[Speaker Info]
==========
Kang Li is a professor of computer science and the director of the Institute for Cybersecurity and Privacy at the University of Georgia. His research results have been published at academic venues, such as IEEE S&P;, ACM CCS and NDSS, as well as industrial conferences, such as BlackHat, DEFCON, SyScan, and ShmooCon. Dr. Kang Li is the founder and mentor of multiple CTF security teams, including SecDawg and Blue-Lotus. He was also a founder and player of the Team Disekt, a finalist team in the 2016 DARPA Cyber Grand Challenge.
[Abstract]
==========
In the past year, we have showed various attacks on AI applications by exploiting software vulnerabilities and algorithm flaws. This talk presents new evading attacks to public available image recognition APIs offered by major Internet companies.
Attacks to AI-based image recognition is a hot topic in the field of AI especially in the forms of adversarial machine learning. Generating adversarial attacks is a very active research topic. However, adversarial samples generated by academia tools, although successful in research settings, do not create mis-classification effects in practice against commercial AI services and APIs. Most commercial AI-based image recognition systems adopt defensive methods to filter their inputs, and these filters make academic adversarial examples ineffective.
The setup and parameters of these defensive filters are not known to public, and thus we design methods and tools to blindly bypass and defeat such filters. We have successfully demonstrate targeted evading attacks to most of the commercially available AI-based image recognition services. In this talk we will show methods and threat examples that allow attackers to trick multiple well-known AI-based commercial services.