Attack on Titans: A Survey of New Attacks Against Big Data and Machine Learning

ShmooCon XII - 2016

Presented by: Andrew Ruef, Rock Stevens
Date: Saturday January 16, 2016
Time: 17:00 - 17:50
Location: Belay It!

Big Data Analytics and Machine Learning are pervasive in the decision-making processes of major corporations and governments around the world. This fact introduces a new opportunity and attack vector for hackers — instead of stealing data, attackers can potentially influence or control the decisions of their victims. In our talk we highlight the poor decisions that developers make in their code that enables attackers to drastically skew machine learning models, deliver denial of service attacks, or outright gain remote code execution. We’ll target applications such as Apache Hadoop with a throwback attack from 2001 and kick the doors open on OpenCV using automatic vulnerability discovery techniques. We’ll also recommend a plausible dynamic defense against our novel attacks.

Andrew Ruef

Andrew Ruef is a PhD student at the University of Maryland, College Park, advised by Michael Hicks. Ruef is also a researcher at Trail of Bits and is interested in reverse engineering and program analysis.

Rock Stevens

Rock Stevens (@ada95ftw) began working in IT as an under-paid network administrator at the age of 15. He was selected as a 2015 Madison Policy Forum Military-Business Cybersecurity Fellow and is currently pursuing a master’s degree in Computer Science at the University of Maryland College Park.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats