Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

GANs and Roses: Weaponizing the CEO Scam Fraud with AI and Autoencoders

324 Aufrufe

Veröffentlicht am

The combat to discern what if news are real or not has already begun. Generating fake content has never been so easy.
Artificial Intelligence has become a useful resource to apply techniques for an easy generation of non-legitimate content.
These new tools have become a threat for Fake News, phishing campaigns and cunning fraud strategies generation.

In this talk/slides, the most extended techniques for the generation of deceitful content are explained from both technical and practical approaches.
The capabilities of the state-of-the-art generative models (i.e., Variational Autoencoders and Generative Adversarial Networks) will be exemplified by means of a Chief Executive Officer fraud sample generation, including fake images generation and custom voice production.
Additionally, considering the big amount of fake content society is currently exposed, different Machine Learning te

Veröffentlicht in: Technologie
  • If you’re looking for a great essay service then you should check out ⇒ www.HelpWriting.net ⇐. A friend of mine asked them to write a whole dissertation for him and he said it turned out great! Afterwards I also ordered an essay from them and I was very happy with the work I got too.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Get the best essay, research papers or dissertations. from ⇒ www.WritePaper.info ⇐ A team of professional authors with huge experience will give u a result that will overcome your expectations.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • I pasted a website that might be helpful to you: ⇒ www.WritePaper.info ⇐ Good luck!
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Did you know you could take online ➤➤ https://dwz1.cc/v5Fcq3Qr
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Gehören Sie zu den Ersten, denen das gefällt!

GANs and Roses: Weaponizing the CEO Scam Fraud with AI and Autoencoders

  1. 1. GANs and Roses: Weaponizing the CEO Scam Fraud with AI and Autoencoders Fran Ramírez @cybercaronte Pablo González @pablogonzalezpe Enrique Blanco @eblanco_h Ideas Locas CDO Telefónica / ElevenPaths
  2. 2. University Degree in Computing Engineering and Master degree in Cybersecurity. Speaker at BlackHat Europe Arsenal, 8dot8, Rooted Con, etc. Microsoft MVP 2017-2018-2019. Writer of several computer security books as Metasploit for Pentesters, Ethical Hacking, Pentesting with Kali, Metasploit hacking, Got Root and Powershell pentesting. Co-founder of flu-project and founder of hackersClub. More than 10 years working in cybersecurity and teacher of several masters in cybersecurity in Spain. Currently working as Project/Team Manager and Security Researcher at Telefonica and ElevenPaths. Pablo González Pérez @pablogonzalezpe whoami $> Pablo González
  3. 3. whoami $> Enrique Blanco Licenciado en Ciencias Físicas (UCM) Máster en Astrofísica (UCM) Investigador en Data Science y Smart Energy Grids en NEC Laboratories Europe GmbH Ingeniería de Sistemas en Indra Espacio Equipo de Ideas Locas CDO de Telefónica: Proyectos de investigación y divulgación de contenido relacionado con Inteligencia Artificial. Enrique Blanco @eblanco_h
  4. 4. University Degree in Computing Engineering, Certificate of higher education in Industrial and Digital Electronics and Master’s degree in Cybersecurity. Huge experience working as an IT Senior System Engineer in USA and Canada, consolidating IT technologies and datacenters. Working at Telefonica and ElevenPaths from 2017 as Security Researcher. Co-writer of the following books: "SecDevOps: Docker", "Microhistorias" (computer history) and "Computer Security: Machine Learning Techniques", 0xWord publishing. Founder and writer blog: www.cyberhades.com (nick: cybercaronte) about security and geek culture. Fran Ramírez @cyberhadesblog @cybercaronte cybercaronte@cyberhades.com whoami $> Fran Ramírez
  5. 5. What is this about? 1. News and Fake News 2. AI and ML basics 3. Attack / Defense based on Machine Learning 4. How-To: what can you do with all this stuff? (Mode Low-Cost = ON) 5. Evolution and implementation. CEO Scam Fraud
  6. 6. News and Fake News Deep Fakes The first implemetantion of this technique was… Pornography, Here we go!
  7. 7. Artificial Intelligence as a Deep Fake News generator … Fake Obama created using AI video tool - BBC News - 19 jul. 2017 News and Fake News
  8. 8. Scary … News and Fake News
  9. 9. Is AI and ML really so important? News and Fake News
  10. 10. Machine Learning • Extract data • Data Knowledge • Information AI and ML basics
  11. 11. • Mathematical representation of a real-world process • It's just a function with the ability to give a prediction. • Generating an ML model requires a training data to be provided to an algorithm so that it can "learn". What is an algorithm? AI and ML basics MODEL
  12. 12. • Definition: set of steps that are sent to a model to perform calculations or processing. Source: https://www.ellucian.com/insights/machine-learning-can- change-way-institutions-operate feeds trains ALGORITHM AI and ML basics
  13. 13. • User provides algorithm example input-output pairs • The algorithm is in charge to learn the relation input-output • User has the values of the inputs and the outputs (Labels) Fuente: http://jeremy.kiwi.nz/pythoncourse/2016/04/01/lesson07rd.html Supervised learning AI and ML basics
  14. 14. • There's no supervision of any kind. Only input data is available (no Labels). • Target: –describe the structure of the data, –find some kind of organization to simplify the analysis. –Explorative character Fuente: http://jeremy.kiwi.nz/pythoncourse/2016/04/01/lesson07rd.html Unsupervised learning AI and ML basics
  15. 15. Fuente: Multilayer neural network topology. Deep Learning, A practiotioner’s approach. O’Reilly. Fuente: Single-layer perceptron. Deep Learning, A practiotioner’s approach. O’Reilly. Neural Networks AI and ML basics
  16. 16. Set of ML algorithms that model high- level abstractions in data using deep architectures • Arquitecturas de Deep Learning: • Redes Neuronales Profundas (DNN) • Redes Neuronales Convolucionales (CNN) • Redes Neuronales Recurrentes (RNN) • … • Aplicadas a Visión Artificial, Natural Language Processing… The activations of an example ConvNet architecture. Fuente: http://cs231n.github.io/convolutional-networks/ AI and ML basics Deep Learning
  17. 17. Attack
  18. 18. Attack, choose your weapon! Discriminative model vs Generative model
  19. 19. • They learn the type of data distribution through unsupervised learning. unlabelled data! • Goal: generate new samples with slight variations on that distribution • Most used approaches: –Variational Autoencoders (VAEs) –Generative Adversarial Networks (GANs) Attack, choose your weapon! Generative model
  20. 20. Attack, choose your weapon! Autoencoders Autoencoder is an unsupervised artificial neural network that learns how to efficiently compress and encode data then learns how to reconstruct the data back from the reduced encoded representation to a representation that is as close to the original input as possible. https://mlexplained.com/2017/12/28/an-intuitive-explanation-of-variational-autoencoders-vaes-part-1/
  21. 21. Attack, choose your weapon! VAEs (Variational Autoencoders) https://mlexplained.com/2017/12/28/an-intuitive-explanation-of-variational-autoencoders-vaes-part-1/
  22. 22. Fuente: https://www.kdnuggets.com/2017/01/generative-adversarial-networks-hot-topic-machine-learning.html GAN training: • G generates samples and transfers them to D (G tries to cheat D) • D estimates the probability that the sample comes from G (D tries to discover G) • Train D to unmask G maximizing the likelihood that D is wrong • Facilitate to G how closely it has been to cheat D GANs (Generative Adversarial Networks) Attack, choose your weapon!
  23. 23. Real Pablo Fake Pablo Latent space Compressing Attack, choose your weapon! GANs (Generative Adversarial Networks)
  24. 24. Real Pablo Fake Pablo Attack, choose your weapon! GANs (Generative Adversarial Networks)
  25. 25. Risks in GAN training: • Long ... really long training times • The model may not converge. Difficult to choose ideal architecture. Difficulty in choosing hyperparameters. –G remains stuck and does not generate varied samples. –D gets too good and condemns G VAEs (Variational Autoencoders) Attack, choose your weapon!
  26. 26. https://github.com/iperov/DeepFaceLab Hardware Model HP ZBook Studio G4 CPU Intel® Core™ i7- 7700HQ CPU @ 2.80GHz RAM 16,0 GB GPU NVIDIA Quadro P600 4 GB Software Pre-built Windows App CUDA 9.0 CUDNN 7.1 GPU drivers Attack, choose your weapon! Face Swapping
  27. 27. Técnica de FaceSwapping con VAEs Faceswapping Pablo González – Miguel Lago VAEs: Pablo vs Comedian
  28. 28. VAEs: Enrique vs Mourinho Faceswapping Enrique Blanco – Mour
  29. 29. 1. Face Detection and Extraction Recommended duration: ∼2 min minimum Similar lighting conditions to the destination video Similar orientation of the face [ ! ] 2,924 faces extracted Facial frame detection Example. [ ! ] 3,605 faces extracted Attack, choose your weapon! Face Swapping. Steps.
  30. 30. Imagen original Imagen reconstruida Vector base Encoder Decoder 2. VAE Training Attack, choose your weapon! Face Swapping. Steps.
  31. 31. Vector base A Encoder A Decoder A Vector base B Encoder B Decoder B Original Image B Original image A Reconstructed image B Reconstructed image A2. VAE Training Attack, choose your weapon! Face Swapping. Steps.
  32. 32. Vector base A Decoder A Vector base B Decoder B Original image B Original image A Reconstructed image B Reconstructed image A Encoder A U B 2. VAE Training Attack, choose your weapon! Face Swapping. Steps.
  33. 33. Original images (test dataset) [col 1, 3] A images generated after Decoder A [col 2] B images generated after Decoder B [col 4] A images generated after Decoder B [col 5] Attack, choose your weapon! Face Swapping. Steps.
  34. 34. Vector base A Decoder A Vector base B Decoder B Original B Image Original A Image Encoder A U B 2. Tests and results Attack, choose your weapon! Face Swapping. Steps. Reconstructed A image but with B factions Reconstructed B image but with A factions
  35. 35. Target: Generative model to imitate the features detected by a camera to accomplish a CEO scam in real time. face2face-demo: takes facial landmarks for the generation of faces making use of DCGAN. https://github.com/datitran/face2face-demo Software Anaconda / Python 3.5 tensorflow-gpu 1.3 openCV 3.0 dlib 19.4 pix2pix-tensorflow (*) CUDA 8.0 CUDNN 6.0 Drivers aplicables a la GPU Attack, choose your weapon! Face Swapping. Target and Tools.
  36. 36. Attack, choose your weapon! Face Swapping. Meet: Chema Alonso (CEO/CDO)
  37. 37. 1. Training data generation a. Face detection from source video (real) b. Factions detection using dlib pose estimator – 68 face landmarks (*) (*) One Millisecond Face Alignment with an Ensemble of Regression Trees by Vahid Kazemi and Josephine Sullivan, CVPR 2014 728 frames del video original Attack, choose your weapon! Face Swapping. Target: Chema Alonso (CEO/CDO)
  38. 38. 2. Training of the generative model – Makes use of pix2pix-tensorflow (original implementation in Torch) – Estimated training time: ∼ 3 days 3. Model testing a. Reduce the trained model (use an image as an input tensor) b. Freeze the model to a single file c. Execute the test providing as input webcam images Attack, choose your weapon! Face Swapping. Target: Chema Alonso (CEO/CDO)
  39. 39. Real Audio. CEO Scam Fraud
  40. 40. Fake Audio. CEO Scam Fraud
  41. 41. https://azure.microsoft.com/es-es/blog/microsoft-s-new-neural-text-to-speech-service-helps-machines-speak-like-people/ Fake Audio. How? • Personalized voice model of the person to be supplanted. • Neural Text-to-Speech (TTS) Microsoft: Deep Neural Networks to improve pronunciation and intonation.
  42. 42. Microsoft Custom Voice Isolate audio samples of the person to be impersonated [English, Chinese] 1. Audio downloading in .wav format from YouTube (english) 2. 314 utterances of 30 sec eacℎ = ∼ 2,61 h Fake Audio. How?
  43. 43. Microsoft Custom Voice 3. Transcripts: Speech-to-Text of each audio in .txt format: Google Cloud Speech-to-Text API 4. Upload audios and transcripts to get model 5. Successfully constructed model → deployment Training time: 8 hours Fake Audio. How?
  44. 44. Digital post-processing of the generated voice as monophonic audio by: Lucas (@lucferbux), another Ideas Locas member The characteristics of the voice, tone, timbre, vibrato and inflection were deal with. Added phone filter and background noise Result: well-achieved timbre but robotic intonation Causes: • Recordings not made in the studio • SNR low in some audios Fake Audio. How?
  45. 45. DEMO
  46. 46. Defend
  47. 47. Detection of Fake News: a simple ML application problem Supervised Learning Two classes 0 - real news 1 - false news Natural Language Processing (NLP) Use of Recurrent Neural Networks (LSTM (*)) (*) A Survey on Natural Language Processing for Fake News Detection. Ray Oshikawa, Jing Qian, William Yang Wang; Nov 2018 Defend, choose your shield! Emotion detection
  48. 48. Detection of Fake News • Extensions and APIs for news detection: • Legitimate • Fake News • Click Bait • Extremely biased • Satire https://github.com/fake- news-detector/fake-news- detector Defend, choose your shield! Emotion detection
  49. 49. Extensions and APIs for news detection: • Verifying Origin Domains as a True Source • Analysis of patterns in news content • Keyword search to improve the search, categorization and management of information https://machinebox.io/docs/ fakebox Emotion detection Defend, choose your shield!
  50. 50. WIFS2018_In_Ictu_Oculi: Exposing AI Generated Fake Face Videos by Detecting Eye Blinking Yuezun Li, Ming-Ching Chang and Siwei Lyu Computer Science Department, University at Albany, SUNY Figura 1: In Ictu Oculi paper Eye blinking (fake videos detection) Defend, choose your shield!
  51. 51. WIFS2018_In_Ictu_Oculi: Exposing AI Generated Fake Face Videos by Detecting Eye Blinking Yuezun Li, Ming-Ching Chang and Siwei Lyu Computer Science Department, University at Albany, SUNY Using Recurring Convolutional Networks to Detect Fake Videos Figura 2: In Ictu Oculi paper Eye blinking (fake videos detection) Defend, choose your shield!
  52. 52. Blade Runner was right … even in the year! Eye blinking (fake videos detection) Defend, choose your shield!
  53. 53. Unmasking fake videos with Machine Learning Irregularities in video flicker (*) Characteristic routine: • Number of blinks • Blink speed [blink/s] • Duration of flicker and standard deviation [s] • Maximum and minimum flicker separation (*) Analysis of blink rate patterns in normal subjects. Bentivoglio AR, Bressman SB, Cassetta E, Carretta D, Tonali P, Albanese A. National Center for Biotechnology Information 1997 Nov;12(6):1028-34. Eye blinking (fake videos detection) Defend, choose your shield!
  54. 54. Simple Gaussian Classifier • Blink speed [blink/s] • Blinking duration [s] Random samples for training and testing of the model. Eye blinking (fake videos detection) Defend, choose your shield!
  55. 55. “ If everything seems to be the same and no distinctions are made, then we won’t know what to protect. We won’t know what to fight for. And we can lose so much of what we’ve gained in terms of the kind of democratic freedoms and market-based economies and prosperity that we’ve come to take for granted “ Barack Obama 1. Fooling people is easy 'very cheap’ if you use images instead text 2. IA and Cybersecurity go hand-in-hand 3. The boundaries of AI have not been discerned and Cybersecurity will be strengthened and attacked by it. 4. Knowledge and awareness are the pillars on which we will lean to protect ourselves. Wrap up …
  56. 56. GANs and Roses: Weaponizing the CEO Scam Fraud with AI and Autoencoders Köszönöm! Thanks! ¡Gracias! Happy Hacking Hackers! Fran Ramírez @cybercaronte Pablo González @pgonzalezpe Enrique Blanco @eblanco_h Ideas Locas CDO Telefónica / ElevenPaths

×