Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Offensive and Offended Machine Learning

Omar "Beched" Ganiev

1 vote(s)

Over the past decade, products based on machine learning (ML) algorithms started to become a commodity. Each and every hacker who studies machine learning, can see pitfalls, weaknesses and attacks, specific to this field, along with possible benefits for offensive and defensive applications.

After approximately 2015 a lot of researchers turned towards offensive machine learning as well as adversarial attacks against machine learning models and algorithms. Since then number of papers on this topic is skyrocketing, especially regarding generative adversarial networks (GANs).

Still, a lot has to be done in practical terms: many data scientists don't release PoC exploits, and most of the ready to use things are designed for generating adversarial image recognition examples, while other potentially lucrative adversarial examples lack attention and research.

I'd like to make an effort to push the current state forward and contribute open source tools for both security testing using ML and security testing of ML.

My talk will address the following tasks:

1) Make an overview of ML security applications (mainly novel offensive applications);
2) Make an overview of attacks on ML models and algorithms;
3) Introduce several new tools useful for ML-powered attacks and for attacks on ML-powered software.
4) Propose vectors for further research and collaborative development.

Currently I'm working on the following applications:

1) Framework for bypassing biometric auth in several threat models (blackbox vs whitebox, targeted vs non-targeted attack);
2) Set of tools (including Burp Suite extension) for dynamic ML-powered prioritization of fuzzing or vulnerability scanning paths;
3) PoC adversarial attacks on search engine ranking algorithm;
4) PoC adversarial attacks on contextual ads systems, A/B testing software, fingerprinting and other marketing tools;
5) PoC adversarial attacks on popular antispam systems (also in different threat models).

Most of developed code is planned to be released as open source during the conference. Some of the tools may be integrated into existing and active projects/frameworks.

Inspiring or related projects: cleverhans, deep-pwning, evademl, avpass, etc.


Omar "Beched" Ganiev is experienced application security and penetration testing expert. He spoke on a number of conferences (PHDays, ZeroNights, OWASP, etc), won a lot of CTF competitions (as a member of LC↯BC and RDot.Org teams and individually as Beched). Received BSc and MSc in mathematics.
Now running the company Deteact and teaching computer security to university students.