Big Data Analytics and Machine Learning are pervasive in the decision-making processes of major corporations and governments around the world. This fact introduces a new opportunity and attack vector for hackers — instead of stealing data, attackers can potentially influence or control the decisions of their victims. In our talk we highlight the poor decisions that developers make in their code that enables attackers to drastically skew machine learning models, deliver denial of service attacks, or outright gain remote code execution. We’ll target applications such as Apache Hadoop with a throwback attack from 2001 and kick the doors open on OpenCV using automatic vulnerability discovery techniques. We’ll also recommend a plausible dynamic defense against our novel attacks.
Andrew Ruef is a PhD student at the University of Maryland, College Park, advised by Michael Hicks. Ruef is also a researcher at Trail of Bits and is interested in reverse engineering and program analysis.
Rock Stevens (@ada95ftw) began working in IT as an under-paid network administrator at the age of 15. He was selected as a 2015 Madison Policy Forum Military-Business Cybersecurity Fellow and is currently pursuing a master’s degree in Computer Science at the University of Maryland College Park.