BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Securing CCTV Cameras Against Blind Spots\n   When: 
 Friday\, Aug 9\, 10:00 - 10:20 PDT\n   Where: LVCC West/Floor 1/Hall 1/Tra
 ck 4 - [1]Map\n\n   Description:\n\n   In recent years\, CCTV footage has 
 been integrated in systems to\n   observe areas and detect traversing mali
 cious actors (e.g.\, criminals\,\n   terrorists). However\, this footage h
 as "blind spots"\, areas where\n   objects are detected with lower confide
 nce due to their angle/distance\n   from the camera.\n\n   In this talk\, 
 we investigate a novel side effect of object detection\n   in CCTV footage
 \; location-based confidence weakness.\n\n   We demonstrate that a pedestr
 ian's position (distance\, angle\, height)\n   in footage impacts an objec
 t detector's confidence.\n\n   We analyze this phenomenon in four lighting
  conditions (lab\, morning\,\n   afternoon\, night) using five object dete
 ctors (YOLOv3\, Faster R-CNN\,\n   SSD\, DiffusionDet\, RTMDet).\n\n   We 
 then demonstrate this in footage of pedestrian traffic from three\n   loca
 tions (Broadway\, Shibuya Crossing\, Castro Street)\, showing they\n   con
 tain "blind spots" where pedestrians are detected with low\n   confidence.
  This persists across various locations\, object detectors\,\n   and times
  of day. A malicious actor could take advantage of this to\n   avoid detec
 tion.\n\n   We propose TipToe\, a novel evasion attack leveraging "blind s
 pots" to\n   construct a minimum confidence path between two points in a\n
    CCTV-recorded area. We demonstrate its performance on footage of\n   Br
 oadway\, Shibuya Crossing\, and Castro Street\, observed by YOLOv3\,\n   F
 aster R-CNN\, SSD\, DiffusionDet\, and RTMDet.\n\n   TipToe reduces max/av
 erage confidence by 0.10 and 0.16\, respectively\,\n   on paths in Shibuya
  Crossing observed by YOLOv3\, with similar\n   performance for other loca
 tions and object detectors.\n\n     1. Artificial intelligence in medicine
 : A comprehensive survey of\n       medical doctor’s perspectives in Por
 tugal [2]link\, (Accessed\n       09-10-2023).\n\n     2. The impact of ar
 tificial intelligence along the insurance value\n       chain and on the i
 nsurability of risks - The Geneva Papers on Risk\n       and Insurance - I
 ssues and Practice [3]link\, (Accessed\n       09-10-2023).\n\n     3. R. 
 Chopra and G. D. Sharma\, “Application of artificial\n       intelligenc
 e in stock market forecasting: A critique\, review\, and\n       research 
 agenda\,” Journal of Risk and Financial Management\, vol.\n       14\, n
 o. 11\, 2021.[4]link\n\n     4. [B. B. Elallid\, N. Benamar\, A. S. Hafid\
 , T. Rachidi\, and N.\n       Mrani\, “A comprehensive survey on the app
 lication of deep and\n       reinforcement learning approaches in autonomo
 us driving\,”\n       Journal of King Saud University - Computer and Inf
 ormation\n       Sciences\, vol. 34\, no. 9\, pp. 7366–7390\, 2022. (Onl
 ine).\n       Available: [5]link\n\n     5. I. J. Goodfellow\, J. Pouget-A
 badie\, M. Mirza\, B. Xu\, D.\n       Warde-Farley\, S. Ozair\, A. Courvil
 le\, and Y. Bengio\, “Generative\n       adversarial networks\,” 2014.
 \n\n     6. I. J. Goodfellow\, J. Shlens\, and C. Szegedy\, “Explaining 
 and\n       harnessing adversarial examples\,” 2015.\n\n     7. A. Kurak
 in\, I. Goodfellow\, and S. Bengio\, “Adversarial examples\n       in th
 e physical world\,” 2017.\n\n     8. A. Chakraborty\, M. Alam\, V. Dey\,
  A. Chattopadhyay\, and D.\n       Mukhopadhyay\, “Adversarial attacks a
 nd defences: A survey\,”\n       2018.\n\n     9. A. Athalye\, L. Engstr
 om\, A. Ilyas\, and K. Kwok\, “Synthesizing\n       robust adversarial e
 xamples\,” 2018.\n\n     10. M. Sharif\, S. Bhagavatula\, L. Bauer\, and
  M. K. Reiter\,\n       “Accessorize to a crime: Real and stealthy attac
 ks on\n       state-of-the-art face recognition\,” in Proceedings of the
  2016\n       ACM SIGSAC Conference on Computer and Communications Securit
 y\,\n       ser. CCS ’16. New York\, NY\, USA: Association for Computing
 \n       Machinery\, 2016\, p. 1528–1540. (Online). Available: [6]link\n
 \n     11. Z. Zhou\, D. Tang\, X. Wang\, W. Han\, X. Liu\, and K. Zhang\,\
 n       “Invisible mask: Practical attacks on face recognition with\n   
     infrared\,” 2018.\n\n     12. S. Komkov and A. Petiushko\, “AdvHat
 : Real-world adversarial\n       attack on ArcFace face ID system\,” in 
 2020 25th International\n       Conference on Pattern Recognition (ICPR). 
 IEEE\, jan 2021.\n       (Online). Available: [7]link\n\n     13. B. Yin\,
  W. Wang\, T. Yao\, J. Guo\, Z. Kong\, S. Ding\, J. Li\, and C.\n       Li
 u\, “Adv-makeup: A new imperceptible and transferable attack on\n       
 face recognition\,” in Proceedings of the Thirtieth International\n     
   Joint Conference on Artificial Intelligence\, IJCAI-21\, Z.- H.\n       
 Zhou\, Ed. International Joint Conferences on Artificial\n       Intellige
 nce Organization\, 8 2021\, pp. 1252–1258\, main Track.\n       (Online)
 . Available: [8]link\n\n     14. A. Zolfi\, S. Avidan\, Y. Elovici\, and A
 . Shabtai\, “Adversarial\n       mask: Real-world universal adversarial 
 attack on face recognition\n       model\,” 2022.\n\n     15. C. Sitawar
 in\, A. N. Bhagoji\, A. Mosenia\, M. Chiang\, and P.\n       Mittal\, “D
 arts: Deceiving autonomous cars with toxic signs\,”\n       2018.\n\n   
   16. Y. Zhao\, H. Zhu\, R. Liang\, Q. Shen\, S. Zhang\, and K. Chen\,\n  
      “Seeing isn’t believing: Towards more robust adversarial\n       
 attack against real world object detectors\,”Proceedings of the\n       
 2019 ACM SIGSAC Conference on Computer and Communications\n       Security
 \, 2019. (Online). Available: [9]link\n\n     17. G. Lovisotto\, H. Turner
 \, I. Sluganovic\, M. Strohmeier\, and I.\n       Martinovic\, “SLAP: Im
 proving physical adversarial examples with\n       Short-Lived adversarial
  perturbations\,” in 30th USENIX Security\n       Symposium (USENIX Secu
 rity 21). USENIX Association\, Aug. 2021\, pp.\n       1865–1882. (Onlin
 e). Available: [10]link\n\n     18. T. Sato\, J. Shen\, N. Wang\, Y. Jia\,
  X. Lin\, and Q. A. Chen\,\n       “Dirty road can attack: Security of d
 eep learning based\n       automated lane centering under Physical-World a
 ttack\,” in 30th\n       USENIX Security Symposium (USENIX Security 21).
  USENIX\n       Association\, Aug. 2021\, pp. 3309–3326. (Online). Avail
 able: [11]link\n\n     19. W. Wang\, Y. Yao\, X. Liu\, X. Li\, P. Hao\, an
 d T. Zhu\, “I can see\n       the light: Attacks on autonomous vehicles 
 using invisible\n       lights\,” in Proceedings of the 2021 ACM SIGSAC 
 Conference on\n       Computer and Communications Security\, ser. CCS ’2
 1. New York\,\n       NY\, USA: Association for Computing Machinery\, 2021
 \, p.\n       1930–1944. (Online). Available: [12]link\n\n     20. S.-T.
  Chen\, C. Cornelius\, J. Martin\, and D. H. Chau\,\n       “ShapeShifte
 r: Robust physical adversarial attack on faster\n       r-CNN object detec
 tor\,” in Machine Learning and Knowledge\n       Discovery in Databases.
  Springer International Publishing\, 2019\,\n       pp. 52–68. (Online).
  Available: [13]link\n\n     21. K. Eykholt\, I. Evtimov\, E. Fernandes\, 
 B. Li\, A. Rahmati\, C.\n       Xiao\, A. Prakash\, T. Kohno\, and D. Song
 \, “Robust physical-world\n       attacks on deep learning models\,” 2
 018.\n\n     22. S. Thys\, W. V. Ranst\, and T. Goedemé\, “Fooling auto
 mated\n       surveillance cameras: adversarial patches to attack person\n
        detection\,” 2019.\n\n     23. Z. Wu\, S.-N. Lim\, L. Davis\, and
  T. Goldstein\, “Making an\n       invisibility cloak: Real world advers
 arial attacks on object\n       detectors\,” 2020.\n\n     24. R. M. Oza
 \, A. Geisen\, and T. Wang\, “Traffic sign detection and\n       recogni
 tion using deep learning\,” in 2021 4th International\n       Conference
  on Artificial Intelligence for Industries (AI4I)\, 2021\,\n       pp. 16�
 ��20.\n\n   SpeakerBio:  Jacob Shams\, Ph.D. Researcher at Cyber@Ben-Gurio
 n\n   University\n\n   Jacob Shams is a Ph.D. student at Ben-Gurion Univer
 sity of the Negev\n   (BGU). His work addresses the security of AI models 
 and systems\, model\n   extraction attacks\, deep neural network (DNN) wat
 ermarking\, and\n   robustness of computer vision (CV) models.\n\n   Jacob
  is a Ph.D. researcher at Cyber@Ben-Gurion University (CBG) and\n   is wor
 king on multiple research projects in the area of AI security.\n   Jacob h
 olds a B.Sc. in Software Engineering from BGU and an M.Sc. in\n   Software
  and Information Systems Engineering from BGU.\n\n   '\n\n   1. #LVCCW_Lev
 el1_Hall1\n   2. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10484446/\n 
   3. https://link.springer.com/article/10.1057/s41288-020-00201-7#citeas\n
    4. https://www.mdpi.com/1911-8074/14/11/526\n   5. https://www.scienced
 irect.com/science/article/pii/S1319157822000970\n   6. https://doi.org/10.
 1145/2976749.2978392\n   7. https://doi.org/10.1109%2Ficpr48806.2021.94122
 36\n   8. https://doi.org/10.24963/ijcai.2021/173\n   9. https://api.seman
 ticscholar.org/CorpusID:207947087\n   10. https://www.usenix.org/conferenc
 e/usenixsecurity21/presentation/lovisotto\n   11. https://www.usenix.org/c
 onference/usenixsecurity21/presentation/sato\n   12. https://doi.org/10.11
 45/3460120.3484766\n   13. https://doi.org/10.1007%2F978-3-030-10925-7_4\n
 \n\n
DTEND:20240809T172000Z
DTSTART:20240809T170000Z
LOCATION:DC - LVCC West/Floor 1/Hall 1/Track 4
SUMMARY:Securing CCTV Cameras Against Blind Spots
END:VEVENT
END:VCALENDAR