single image of an object such as a specific face, recognises it robustly despite changes to the object’s position and scale, for example.

Vanilla deep networks

On the other hand, we know that state-of-the-art classifiers, such as vanilla deep networks, will fail this simple test.

In order to recognise a specific face under a range of transformations, neural networks need to be trained with many examples of the face under the different conditions.

In other words, they can achieve invariance through memorisation, but cannot do it if only one image is available.

Thus, understanding how human vision can pull off this remarkable feat is relevant for engineers aiming to improve their existing classifiers.

It also is important for neuroscientists modelling the primate visual system with deep networks. In particular, it is possible that the invariance with one-shot learning exhibited by biological vision requires a rather different computational strategy than that of deep networks.

A paper by MIT PhD candidate in electrical engineering and computer science Yena Han and colleagues in 'Nature Scientific Reports' entitled 'Scale and translation-invariance for novel objects in human vision' discusses how they study this phenomenon more carefully to create novel biologically inspired networks.

Vast implications for engineering of vision systems

"Humans can learn from very few examples, unlike deep networks. This is a huge difference with vast implications for engineering of vision systems and for understanding how human vision really works," states co-author Tomaso Poggio — director of the Center for Brains, Minds and Machines (CBMM) and the Eugene McDermott Professor of Brain and Cognitive Sciences at MIT.

"A key reason for this difference is the relative invariance of the primate visual system to scale, shift, and other transformations.

"Strangely, this has been mostly neglected in the AI community, in part because the psychophysical data were so far less than clear-cut. Han's work has now established solid measurements of basic invariances of human vision.”

To differentiate invariance rising from intrinsic computation with that from experience and memorisation, the new study measured the range of invariance in one-shot learning.

A one-shot learning task was performed by presenting Korean letter stimuli to human subjects who were unfamiliar with the language.

These letters were initially presented a single time under one specific condition and tested at different scales or positions than the original condition.

The first experimental result is that — just as you guessed — humans showed significant scale-invariant recognition after only a single exposure to these novel objects. The second result is that the range of position-invariance is limited, depending on the size and placement of objects.

Next, Han and her colleagues performed a comparable experiment in deep neural networks designed to reproduce this human performance.

The results suggest that to explain invariant recognition of objects by humans, neural network models should explicitly incorporate built-in scale-invariance.

Limited position-invariance of human vision

In addition, limited position-invariance of human vision is better replicated in the network by having the model neurons’ receptive fields increase as they are further from the centre of the visual field.

This architecture is different from commonly used neural network models, where an image is processed under uniform resolution with the same shared filters.

“Our work provides a new understanding of the brain representation of objects under different viewpoints. It also has implications for AI, as the results provide new insights into what is a good architectural design for deep neural networks,” remarks Han, CBMM researcher and lead author of the study.

Bridging the gap between human and machine vision

Model from the Computer Science and Artificial Intelligence Laboratory identifies 'serial hijackers' of internet IP addresses.

Hijacking IP addresses is an increasingly popular form of cyber attack. This is done for a range of reasons, from sending spam and malware to stealing Bitcoin. It is estimated that in 2017 alone, routing incidents such as IP hijacks affected more than 10 per cent of all the world’s routing domains.

There have been major incidents at Amazon and Google and even in nation states — a study last year suggested that a Chinese telecom company used the approach to gather intelligence on western countries by rerouting their internet traffic through China.

Existing efforts to detect IP hijacks tend to look at specific cases when they’re already in process. But what if we could predict these incidents in advance by tracing things back to the hijackers themselves?

That’s the idea behind a new machine-learning system developed by researchers at MIT and the University of California at San Diego (UCSD).

By illuminating some of the common qualities of what they call 'serial hijackers', the team trained their system to be able to identify roughly 800 suspicious networks — and found that some of them had been hijacking IP addresses for years.

“Network operators normally have to handle such incidents reactively and on a case-by-case basis, making it easy for cybercriminals to continue to thrive,” says lead author Cecilia Testart, a graduate student at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) who will present the paper at the ACM Internet Measurement Conference in Amsterdam on October 23.

“This is a key first step in being able to shed light on serial hijackers’ behaviour and proactively defend against their attacks.”

The paper is a collaboration between CSAIL and the Center for Applied Internet Data Analysis at UCSD’s Supercomputer Center. The paper was written by Testart and David Clark, an MIT senior research scientist, alongside MIT postdoc Philipp Richter and data scientist Alistair King as well as research scientist Alberto Dainotti of UCSD.

The nature of nearby networks

IP hijackers exploit a key shortcoming in the Border Gateway Protocol (BGP), a routing mechanism that essentially allows different parts of the internet to talk to each other. Through BGP, networks exchange routing information so that data packets find their way to the correct destination.

In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That’s unfortunately not very hard to do, since BGP itself doesn’t have any security procedures for validating that a message is actually coming from the place it says it’s coming from.

“It’s like a game of Telephone, where you know who your nearest neighbour is, but you don’t know the neighbours five or 10 nodes away,” says Testart.

In 1998 the US Senate's first-ever cybersecurity hearing featured a team of hackers who claimed that they could use IP hijacking to take down the internet in under 30 minutes. Dainotti says that, more than 20 years later, the lack of deployment of security mechanisms in BGP is still a serious concern.

To better pinpoint serial attacks, the group first pulled data from several years’ worth of network operator mailing lists, as well as historical BGP data taken every five minutes from the global routing table.

From that, they observed particular qualities of malicious actors and then trained a machine-learning model to automatically identify such behaviours.

The system flagged networks that had several key characteristics, particularly with respect to the nature of the specific blocks of IP addresses they use:

  • Volatile changes in activity: hijackers’ address blocks seem to disappear much faster than those of legitimate networks. The average duration of a flagged network’s prefix was less than 50 days, compared to almost two years for legitimate networks.
  • Multiple address blocks: serial hijackers tend to advertise many more blocks of IP addresses, also known as 'network prefixes'.
  • IP addresses in multiple countries: most networks don’t have foreign IP addresses. In contrast, for the networks that serial hijackers advertised that they had, they were much more likely to be registered in different countries and continents.

Identifying false positives

Testart said that one challenge in developing the system was that events that look like IP hijacks can often be the result of human error, or otherwise legitimate.

For example, a network operator might use BGP to defend against distributed denial-of-service attacks in which there’s huge amounts of traffic going to their network.

Modifying the route is a legitimate way to shut down the attack, but it looks virtually identical to an actual hijack.

Because of this issue, the team often had to manually jump in to identify false positives, which accounted for roughly 20 per cent of the cases identified by their classifier.

Moving forward, the researchers are hopeful that future iterations will require minimal human supervision and could eventually be deployed in production environments.

“The authors' results show that past behaviours are clearly not being used to limit bad behaviours and prevent subsequent attacks,” says David Plonka, a senior research scientist at Akamai Technologies who was not involved in the work.

“One implication of this work is that network operators can take a step back and examine global internet routing across years, rather than just myopically focusing on individual incidents.”

As people increasingly rely on the Internet for critical transactions, Testart says that she expects IP hijacking’s potential for damage to only get worse. But she is also hopeful that it could be made more difficult by new security measures.

In particular, large backbone networks such as AT&T have recently announced the adoption of resource public key infrastructure (RPKI), a mechanism that uses cryptographic certificates to ensure that a network announces only its legitimate IP addresses.

“This project could nicely complement the existing best solutions to prevent such abuse that include filtering, anti-spoofing, co-ordination via contact databases, and sharing routing policies so that other networks can validate it,” says Plonka.

“It remains to be seen whether misbehaving networks will continue to be able to game their way to a good reputation. But this work is a great way to either validate or redirect the network operator community's efforts to put an end to these present dangers.”

Using machine learning to hunt down cybercriminals

Theme picker

Engineers Ireland
Engineers TV Live broadcast channel
View live broadcasts from Engineers Ireland
Learn more