2024-08-06 –, Florentine F
One of my favourite movie franchises is the Oceans movies. What’s not to love about a heist, plot twist and George Clooney?
In this talk I’m going to convince you why, if you’re preparing your next heist, you should have me on your team as the AI guy (technically girl, but guy has a better ring to it).
I asked around my local intelligence agencies but they wouldn’t let me play with their biometrics systems, so I got the next best thing - cooperation with Australia’s 4th finest casino, Canberra Casino (plus some of my own equipment). I’m going to show you how to bypass facial recognition, retina scanners, and surveillance systems using adversarial machine learning techniques (AML). These techniques let me ‘hack’ machine learning models in order to disrupt their operations, deceive them and cause them to predict a target of my choosing, or disclose sensitive information about the training data or model internals. AI Security is the new cyber security threat, and attacks on AI systems could lead to misdiagnoses in medical imaging, navigation errors in autonomous vehicles, and successful casino heists.
Introduction:
Briefly introduce speaker (me), the Oceans movies, and its heist scenarios.
Explain the objective: Using adversarial machine learning for security breach scenarios.
Section 1: Adversarial Machine Learning Basics
Explain adversarial machine learning and how it works, including its intersection with AI security and cyber security.
Discuss the concept of adversarial attacks and their importance.
Explain how attackers can manipulate machine learning models.
Show examples of real-world attacks (e.g., image classification, speech recognition).
Section 2: Ocean's 11 Heist Scenarios
Present a few iconic heist scenarios from the Oceans 11 movie.
Discuss the security systems and biometric measures they encountered.
Explain how AI and adversarial techniques can be applied to each scenario (I will then proceed to carry them out).
Demo 1: Fooling Facial Recognition
Demonstration of a facial recognition system and explaining how they work.
Show how to create an adversarial attack evade recognition
Explain what technical trade-offs there are in its implementation and how they impact its efficacy.
Discuss the implications of this technology in real-world security.
Demo 2: Bypassing Retina Scans
Demonstration of a retina scan authentication system.
Show how to create this attack example, and how it’s different to the previous example
Discuss the ethical considerations surrounding such attacks.
Demo 3: Bypassing Voice Detection
Demonstration of voice recognition systems and how they work.
Show how we can create this attack based on methods from previous attacks
Section 3: Oceans 11 and the real world
Discuss the feasibility of these AI-driven heists in the real world.
Consider emerging trends and whether these kinds of attacks will be more likely
Discuss defences and how to ensure our systems are robust from these attacks, as both a cyber security problem and an AI security problem.
Q&A and Discussion
Open the floor for questions
Audience takeaways
The audience will come away understanding:
What Adversarial Machine Learning and how it relates to AI security and cyber security
Common adversarial machine learning techniques and how they can be applied to machine learning and artificial intelligence systems
By demonstrating some fictional scenarios but using real demos, how these can (and are) actually being applied in the real world
What defences exist for these attacks
How cyber and information security professionals can contribute their skills to AI security
The content is delivered such that anyone with a basic understanding of AI and cyber security principles should understand the key takeaways, however it is more geared towards cyber and information security professionals to understand the impact of AI on traditional attack surfaces.
Harriet Farlow is CEO at Mileva Security Labs, a PhD Candidate in Machine Learning Security, and creative mind behind the YouTube channel HarrietHacks. She missed the boat on computer hacking so now she hacks AI and Machine Learning models instead. Her career has spanned consulting, academia, a start-up and Government, but don’t judge her for that one. She also has a Bachelor in Physics and a Master in Cyber Security. She calls Australia home but has lived in the UK and the US. Her ultimate hack was in co-founding her own AI Security company but if Skynet takes over she will deny everything and pretend the AI stood for Artificial Insemination, like her Mum thinks it does. (Sorry Mum but I’m not really a Medical Doctor).