Dailydave mailing list archives
Re: data mining, computer security
From: John Sawyer <jsawyer () ufl edu>
Date: Thu, 6 May 2010 11:49:00 -0400
An additional note to your side note...At DEFCON last year as part of the badge hacking contest, Zoz created a hat with pulsing LEDs to defeat facial recognition systems. His hack won and here's a shot of Joe Grand wearing the hat during the closing ceremony.
http://hackaday.com/2009/08/04/defcon-17-badge-hacking/ Be sure to read Zoz's comment that has more info and some links. http://hackaday.com/2009/08/04/defcon-17-badge-hacking/#comment-84166 -jhs On May 6, 2010, at 10:16 AM, Kevin Stadmeyer wrote:
Quick side note but there was an interesting article on fooling face recognition, so at least some research has been done in the field:http://news.cnet.com/8301-17938_105-20003431-1.html On Thu, May 6, 2010 at 1:50 AM, Josh Saxe <joshsaxe () yahoo com> wrote: Hi --Here's a thought I thought might get an interesting response on this list.I've been thinking: cyber-security, narrowly constructed is focused on protecting IT resources from being compromised or disabled. Perhaps search and classification problems are also an arena for cybersecurity, goals being obfuscating patterns in a dataset, or finding them.Anyone who wants to avoid classification by a facial recognition algorithm should know how that algorithm works, and use that knowledge to evade detection (is there a shape of fake mustache that optimally throws off a given face classifier? =). On the other hand the designers of the facial recognition algorithms need to learn from the 'evaders' and respond with more sophisticated algorithms. This isn't dissimilar from the cat and mouse game played between exploit developers and application security whitehats. And as the size of the world's databases, and the 'instrumentation' of human activity grows, I wonder if this search / evasion problem won't become more and more important.There are definitely a lot of arenas where this is important. Credit card fraudsters can strengthen their positions by understanding the anomaly detection algorithms used by the credit card companies and modifying their purchasing behaviors to elide their detection. Terrorists building training camps need to understand image analysis algorithms that government agencies run on satellite photos. Of course, spammers have already been playing this game with text classification algorithms, 'link-spammers' have played this game with web-graph analysis algorithms, etc, so this isn't a new idea, but one that I think is likely to become more important.Josh _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- data mining, computer security Josh Saxe (May 06)
- Re: data mining, computer security Kevin Stadmeyer (May 06)
- Re: data mining, computer security John Sawyer (May 06)
- Re: data mining, computer security Vitaly Osipov (May 07)
- Re: data mining, computer security Kevin Stadmeyer (May 06)