Prof. Dr. Konrad Rieck
Technische Universität Braunschweig
21st April 2022, 12:00pm - 2:00pm (GST)
Adversarial Preprocessing: Image-Scaling Attacks in Machine Learning
The remarkable advances of machine learning are overshadowed by attacks that thwart its proper operation. While previous work has mainly focused on attacking learning algorithms directly, another weak spot in intelligent systems has been overlooked: preprocessing. As an example of this threat, I present a recent class of attacks against image scaling. These attacks are agnostic to learning algorithms and affect the preprocessing of all vision systems that use vulnerable implementations, including versions of TensorFlow, OpenCV, and Pillow. Based on a root-cause analysis of the vulnerabilities, I introduce novel defenses that effectively block image-scaling attacks in practice and can be easily added to existing systems.
Konrad Rieck is a Full Professor at TU Braunschweig, where he leads the Institute of System Security. Previously, he worked at the University of Göttingen, TU Berlin and Fraunhofer Institute FIRST. Konrad's research interests revolve around computer security and machine learning. Together with his group, he develops learning-based methods for detecting computer attacks, analyzing malicious code, and discovering vulnerabilities. His research has received different awards, including a Google Faculty Research Award, the German IT Security Award, and recently an ERC Consolidator Grant.