Defense against the Darknet, or how to accessorize to defeat video surveillance

Boffins from Belgium break people recognition software with a colorful placard

A trio of Belgium-based boffins have created a ward that renders wearers unrecognizable to software trained to detect people.

In a research paper distributed through ArXiv in advance of its presentation at computer vision workshop CV-COPS 2019, Simen Thys, Wiebe Van Ranst and Toon Goedeme from KU Leuven describe how some colorful abstract signage can defend against Darknet, an open source neural network framework that supports You Only Look Once (YOLO) object detection.

The paper is titled "Fooling automated surveillance cameras: adversarial patches to attack person detection."

Adversarial images that dupe machine learning systems have been the subject of considerable research in recent years. While there have been many examples of specially crafted objects that trip up computer vision systems, like stickers that can render stop signs unrecognizable, the KU Leuven boffins contend no previous work has explored adversarial images that mask a class of things as diverse as people.

"The idea behind this work is to be able to circumvent security systems that use a person detector to generate an alarm when a person enters the view of a camera," explained Wiebe Van Ranst, a PhD researcher at KU Leuven, in an email to The Register. "Our idea is to generate an occlusion pattern that can be worn by a possible intruder to conceal the intruder from for the detector."

What makes the work challenging, he said, is how varied people are in the way they appear, with different clothing, poses, and so on.

The researchers targeted the popular YOLOv2 convolutional neural network by feeding it their dataset of images to return bounding boxes that outline people identified by the detection algorithm.

"On a fixed position relative to these bounding boxes, we then apply the current version of our patch to the image under different transformations," they explain in their paper.

"The resulting image is then fed (in a batch together with other images) into the detector. We measure the score of the persons that are still detected, which we use to calculate a loss function. Using back propagation over the entire network, the optimiser then changes the pixels in the patch further in order to fool the detector even more."

Van Ranst said having access to footage from a surveillance camera can be used to train a more reliable patch. "However, this is not strictly necessary, we can also use an existing database of images as training data (as we do in the paper)," he said.

"In later experiments we did however notice that our current technique can be quite sensitive to the dataset our detector was trained on. Making it more robust to these cases is something we would like to investigate in the future."

The result of this process, a colorful patch that's 40cm (~15 inch) square, is just a bit larger than the cardboard sleeve of a vinyl record or a glossy magazine. It has been formulated to throw off the YOLOv2 software's ability to identify people.

The researcher's work can be seen in this YouTube video.

"In most cases our patch is able to successfully hide the person from the detector," the researchers explain in their paper. "Where this is not the case, the patch is not aligned to the center of the person."

Looking ahead, the researchers hope to generalize their work to other neural network architectures like Faster R-CNN. They believe that they will be able turn their pattern into a T-shirt print that will make people "virtually invisible" to object-detection algorithms in automatic surveillance cameras.

Presently, however, the pattern needs to be directly visible to the camera being fooled. According to Van Ranst, further work needs to be done to make the pattern functional when viewed at an angle. ®

Broader topics

Narrower topics

Other stories you might like

  • AWS buys before it tries with quantum networking center
    Fundamental problems of qubit physics aside, the cloud giant thinks it can help

    Nothing in the quantum hardware world is fully cooked yet, but quantum computing is quite a bit further along than quantum networking – an esoteric but potentially significant technology area, particularly for ultra-secure transactions. Amazon Web Services is among those working to bring quantum connectivity from the lab to the real world. 

    Short of developing its own quantum processors, AWS has created an ecosystem around existing quantum devices and tools via its Braket (no, that's not a typo) service. While these bits and pieces focus on compute, the tech giant has turned its gaze to quantum networking.

    Alongside its Center for Quantum Computing, which it launched in late 2021, AWS has announced the launch of its Center for Quantum Networking. The latter is grandly working to solve "fundamental scientific and engineering challenges and to develop new hardware, software, and applications for quantum networks," the internet souk declared.

    Continue reading
  • Mega's unbreakable encryption proves to be anything but
    Boffins devise five attacks to expose private files

    Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can only be accessed by customers, even if its main system is taken over by law enforcement or others.

    The design of the service, however, falls short of that promise thanks to poorly implemented encryption. Cryptography experts at ETH Zurich in Switzerland on Tuesday published a paper describing five possible attacks that can compromise the confidentiality of users' files.

    The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "significant shortcomings in Mega’s cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files.

    Continue reading
  • A miserable work week spent toiling inside 'the metaverse'
    Nausea, eye strain, inability to take notes, migraines are just a few of Metaverse work 'perks'

    Sometimes it takes research to prove what was already suspected, like how utterly uncomfortable it would be to work in the metaverse.

    An international team of researchers conducted a study [PDF] to just such an end, putting participants in VR headsets and taking an inventory of their self-reported physical and mental states throughout a five day, eight-hour-a-day period spent in headsets and a virtual "office".

    Unlike a real job, participants were allowed to set their own work agendas and didn't perform standardized tasks yet even still had trouble undertaking these.

    Continue reading
  • Drone ship carrying yet more drones launches in China
    Zhuhai Cloud will carry 50 flying and diving machines it can control with minimal human assistance

    Chinese academics have christened an ocean research vessel that has a twist: it will sail the seas with a complement of aerial and ocean-going drones and no human crew.

    The Zhu Hai Yun, or Zhuhai Cloud, launched in Guangzhou after a year of construction. The 290-foot-long mothership can hit a top speed of 18 knots (about 20 miles per hour) and will carry 50 flying, surface, and submersible drones that launch and self-recover autonomously. 

    According to this blurb from the shipbuilder behind its construction, the Cloud will also be equipped with a variety of additional observational instruments "which can be deployed in batches in the target sea area, and carry out task-oriented adaptive networking to achieve three-dimensional view of specific targets." Most of the ship is an open deck where flying drones can land and be stored. The ship is also equipped with launch and recovery equipment for its aquatic craft. 

    Continue reading
  • World’s smallest remote-controlled robots are smaller than a flea
    So small, you can't feel it crawl

    Video Robot boffins have revealed they've created a half-millimeter wide remote-controlled walking robot that resembles a crab, and hope it will one day perform tasks in tiny crevices.

    In a paper published in the journal Science Robotics , the boffins said they had in mind applications like minimally invasive surgery or manipulation of cells or tissue in biological research.

    With a round tick-like body and 10 protruding legs, the smaller-than-a-flea robot crab can bend, twist, crawl, walk, turn and even jump. The machines can move at an average speed of half their body length per second - a huge challenge at such a small scale, said the boffins.

    Continue reading
  • US won’t prosecute ‘good faith’ security researchers under CFAA
    Well, that clears things up? Maybe not

    The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

    Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability."

    Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

    Continue reading

Biting the hand that feeds IT © 1998–2022