Attack on Titans: A Survey of New Attacks Against Big Data and Machine Learning

Presented at ShmooCon XII (2016), Jan. 16, 2016, 5 p.m. (60 minutes)

Big Data Analytics and Machine Learning are pervasive in the decision-making processes of major corporations and governments around the world. This fact introduces a new opportunity and attack vector for hackers - instead of stealing data, attackers can potentially influence or control the decisions of their victims. In our talk we highlight the poor decisions that developers make in their code that enables attackers to drastically skew machine learning models, deliver denial of service attacks, or outright gain remote code execution. We'll target applications such as Apache Hadoop with a throwback attack from 2001 and kick the doors open on OpenCV using automatic vulnerability discovery techniques. We'll also recommend a plausible dynamic defense against our novel attacks.

Presenters:

• Rock Stevens
  Rock Stevens (@ada95ftw) began working in IT as an under-paid network administrator at the age of 15. He was selected as a 2015 Madison Policy Forum Military-Business Cybersecurity Fellow and is currently pursuing a master's degree in Computer Science at the University of Maryland College Park.
• Andrew Ruef
  Andrew Ruef is a PhD student at the University of Maryland, College Park, advised by Michael Hicks. Ruef is also a researcher at Trail of Bits and is interested in reverse engineering and program analysis.

Links:

• https://infocon.org/cons/ShmooCon/ShmooCon 2016/Attack On Titans.mp4
• https://infocon.org/cons/ShmooCon/ShmooCon 2016/Attack On Titans.srt (subtitles)

Similar Presentations:

• BSidesLV 2017 / The New Cat and Mouse Game: Attacking and Defending Machine Learning Based Software
• Black Hat USA 2016 / Applied Machine Learning for Data Exfil and Other Fun Topics
• DEF CON 22 (2014) / Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring