دانلود کتاب امنیت و ایمنی هوش مصنوعی

Whenever it comes to cyberspace security, pessimistic voices like “the picture is far from rosy” or “a lot of work is needed for improvement” rise and confound the decision-makers: why cyberspace security has hardly made headway? What can be done to get rid of cyberspace security concerns? Threats to cyberspace security, in fact, are inevitable because the cyberspace remains in flux. On the Symposium on Cybersecurity and IT Application held on April 19, 2016, President Xi Jinping pointed out that we should have a correct outlook for cyberspace security, and cybersecurity is a dynamic, rather than static, process. In other words, the situation of cyberspace security keeps changing—once a security trouble is shot, another may rear its head. Among all the contributing factors to cyberspace security problems, those associated with new technologies are the most prominent in that new technologies are inevitably accompanied with new security concerns, and the constant emergence of new technologies or systems will, as a consequence, incur new security and safety menaces. If we stop inventing new technologies and preventing information systems from upgrading in the coming five years, all cyberspace and information security problems will be effaced and we will enjoy a 100% secure cyberspace. This, however, will be just hypothetical. The world will keep moving forward and new technologies; hence, the subsequent security problems will never cease to emerge. New technologies are bound to bring about new security concerns, which are called the security accompanied security effect of new technologies. Such accompanied security problems are manifested in two aspects: first, inherent vulnerabilities of a new technology will lead the new technological system to unstable or unsecure operation, which is referred to as the endogenous problem of new technologies; second, the vulnerabilities of a new technology will not impair the new technological system’s normal operation, but will impose security threats to other fields, which is referred to as the derivative security problem of new technologies. Aside from the security-accompanied effect, new technologies, when applied to improving security, have the security empowerment effect. The security empowerment effect of a new technology is also manifested in two aspects: it can empower defense, but once maliciously exploited, may also empower attacks and put the security of other fields at stake. Apparently, empowerment of attacks by new technologies is one of the reasons why ensuring cyberspace security remains a challenge. Since its inception in the 1950s, AI has gone ups and downs, evolving upwards in a spiral. In the 21st century, because of its spectacular achievements in application, AI has been recognized as a new driving force of social advancement in the field of information communication. In fact, approaches like deep learning and software architecture that promote AI development and its application in practice are new inventions in the 21st century. Therefore, it is fair to say that AI is an emerging informatics technology. Another reason why AI is deemed a new technology is the wide attention and tremendous investment it draws from governments around the world, which showcase the high expectation the global community has for AI to benefit the human society. As a new technology, however, AI inevitably has both the security-accompanied effect and security empowerment effect. The security-accompanied effect is mainly manifested as the endogenous effect of AI, or the AI security problem. For instance, AI algorithms rely heavily on statistical results. In particular, intelligent learning systems like neural networks adjust the link weights in the hidden layer to record information of features obtained by the system’s statistical learning. These weights, however, are beyond explainability, and thus they can only be used but not predicted. In this case, it is unpredictable what weights the system will adjust, in what way the weights will be adjusted, what consequences the adjustment will have, or what learning processes will result in the adjustment, therefore leaving open a window for the popular “adversarial example attacks”. In this sense, adversarial example attacks can be classified as an accompanied endogenous security problem of AI. Likewise, unexplainability of the AI system may not undermine the system’s normal operation, but will it go out of control and fail to work the way it is designed for? Will it pose threats to human beings when it goes amok? A mere thought of these questions is already hair-raising. An assistive robot for the disabled, if not working in the preset ways, will be reduced into a safety menace, and then we may find that a less intelligent robot will have a smaller chance to go out of control. Therefore, the fact that an artificial intelligence actant may go out of control is a derivative problem of AI, or an AI safety problem. In terms of the security empowerment effect of AI, the examples of AI-powered defense and AI-powered attacks are abundant. A typical example of AI-powered defense is the application of AI to cyberspace security situational awareness, while Deepfake, an AI technology that changes faces to circumvent novelty detection of facial recognition systems, is a textbook example of AI-powered attacks. As AI gains increasing attention from the governments around the world, the global community is placing more hopes on this new technology to improve people’s life and even to upgrade national governance models. As a result, most studies on AI focus on how to advance AI technologies and how to commercialize AI products. The considerable investment to AI has, however, furthered the imbalance between AI development and the AI security problems that usually fail to catch our attention. While reveling in the social progress boosted by AI technology, we are likely to overlook the AI accompanied security problems as well as AI-powered attacks. As a professional team long engaged in research on cyberspace security, we think its high time that we should pay attention to AI security and safety problems. In fact, the security and safety concerns that accompany AI development refer to not only endogenous or derivative security problems, but also a series of problems concerning codes of ethics, laws and social governance. Therefore, with the support from Cyberspace Institute of Advanced Technology of Guangzhou University, this book is edited, with a vision to increase the public awareness of AI security and safety problems together with the development of AI. This book comprises 12 chapters. Chapter 1 that introduces the history of AI development is authored by Binxing Fang and Weihong Han; Chap. 2 that expounds on AI development strategies of governments around the world is authored by Shudong Li and Binxing Fang; Chap. 3—Introduction to AI Security and Safety, is authored by Xiang Cui; Chap. 4 that focuses on AI for security is authored by Peng Liao; Chap. 5 that probes into AI security is authored by Zhaoquan Gu; Chap. 6 that discusses AI safety is authored by Shen Su and Zhihong Tian; Chap. 7 that introduces artificial intelligence actants is authored by Hui Lu; the authors for Chap. 8—AIA Safety Hoop—are Zhihong Tian and Xiang Cui; Chap. 9 focusing on security evaluation and detection of AIAs is authored by Binxing Fang and Lin Jiang; Chap. 10 that discusses codes of ethics of AI is authored by Binxing Fang and Jie Yin; Chap. 11 that explores advanced AI technologies is authored by Mohan Li; Chap. 12 that discusses the future of AI security is authored by Binxing Fang and Zhaoquan Gu. The book is compiled by Binxing Fang, Zhaoquan Gu and Xiang Cui. We want to extend our appreciation to Academician Fang Wen, who has offered much guidance during the compilation of the book. We are also grateful to Lisong Zhao and Yanbo Shen, two associate editors with Publishing House of Electronics Industry, for their efforts in publishing the Chinese version of the book. AI, in its long history of development, has been studied by different methodologies and from different technical perspectives. Though most of these studies yield similar results, scholars uphold different views. It is impossible for this book to include studies of different academic schools and cover all AI-related security and safety problems. Thus, this book only intends to serve as a modest start to inspire more discussions on AI-related security problems and technologies. We expect the readers’ understanding if there is room for improvement.