Deep learning (also known as deep structured learning) is part of a
broader family of machine learning methods based on arti icial Machine learning
supervised, semi-supervised or unsupervised.
supervised, semi-supervised or unsupervised. data mining
Most modern deep learning models are based on arti icial neural
networks, speci ically convolutional neural networks (CNN)s,
In deep learning, each level learns to transform its input data into a VC theory
slightly more abstract and composite representation. In an image
The word "deep" in "deep learning" refers to the number of layers
through which the data is
Deep neural networks are generally interpreted in terms of the universal approximation theorem or
probabilistic inference.
The classic universal approximation theorem concerns the capacity of feedforward neural networks with a
single hidden layer of inite size to approximate continuous functions. In 1989, the irst proof was published by
George Cybenko for sigmoid activation functions[citation needed] and was generalised to feed-forward multi-layer
architectures in 1991 by Kurt Hornik. Recent work also showed that universal approximation also holds for non-
bounded activation functions such as the recti ied linear unit.
The universal approximation theorem for deep neural networks concerns the capacity of networks with
bounded width but the depth is allowed to grow. Lu et al. proved that if the width of a deep neural network
with ReLU activation is strictly larger than the input dimension, then the network can approximate any
Lebesgue integrable function; If the width is smaller or equal to the input dimension, then deep neural network
is not a universal approximator.
The probabilistic interpretation derives from the ield of machine learning. It features inference, as well as the
optimization concepts of training and testing, related to itting and generalization, respectively. More
speci ically, the probabilistic interpretation considers the activation nonlinearity as a cumulative distribution
function. The probabilistic interpretation led to the introduction of dropout as regularizer in neural networks.
The probabilistic interpretation was introduced by researchers including Hop ield, Widrow and Narendra and
popularized in surveys such as the one by Bishop.
The irst general, working learning algorithm for supervised, deep, feedforward, multilayer perceptrons was
published by Alexey Ivakhnenko and Lapa in 1967. A 1971 paper described a deep network with eight layers
trained by the group method of data handling. Other deep learning working architectures, speci ically those
built for computer vision, began with the Neocognitron introduced by Kunihiko Fukushima in 1980.
The term Deep Learning was introduced to the machine learning community by Rina Dechter in 1986, and to
arti icial neural networks by Igor Aizenberg and colleagues in 2000, in the context of Boolean threshold
In 1989, Yann LeCun et al. applied the standard backpropagation algorithm, which had been around as the
reverse mode of automatic di erentiation since 1970, to a deep neural network with the purpose of recognizing
handwritten ZIP codes on mail. While the algorithm worked, training required 3 days.
By 1991 such systems were used for recognizing isolated 2-D hand-written digits, while recognizing 3-D objects
was done by matching 2-D images with a handcrafted 3-D object model. Weng et al. suggested that a human
brain does not use a monolithic 3-D object model and in 1992 they published Cresceptron, a method for
performing 3-D object recognition in cluttered scenes. Because it directly used natural images, Cresceptron
started the beginning of general-purpose visual learning for natural 3D worlds. Cresceptron is a cascade of
layers similar to Neocognitron. But while Neocognitron required a human programmer to hand-merge features,
Cresceptron learned an open number of features in each layer without supervision, where each feature is
represented by a convolution kernel. Cresceptron segmented each learned object from a cluttered scene
through back-analysis through the network. Max pooling, now often adopted by deep neural networks (e.g.
ImageNet tests), was irst used in Cresceptron to reduce the position resolution by a factor of (2x2) to 1 through
the cascade for better generalization.
In 1994, André de Carvalho, together with Mike Fairhurst and David Bisset, published experimental results of a
multi-layer boolean neural network, also known as a weightless neural network, composed of a 3-layers self-
organising feature extraction neural network module (SOFT) followed by a multi-layer classi ication neural
network module (GSN), which were independently trained. Each layer in the feature extraction module
extracted features with growing complexity regarding the previous layer.
In 1995, Brendan Frey demonstrated that it was possible to train (over two days) a network containing six fully
connected layers and several hundred hidden units using the wake-sleep algorithm, co-developed with Peter
Dayan and Hinton. Many factors contribute to the slow speed, including the vanishing gradient problem
analyzed in 1991 by Sepp Hochreiter.
Since 1997, Sven Behnke extended the feed-forward hierarchical convolutional approach in the Neural
Abstraction Pyramid by lateral and backward connections in order to lexibly incorporate context into
decisions and iteratively resolve local ambiguities.
Simpler models that use task-speci ic handcrafted features such as Gabor ilters and support vector machines
(SVMs) were a popular choice in the 1990s and 2000s, because of arti icial neural network's (ANN)
computational cost and a lack of understanding of how the brain wires its biological networks.
Both shallow and deep learning (e.g., recurrent nets) of ANNs have been explored for many years. These
methods never outperformed non-uniform internal-handcrafting Gaussian mixture model/Hidden Markov
model (GMM-HMM) technology based on generative models of speech trained discriminatively. Key di iculties
have been analyzed, including gradient diminishing and weak temporal correlation structure in neural
predictive models. Additional di iculties were the lack of training data and limited computing power.
Most speech recognition researchers moved away from neural nets to pursue generative modeling. An
exception was at SRI International in the late 1990s. Funded by the US government's NSA and DARPA, SRI
studied deep neural networks in speech and speaker recognition. The speaker recognition team led by Larry
Heck reported signi icant success with deep neural networks in speech processing in the 1998 National
Institute of Standards and Technology Speaker Recognition evaluation. The SRI deep neural network was then
deployed in the Nuance Veri ier, representing the irst major industrial application of deep learning.
The principle of elevating "raw" features over hand-crafted optimization was irst explored successfully in the
architecture of deep autoencoder on the "raw" spectrogram or linear ilter-bank features in the late 1990s,
showing its superiority over the Mel-Cepstral features that contain stages of ixed transformation from
spectrograms. The raw features of speech, waveforms, later produced excellent larger-scale results.
Many aspects of speech recognition were taken over by a deep learning method called long short-term
memory (LSTM), a recurrent neural network published by Hochreiter and Schmidhuber in 1997. LSTM RNNs
avoid the vanishing gradient problem and can learn "Very Deep Learning" tasks that require memories of
events that happened thousands of discrete time steps before, which is important for speech. In 2003, LSTM
started to become competitive with traditional speech recognizers on certain tasks. Later it was combined with
connectionist temporal classi ication (CTC) in stacks of LSTM RNNs. In 2015, Google's speech recognition
reportedly experienced a dramatic performance jump of 49% through CTC-trained LSTM, which they made
available through Google Voice Search.
In 2006, publications by Geo Hinton, Ruslan Salakhutdinov, Osindero and Teh showed how a many-layered
feedforward neural network could be e ectively pre-trained one layer at a time, treating each layer in turn as
an unsupervised restricted Boltzmann machine, then ine-tuning it using supervised backpropagation. The
papers referred to learning for deep belief nets.
Deep learning is part of state-of-the-art systems in various disciplines, particularly computer vision and
automatic speech recognition (ASR). Results on commonly used evaluation sets such as TIMIT (ASR) and MNIST
(image classi ication), as well as a range of large-vocabulary speech recognition tasks have steadily improved.
Convolutional neural networks (CNNs) were superseded for ASR by CTC for LSTM. but are more successful in
computer vision.
The impact of deep learning in industry began in the early 2000s, when CNNs already processed an estimated
10% to 20% of all the checks written in the US, according to Yann LeCun. Industrial applications of deep
learning to large-scale speech recognition started around 2010.
The 2009 NIPS Workshop on Deep Learning for Speech Recognition was motivated by the limitations of deep
generative models of speech, and the possibility that given more capable hardware and large-scale data sets
that deep neural nets (DNN) might become practical. It was believed that pre-training DNNs using generative
models of deep belief nets (DBN) would overcome the main di iculties of neural nets. However, it was
discovered that replacing pre-training with large amounts of training data for straightforward backpropagation
when using DNNs with large, context-dependent output layers produced error rates dramatically lower than
then-state-of-the-art Gaussian mixture model (GMM)/Hidden Markov Model (HMM) and also than more-
advanced generative model-based systems. The nature of the recognition errors produced by the two types of
systems was characteristically di erent, o ering technical insights into how to integrate deep learning into the
existing highly e icient, run-time speech decoding system deployed by all major speech recognition systems.
Analysis around 2009–2010, contrasting the GMM (and other generative speech models) vs. DNN models,
stimulated early industrial investment in deep learning for speech recognition, eventually leading to pervasive
and dominant use in that industry. That analysis was done with comparable performance (less than 1.5% in error
rate) between discriminative DNNs and generative models.
In 2010, researchers extended deep learning from TIMIT to large vocabulary speech recognition, by adopting
large output layers of the DNN based on context-dependent HMM states constructed by decision trees.
Advances in hardware have driven renewed interest in deep learning. In 2009, Nvidia was involved in what was
called the “big bang” of deep learning, “as deep-learning neural networks were trained with Nvidia graphics
processing units (GPUs).” That year, Andrew Ng determined that GPUs could increase the speed of deep-
learning systems by about 100 times. In particular, GPUs are well-suited for the matrix/vector computations
involved in machine learning. GPUs speed up training algorithms by orders of magnitude, reducing running
times from weeks to days. Further, specialized hardware and algorithm optimizations can be used for e icient
processing of deep learning models.
How deep learning is a Signi icant additional impacts in image or object recognition were felt from 2011
subset of machine learning to 2012. Although CNNs trained by backpropagation had been around for
and how machine learning decades, and GPU implementations of NNs for years, including CNNs, fast
is a subset of arti icial implementations of CNNs on GPUs were needed to progress on computer vision.
intelligence (AI). In 2011, this approach achieved for the irst time superhuman performance in a
visual pattern recognition contest. Also in 2011, it won the ICDAR Chinese
handwriting contest, and in May 2012, it won the ISBI image segmentation contest. Until 2011, CNNs did not
play a major role at computer vision conferences, but in June 2012, a paper by Ciresan et al. at the leading
conference CVPR showed how max-pooling CNNs on GPU can dramatically improve many vision benchmark
records. In October 2012, a similar system by Krizhevsky et al. won the large-scale ImageNet competition by a
signi icant margin over shallow machine learning methods. In November 2012, Ciresan et al.'s system also won
the ICPR contest on analysis of large medical images for cancer detection, and in the following year also the
MICCAI Grand Challenge on the same topic. In 2013 and 2014, the error rate on the ImageNet task using deep
learning was further reduced, following a similar trend in large-scale speech recognition.
Image classi ication was then extended to the more challenging task of generating descriptions (captions) for
images, often as a combination of CNNs and LSTMs.
Some researchers state that the October 2012 ImageNet victory anchored the start of a "deep learning
revolution" that has transformed the AI industry.
In March 2019, Yoshua Bengio, Geo rey Hinton and Yann LeCun were awarded the Turing Award for conceptual
and engineering breakthroughs that have made deep neural networks a critical component of computing.
Neural networks
Arti icial neural networks
Arti icial neural networks (ANNs) or connectionist systems are computing systems inspired by the biological
neural networks that constitute animal brains. Such systems learn (progressively improve their ability) to do
tasks by considering examples, generally without task-speci ic programming. For example, in image
recognition, they might learn to identify images that contain cats by analyzing example images that have been
manually labeled as "cat" or "no cat" and using the analytic results to identify cats in other images. They have
found most use in applications di icult to express with a traditional computer algorithm using rule-based
An ANN is based on a collection of connected units called arti icial neurons, (analogous to biological neurons
in a biological brain). Each connection (synapse) between neurons can transmit a signal to another neuron. The
receiving (postsynaptic) neuron can process the signal(s) and then signal downstream neurons connected to it.
Neurons may have state, generally represented by real numbers, typically between 0 and 1. Neurons and
synapses may also have a weight that varies as learning proceeds, which can increase or decrease the strength
of the signal that it sends downstream.
Typically, neurons are organized in layers. Di erent layers may perform di erent kinds of transformations on
their inputs. Signals travel from the irst (input), to the last (output) layer, possibly after traversing the layers
multiple times.
The original goal of the neural network approach was to solve problems in the same way that a human brain
would. Over time, attention focused on matching speci ic mental abilities, leading to deviations from biology
such as backpropagation, or passing information in the reverse direction and adjusting the network to re lect
that information.
Neural networks have been used on a variety of tasks, including computer vision, speech recognition, machine
translation, social network iltering, playing board and video games and medical diagnosis.
As of 2017, neural networks typically have a few thousand to a few million units and millions of connections.
Despite this number being several order of magnitude less than the number of neurons on a human brain,
these networks can perform many tasks at a level beyond that of humans (e.g., recognizing faces, playing "Go"
For example, a DNN that is trained to recognize dog breeds will go over the given image and calculate the
probability that the dog in the image is a certain breed. The user can review the results and select which
probabilities the network should display (above a certain threshold, etc.) and return the proposed label. Each
mathematical manipulation as such is considered a layer, and complex DNN have many layers, hence the name
"deep" networks.
DNNs can model complex non-linear relationships. DNN architectures generate compositional models where
the object is expressed as a layered composition of primitives. The extra layers enable composition of features
from lower layers, potentially modeling complex data with fewer units than a similarly performing shallow
network. For instance, it was proved that sparse multivariate polynomials are exponentially easier to
approximate with DNNs than with shallow networks.
Deep architectures include many variants of a few basic approaches. Each architecture has found success in
speci ic domains. It is not always possible to compare the performance of multiple architectures, unless they
have been evaluated on the same data sets.
DNNs are typically feedforward networks in which data lows from the input layer to the output layer without
looping back. At irst, the DNN creates a map of virtual neurons and assigns random numerical values, or
"weights", to connections between them. The weights and inputs are multiplied and return an output between
0 and 1. If the network did not accurately recognize a particular pattern, an algorithm would adjust the weights.
That way the algorithm can make certain parameters more in luential, until it determines the correct
mathematical manipulation to fully process the data.
Recurrent neural networks (RNNs), in which data can low in any direction, are used for applications such as
language modeling. Long short-term memory is particularly e ective for this use.
Convolutional deep neural networks (CNNs) are used in computer vision. CNNs also have been applied to
acoustic modeling for automatic speech recognition (ASR).
As with ANNs, many issues can arise with naively trained DNNs. Two common issues are over itting and
computation time.
DNNs are prone to over itting because of the added layers of abstraction, which allow them to model rare
dependencies in the training data. Regularization methods such as Ivakhnenko's unit pruning or weight decay (
-regularization) or sparsity ( -regularization) can be applied during training to combat over itting.
Alternatively dropout regularization randomly omits units from the hidden layers during training. This helps to
exclude rare dependencies. Finally, data can be augmented via methods such as cropping and rotating such
that smaller training sets can be increased in size to reduce the chances of over itting.
DNNs must consider many training parameters, such as the size (number of layers and number of units per
layer), the learning rate, and initial weights. Sweeping through the parameter space for optimal parameters
may not be feasible due to the cost in time and computational resources. Various tricks, such as batching
(computing the gradient on several training examples at once rather than individual examples) speed up
computation. Large processing capabilities of many-core architectures (such as GPUs or the Intel Xeon Phi)
have produced signi icant speedups in training, because of the suitability of such processing architectures for
the matrix and vector computations.
Alternatively, engineers may look for other types of neural networks with more straightforward and convergent
training algorithms. CMAC (cerebellar model articulation controller) is one such kind of neural network. It
doesn't require learning rates or randomized initial weights for CMAC. The training process can be guaranteed
to converge in one step with a new batch of data, and the computational complexity of the training algorithm is
linear with respect to the number of neurons involved.
Since the 2010s, advances in both machine learning algorithms and computer hardware have led to more
e icient methods for training deep neural networks that contain many layers of non-linear hidden units and a
very large output layer. By 2019, graphic processing units (GPUs), often with AI-speci ic enhancements, had
displaced CPUs as the dominant method of training large-scale commercial cloud AI. OpenAI estimated the
hardware compute used in the largest deep learning projects from AlexNet (2012) to AlphaZero (2017), and
found a 300,000-fold increase in the amount of compute required, with a doubling-time trendline of 3.4
Automatic speech recognition
Large-scale automatic speech recognition is the irst and most convincing successful case of deep learning.
LSTM RNNs can learn "Very Deep Learning" tasks that involve multi-second intervals containing speech events
separated by thousands of discrete time steps, where one time step corresponds to about 10 ms. LSTM with
forget gates is competitive with traditional speech recognizers on certain tasks.
The initial success in speech recognition was based on small-scale recognition tasks based on TIMIT. The data
set contains 630 speakers from eight major dialects of American English, where each speaker reads 10
sentences. Its small size lets many con igurations be tried. More importantly, the TIMIT task concerns phone-
sequence recognition, which, unlike word-sequence recognition, allows weak phone bigram language models.
This lets the strength of the acoustic modeling aspects of speech recognition be more easily analyzed. The
error rates listed below, including these early results and measured as percent phone error rates (PER), have
been summarized since 1991.
Percent phone
error rate (PER) (%)
Randomly Initialized RNN 26.1
Bayesian Triphone GMM-HMM 25.6
Hidden Trajectory (Generative) Model 24.8
Monophone Randomly Initialized DNN 23.4
Monophone DBN-DNN 22.4
Triphone GMM-HMM with BMMI Training 21.7
Monophone DBN-DNN on bank 20.7
Convolutional DNN 20.0
Convolutional DNN w. Heterogeneous Pooling 18.7
Ensemble DNN/CNN/RNN 18.3
Bidirectional LSTM 17.8
Hierarchical Convolutional Deep Maxout Network16.5
The debut of DNNs for speaker recognition in the late 1990s and speech recognition around 2009-2011 and of
LSTM around 2003–2007, accelerated progress in eight major areas:
All major commercial speech recognition systems (e.g., Microsoft Cortana, Xbox, Skype Translator, Amazon
Alexa, Google Now, Apple Siri, Baidu and iFlyTek voice search, and a range of Nuance speech products, etc.)
are based on deep learning.
Image recognition
A common evaluation set for image classi ication is the MNIST database data set. MNIST is composed of
handwritten digits and includes 60,000 training examples and 10,000 test examples. As with TIMIT, its small
size lets users test multiple con igurations. A comprehensive list of results on this set is available.
Deep learning-based image recognition has become "superhuman", producing more accurate results than
human contestants. This irst occurred in 2011.
Deep learning-trained vehicles now interpret 360° camera views. Another example is Facial Dysmorphology
Novel Analysis (FDNA) used to analyze cases of human malformation connected to a large database of genetic
Other key techniques in this ield are negative sampling and word embedding. Word embedding, such as
word2vec, can be thought of as a representational layer in a deep learning architecture that transforms an
atomic word into a positional representation of the word relative to other words in the dataset; the position is
represented as a point in a vector space. Using word embedding as an RNN input layer allows the network to
parse sentences and phrases using an e ective compositional vector grammar. A compositional vector
grammar can be thought of as probabilistic context free grammar (PCFG) implemented by an RNN. Recursive
auto-encoders built atop word embeddings can assess sentence similarity and detect paraphrasing. Deep
neural architectures provide the best results for constituency parsing, sentiment analysis, information retrieval,
spoken language understanding, machine translation, contextual entity linking, writing style recognition, Text
classi ication and others.
Google Translate (GT) uses a large end-to-end long short-term memory (LSTM) network. Google Neural
Machine Translation (GNMT) uses an example-based machine translation method in which the system "learns
from millions of examples." It translates "whole sentences at a time, rather than pieces. Google Translate
supports over one hundred languages. The network encodes the "semantics of the sentence rather than simply
memorizing phrase-to-phrase translations". GT uses English as an intermediate between most language pairs.
AtomNet is a deep learning system for structure-based rational drug design. AtomNet was used to predict
novel candidate biomolecules for disease targets such as the Ebola virus and multiple sclerosis.
In 2019, generative neural networks were used to produce molecules that were validated experimentally all the
way into mice.
Recommendation systems
Recommendation systems have used deep learning to extract meaningful features for a latent factor model for
content-based music and journal recommendations. Multi-view deep learning has been applied for learning
user preferences from multiple domains. The model uses a hybrid collaborative and content-based approach
and enhances recommendations in multiple tasks.
An autoencoder ANN was used in bioinformatics, to predict gene ontology annotations and gene-function
In medical informatics, deep learning was used to predict sleep quality based on data from wearables and
predictions of health complications from electronic health record data.
Mobile advertising
Finding the appropriate mobile audience for mobile advertising is always challenging, since many data points
must be considered and analyzed before a target segment can be created and used in ad serving by any ad
server. Deep learning has been used to interpret large, many-dimensioned advertising datasets. Many data
points are collected during the request/serve/click internet advertising cycle. This information can form the
basis of machine learning to improve ad selection.
Image restoration
Deep learning has been successfully applied to inverse problems such as denoising, super-resolution,
inpainting, and ilm colorization. These applications include learning methods such as "Shrinkage Fields for
E ective Image Restoration" which trains on an image dataset, and Deep Image Prior, which trains on the
image that needs restoration.
The United States Department of Defense applied deep learning to train robots in new tasks through
A variety of approaches have been used to investigate the plausibility of deep learning models from a
neurobiological perspective. On the one hand, several variants of the backpropagation algorithm have been
proposed in order to increase its processing realism. Other researchers have argued that unsupervised forms
of deep learning, such as those based on hierarchical generative models and deep belief networks, may be
closer to biological reality. In this respect, generative neural network models have been related to
neurobiological evidence about sampling-based processing in the cerebral cortex.
Although a systematic comparison between the human brain organization and the neuronal encoding in deep
networks has not yet been established, several analogies have been reported. For example, the computations
performed by deep learning units could be similar to those of actual neurons and neural populations. Similarly,
the representations developed by deep learning models are similar to those measured in the primate visual
system both at the single-unit and at the population levels.
Commercial activity
Facebook's AI lab performs tasks such as automatically tagging uploaded pictures with the names of the
people in them.
Google's DeepMind Technologies developed a system capable of learning how to play Atari video games using
only pixels as data input. In 2015 they demonstrated their AlphaGo system, which learned the game of Go well
enough to beat a professional Go player. Google Translate uses a neural network to translate between more
than 100 languages.
In 2015, Blippar demonstrated a mobile augmented reality application that uses deep learning to recognize
objects in real time.
In 2017, was launched, which focuses on integrating deep learning into factories.
As of 2008, researchers at The University of Texas at Austin (UT) developed a machine learning framework
called Training an Agent Manually via Evaluative Reinforcement, or TAMER, which proposed new methods for
robots or computer programs to learn how to perform tasks by interacting with a human instructor. First
developed as TAMER, a new algorithm called Deep TAMER was later introduced in 2018 during a collaboration
between U.S. Army Research Laboratory (ARL) and UT researchers. Deep TAMER used deep learning to provide
a robot the ability to learn new tasks through observation. Using Deep TAMER, a robot learned a task with a
human trainer, watching video streams or observing a human perform a task in-person. The robot later
practiced the task with the help of some coaching from the trainer, who provided feedback such as “good job”
and “bad job.”
A main criticism concerns the lack of theory surrounding some methods. Learning in the most common deep
architectures is implemented using well-understood gradient descent. However, the theory surrounding other
algorithms, such as contrastive divergence is less clear.[citation needed] (e.g., Does it converge? If so, how fast?
What is it approximating?) Deep learning methods are often looked at as a black box, with most con irmations
done empirically, rather than theoretically.
Others point out that deep learning should be looked at as a step towards realizing strong AI, not as an all-
encompassing solution. Despite the power of deep learning methods, they still lack much of the functionality
needed for realizing this goal entirely. Research psychologist Gary Marcus noted:
In further reference to the idea that artistic sensitivity might inhere within relatively low levels of the cognitive
hierarchy, a published series of graphic representations of the internal states of deep (20-30 layers) neural
networks attempting to discern within essentially random data the images on which they were trained
demonstrate a visual appeal: the original research notice received well over 1,000 comments, and was the
subject of what was for a time the most frequently accessed article on The Guardian's website.
Some deep learning architectures display problematic behaviors, such as con idently classifying
unrecognizable images as belonging to a familiar category of ordinary images and misclassifying minuscule
perturbations of correctly classi ied images. Goertzel hypothesized that these behaviors are due to limitations
in their internal representations and that these limitations would inhibit integration into heterogeneous multi-
component arti icial general intelligence (AGI) architectures. These issues may possibly be addressed by deep
learning architectures that internally form states homologous to image-grammar decompositions of observed
entities and events. Learning a grammar (visual or linguistic) from training data would be equivalent to
restricting the system to commonsense reasoning that operates on concepts in terms of grammatical
production rules and is a basic goal of both human language acquisition and arti icial intelligence (AI).
Cyber threat
As deep learning moves from the lab into the world, research and experience shows that arti icial neural
networks are vulnerable to hacks and deception. By identifying patterns that these systems use to function,
attackers can modify inputs to ANNs in such a way that the ANN inds a match that human observers would not
recognize. For example, an attacker can make subtle changes to an image such that the ANN inds a match
even though the image looks to a human nothing like the search target. Such a manipulation is termed an
“adversarial attack.”
In 2016 researchers used one ANN to doctor images in trial and error fashion, identify another's focal points
and thereby generate images that deceived it. The modi ied images looked no di erent to human eyes.
Another group showed that printouts of doctored images then photographed successfully tricked an image
classi ication system. One defense is reverse image search, in which a possible fake image is submitted to a
site such as TinEye that can then ind other instances of it. A re inement is to search using only parts of the
image, to identify images from which that piece may have been taken.
Another group showed that certain psychedelic spectacles could fool a facial recognition system into thinking
ordinary people were celebrities, potentially allowing one person to impersonate another. In 2017 researchers
added stickers to stop signs and caused an ANN to misclassify them.
ANNs can however be further trained to detect attempts at deception, potentially leading attackers and
defenders into an arms race similar to the kind that already de ines the malware defense industry. ANNs have
been trained to defeat ANN-based anti-malware software by repeatedly attacking a defense with malware that
was continually altered by a genetic algorithm until it tricked the anti-malware while retaining its ability to
damage the target.
Another group demonstrated that certain sounds could make the Google Now voice command system open a
particular web address that would download malware.
In “data poisoning,” false data is continually smuggled into a machine learning system's training set to prevent
it from achieving mastery.
Mühlho argues that in most commercial end-user applications of Deep Learning such as Facebook's face
recognition system, the need for training data does not stop once an ANN is trained. Rather, there is a
continued demand for human-generated veri ication data to constantly calibrate and update the ANN. For this
purpose Facebook introduced the feature that once a user is automatically recognized in an image, they
receive a noti ication. They can choose whether of not they like to be publicly labeled on the image, or tell
Facebook that it is not them in the picture. This user interface is a mechanism to generate "a constant stream
of veri ication data" to further train the network in real-time. As Mühlho argues, involvement of human users
to generate training and veri ication data is so typical for most commercial end-user applications of Deep
Learning that such systems may be referred to as "human-aided arti icial intelligence".
See also
Applications of arti icial intelligence
Comparison of deep learning software
Compressed sensing
Di erentiable programming
Echo state network
List of arti icial intelligence projects
Liquid state machine
List of datasets for machine learning research
Reservoir computing
Sparse coding
