Search

Your search keyword '"Nassi, Ben"' showing total 42 results
Start Over Author "Nassi, Ben"
42 results on '"Nassi, Ben"'

1. Injection Attacks Against End-to-End Encrypted Applications

Author

Fábrega, Andrés, Pérez, Carolina Ortega, Namavari, Armin, Nassi, Ben, Agarwal, Rachit, and Ristenpart, Thomas

Subjects
Computer Science - Cryptography and Security
Abstract

We explore an emerging threat model for end-to-end (E2E) encrypted applications: an adversary sends chosen messages to a target client, thereby "injecting" adversarial content into the application state. Such state is subsequently encrypted and synchronized to an adversarially-visible storage. By observing the lengths of the resulting cloud-stored ciphertexts, the attacker backs out confidential information. We investigate this injection threat model in the context of state-of-the-art encrypted messaging applications that support E2E encrypted backups. We show proof-of-concept attacks that can recover information about E2E encrypted messages or attachments sent via WhatsApp, assuming the ability to compromise the target user's Google or Apple account (which gives access to encrypted backups). We also show weaknesses in Signal's encrypted backup design that would allow injection attacks to infer metadata including a target user's number of contacts and conversations, should the adversary somehow obtain access to the user's encrypted Signal backup. While we do not believe our results should be of immediate concern for users of these messaging applications, our results do suggest that more work is needed to build tools that enjoy strong E2E security guarantees., Comment: Published in IEEE Security and Privacy 2024

Published
2024

2. Unleashing Worms and Extracting Data: Escalating the Outcome of Attacks against RAG-based Inference in Scale and Severity Using Jailbreaking

Author

Cohen, Stav, Bitton, Ron, and Nassi, Ben

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence
Abstract

In this paper, we show that with the ability to jailbreak a GenAI model, attackers can escalate the outcome of attacks against RAG-based GenAI-powered applications in severity and scale. In the first part of the paper, we show that attackers can escalate RAG membership inference attacks and RAG entity extraction attacks to RAG documents extraction attacks, forcing a more severe outcome compared to existing attacks. We evaluate the results obtained from three extraction methods, the influence of the type and the size of five embeddings algorithms employed, the size of the provided context, and the GenAI engine. We show that attackers can extract 80%-99.8% of the data stored in the database used by the RAG of a Q&A chatbot. In the second part of the paper, we show that attackers can escalate the scale of RAG data poisoning attacks from compromising a single GenAI-powered application to compromising the entire GenAI ecosystem, forcing a greater scale of damage. This is done by crafting an adversarial self-replicating prompt that triggers a chain reaction of a computer worm within the ecosystem and forces each affected application to perform a malicious activity and compromise the RAG of additional applications. We evaluate the performance of the worm in creating a chain of confidential data extraction about users within a GenAI ecosystem of GenAI-powered email assistants and analyze how the performance of the worm is affected by the size of the context, the adversarial self-replicating prompt used, the type and size of the embeddings algorithm employed, and the number of hops in the propagation. Finally, we review and analyze guardrails to protect RAG-based inference and discuss the tradeoffs., Comment: for Github, see https://github.com/StavC/UnleashingWorms-ExtractingData

Published
2024

3. Exploiting Leakage in Password Managers via Injection Attacks

Author

Fábrega, Andrés, Namavari, Armin, Agarwal, Rachit, Nassi, Ben, and Ristenpart, Thomas

Subjects
Computer Science - Cryptography and Security
Abstract

This work explores injection attacks against password managers. In this setting, the adversary (only) controls their own application client, which they use to "inject" chosen payloads to a victim's client via, for example, sharing credentials with them. The injections are interleaved with adversarial observations of some form of protected state (such as encrypted vault exports or the network traffic received by the application servers), from which the adversary backs out confidential information. We uncover a series of general design patterns in popular password managers that lead to vulnerabilities allowing an adversary to efficiently recover passwords, URLs, usernames, and attachments. We develop general attack templates to exploit these design patterns and experimentally showcase their practical efficacy via analysis of ten distinct password manager applications. We disclosed our findings to these vendors, many of which deployed mitigations., Comment: Full version of the paper published in USENIX Security 2024

Published
2024

4. A Jailbroken GenAI Model Can Cause Substantial Harm: GenAI-powered Applications are Vulnerable to PromptWares

Author

Cohen, Stav, Bitton, Ron, and Nassi, Ben

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence
Abstract

In this paper we argue that a jailbroken GenAI model can cause substantial harm to GenAI-powered applications and facilitate PromptWare, a new type of attack that flips the GenAI model's behavior from serving an application to attacking it. PromptWare exploits user inputs to jailbreak a GenAI model to force/perform malicious activity within the context of a GenAI-powered application. First, we introduce a naive implementation of PromptWare that behaves as malware that targets Plan & Execute architectures (a.k.a., ReAct, function calling). We show that attackers could force a desired execution flow by creating a user input that produces desired outputs given that the logic of the GenAI-powered application is known to attackers. We demonstrate the application of a DoS attack that triggers the execution of a GenAI-powered assistant to enter an infinite loop that wastes money and computational resources on redundant API calls to a GenAI engine, preventing the application from providing service to a user. Next, we introduce a more sophisticated implementation of PromptWare that we name Advanced PromptWare Threat (APwT) that targets GenAI-powered applications whose logic is unknown to attackers. We show that attackers could create user input that exploits the GenAI engine's advanced AI capabilities to launch a kill chain in inference time consisting of six steps intended to escalate privileges, analyze the application's context, identify valuable assets, reason possible malicious activities, decide on one of them, and execute it. We demonstrate the application of APwT against a GenAI-powered e-commerce chatbot and show that it can trigger the modification of SQL tables, potentially leading to unauthorized discounts on the items sold to the user., Comment: Website, see https://sites.google.com/view/promptware

Published
2024

5. Private Hierarchical Governance for Encrypted Messaging

Author

Namavari, Armin, Wang, Barry, Menda, Sanketh, Nassi, Ben, Tyagi, Nirvan, Grimmelmann, James, Zhang, Amy, and Ristenpart, Thomas

Subjects
Computer Science - Cryptography and Security, Computer Science - Computers and Society
Abstract

The increasing harms caused by hate, harassment, and other forms of abuse online have motivated major platforms to explore hierarchical governance. The idea is to allow communities to have designated members take on moderation and leadership duties; meanwhile, members can still escalate issues to the platform. But these promising approaches have only been explored in plaintext settings where community content is public to the platform. It is unclear how one can realize hierarchical governance in the huge and increasing number of online communities that utilize end-to-end encrypted (E2EE) messaging for privacy. We propose private hierarchical governance systems. These should enable similar levels of community governance as in plaintext settings, while maintaining cryptographic privacy of content and governance actions not reported to the platform. We design the first such system, taking a layered approach that adds governance logic on top of an encrypted messaging protocol; we show how an extension to the message layer security (MLS) protocol suffices for achieving a rich set of governance policies. Our approach allows developers to rapidly prototype new governance features, taking inspiration from a plaintext system called PolicyKit. We build a prototype E2EE messaging system called MlsGov that supports content-based community and platform moderation, elections of community moderators, votes to remove abusive users, and more., Comment: Published in IEEE Security and Privacy 2024

Published
2024
Full Text
View/download PDF

6. Here Comes The AI Worm: Unleashing Zero-click Worms that Target GenAI-Powered Applications

Author

Cohen, Stav, Bitton, Ron, and Nassi, Ben

Subjects
Computer Science - Cryptography and Security
Abstract

In the past year, numerous companies have incorporated Generative AI (GenAI) capabilities into new and existing applications, forming interconnected Generative AI (GenAI) ecosystems consisting of semi/fully autonomous agents powered by GenAI services. While ongoing research highlighted risks associated with the GenAI layer of agents (e.g., dialog poisoning, membership inference, prompt leaking, jailbreaking), a critical question emerges: Can attackers develop malware to exploit the GenAI component of an agent and launch cyber-attacks on the entire GenAI ecosystem? This paper introduces Morris II, the first worm designed to target GenAI ecosystems through the use of adversarial self-replicating prompts. The study demonstrates that attackers can insert such prompts into inputs that, when processed by GenAI models, prompt the model to replicate the input as output (replication), engaging in malicious activities (payload). Additionally, these inputs compel the agent to deliver them (propagate) to new agents by exploiting the connectivity within the GenAI ecosystem. We demonstrate the application of Morris II against GenAIpowered email assistants in two use cases (spamming and exfiltrating personal data), under two settings (black-box and white-box accesses), using two types of input data (text and images). The worm is tested against three different GenAI models (Gemini Pro, ChatGPT 4.0, and LLaVA), and various factors (e.g., propagation rate, replication, malicious activity) influencing the performance of the worm are evaluated., Comment: Website: https://sites.google.com/view/compromptmized

Published
2024

7. The Adversarial Implications of Variable-Time Inference

Author

Biton, Dudi, Misra, Aditi, Levy, Efrat, Kotak, Jaidip, Bitton, Ron, Schuster, Roei, Papernot, Nicolas, Elovici, Yuval, and Nassi, Ben

Subjects
Computer Science - Cryptography and Security, Computer Science - Computer Vision and Pattern Recognition
Abstract

Machine learning (ML) models are known to be vulnerable to a number of attacks that target the integrity of their predictions or the privacy of their training data. To carry out these attacks, a black-box adversary must typically possess the ability to query the model and observe its outputs (e.g., labels). In this work, we demonstrate, for the first time, the ability to enhance such decision-based attacks. To accomplish this, we present an approach that exploits a novel side channel in which the adversary simply measures the execution time of the algorithm used to post-process the predictions of the ML model under attack. The leakage of inference-state elements into algorithmic timing side channels has never been studied before, and we have found that it can contain rich information that facilitates superior timing attacks that significantly outperform attacks based solely on label outputs. In a case study, we investigate leakage from the non-maximum suppression (NMS) algorithm, which plays a crucial role in the operation of object detectors. In our examination of the timing side-channel vulnerabilities associated with this algorithm, we identified the potential to enhance decision-based attacks. We demonstrate attacks against the YOLOv3 detector, leveraging the timing leakage to successfully evade object detection using adversarial examples, and perform dataset inference. Our experiments show that our adversarial examples exhibit superior perturbation quality compared to a decision-based attack. In addition, we present a new threat model in which dataset inference based solely on timing leakage is performed. To address the timing leakage vulnerability inherent in the NMS algorithm, we explore the potential and limitations of implementing constant-time inference passes as a mitigation strategy.

Published
2023

8. Abusing Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs

Author

Bagdasaryan, Eugene, Hsieh, Tsung-Yin, Nassi, Ben, and Shmatikov, Vitaly

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Computation and Language, Computer Science - Machine Learning
Abstract

We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recording. When the user asks the (unmodified, benign) model about the perturbed image or audio, the perturbation steers the model to output the attacker-chosen text and/or make the subsequent dialog follow the attacker's instruction. We illustrate this attack with several proof-of-concept examples targeting LLaVa and PandaGPT.

Published
2023

9. Seeds Don't Lie: An Adaptive Watermarking Framework for Computer Vision Models

Author

Shams, Jacob, Nassi, Ben, Morikawa, Ikuya, Shimizu, Toshiya, Shabtai, Asaf, and Elovici, Yuval

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

In recent years, various watermarking methods were suggested to detect computer vision models obtained illegitimately from their owners, however they fail to demonstrate satisfactory robustness against model extraction attacks. In this paper, we present an adaptive framework to watermark a protected model, leveraging the unique behavior present in the model due to a unique random seed initialized during the model training. This watermark is used to detect extracted models, which have the same unique behavior, indicating an unauthorized usage of the protected model's intellectual property (IP). First, we show how an initial seed for random number generation as part of model training produces distinct characteristics in the model's decision boundaries, which are inherited by extracted models and present in their decision boundaries, but aren't present in non-extracted models trained on the same data-set with a different seed. Based on our findings, we suggest the Robust Adaptive Watermarking (RAW) Framework, which utilizes the unique behavior present in the protected and extracted models to generate a watermark key-set and verification model. We show that the framework is robust to (1) unseen model extraction attacks, and (2) extracted models which undergo a blurring method (e.g., weight pruning). We evaluate the framework's robustness against a naive attacker (unaware that the model is watermarked), and an informed attacker (who employs blurring strategies to remove watermarked behavior from an extracted model), and achieve outstanding (i.e., >0.9) AUC values. Finally, we show that the framework is robust to model extraction attacks with different structure and/or architecture than the protected model., Comment: 9 pages, 6 figures, 3 tables

Published
2022

10. EyeDAS: Securing Perception of Autonomous Cars Against the Stereoblindness Syndrome

Author

Levy, Efrat, Nassi, Ben, Swissa, Raz, and Elovici, Yuval

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

The ability to detect whether an object is a 2D or 3D object is extremely important in autonomous driving, since a detection error can have life-threatening consequences, endangering the safety of the driver, passengers, pedestrians, and others on the road. Methods proposed to distinguish between 2 and 3D objects (e.g., liveness detection methods) are not suitable for autonomous driving, because they are object dependent or do not consider the constraints associated with autonomous driving (e.g., the need for real-time decision-making while the vehicle is moving). In this paper, we present EyeDAS, a novel few-shot learning-based method aimed at securing an object detector (OD) against the threat posed by the stereoblindness syndrome (i.e., the inability to distinguish between 2D and 3D objects). We evaluate EyeDAS's real-time performance using 2,000 objects extracted from seven YouTube video recordings of street views taken by a dash cam from the driver's seat perspective. When applying EyeDAS to seven state-of-the-art ODs as a countermeasure, EyeDAS was able to reduce the 2D misclassification rate from 71.42-100% to 2.4% with a 3D misclassification rate of 0% (TPR of 1.0). We also show that EyeDAS outperforms the baseline method and achieves an AUC of over 0.999 and a TPR of 1.0 with an FPR of 0.024.

Published
2022

11. bAdvertisement: Attacking Advanced Driver-Assistance Systems Using Print Advertisements

Author

Nassi, Ben, Shams, Jacob, Netanel, Raz Ben, and Elovici, Yuval

Subjects
Computer Science - Cryptography and Security
Abstract

In this paper, we present bAdvertisement, a novel attack method against advanced driver-assistance systems (ADASs). bAdvertisement is performed as a supply chain attack via a compromised computer in a printing house, by embedding a "phantom" object in a print advertisement. When the compromised print advertisement is observed by an ADAS in a passing car, an undesired reaction is triggered from the ADAS. We analyze state-of-the-art object detectors and show that they do not take color or context into account in object detection. Our validation of these findings on Mobileye 630 PRO shows that this ADAS also fails to take color or context into account. Then, we show how an attacker can take advantage of these findings to execute an attack on a commercial ADAS, by embedding a phantom road sign in a print advertisement, which causes a car equipped with Mobileye 630 PRO to trigger a false notification to slow down. Finally, we discuss multiple countermeasures which can be deployed in order to mitigate the effect of our proposed attack.

Published
2022

12. VISAS -- Detecting GPS spoofing attacks against drones by analyzing camera's video stream

Author

Davidovich, Barak, Nassi, Ben, and Elovici, Yuval

Subjects
Computer Science - Cryptography and Security
Abstract

In this study, we propose an innovative method for the real-time detection of GPS spoofing attacks targeting drones, based on the video stream captured by a drone's camera. The proposed method collects frames from the video stream and their location (GPS); by calculating the correlation between each frame, our method can identify an attack on a drone. We first analyze the performance of the suggested method in a controlled environment by conducting experiments on a flight simulator that we developed. Then, we analyze its performance in the real world using a DJI drone. Our method can provide different levels of security against GPS spoofing attacks, depending on the detection interval required; for example, it can provide a high level of security to a drone flying at an altitude of 50-100 meters over an urban area at an average speed of 4 km/h in conditions of low ambient light; in this scenario, the method can provide a level of security that detects any GPS spoofing attack in which the spoofed location is a distance of 1-4 meters (an average of 2.5 meters) from the real location., Comment: 8 pages, 16 figures

Published
2022

13. MobilBye: Attacking ADAS with Camera Spoofing

Author

Nassi, Dudi, Ben-Netanel, Raz, Elovici, Yuval, and Nassi, Ben

Subjects
Computer Science - Cryptography and Security
Abstract

Advanced driver assistance systems (ADASs) were developed to reduce the number of car accidents by issuing driver alert or controlling the vehicle. In this paper, we tested the robustness of Mobileye, a popular external ADAS. We injected spoofed traffic signs into Mobileye to assess the influence of environmental changes (e.g., changes in color, shape, projection speed, diameter and ambient light) on the outcome of an attack. To conduct this experiment in a realistic scenario, we used a drone to carry a portable projector which projected the spoofed traffic sign on a driving car. Our experiments show that it is possible to fool Mobileye so that it interprets the drone carried spoofed traffic sign as a real traffic sign., Comment: Video Demonstration - https://www.youtube.com/watch?v=PP-qTdRugEI&feature=youtu.be

Published
2019

14. SoK - Security and Privacy in the Age of Drones: Threats, Challenges, Solution Mechanisms, and Scientific Gaps

Author

Nassi, Ben, Shabtai, Asaf, Masuoka, Ryusuke, and Elovici, Yuval

Subjects
Computer Science - Cryptography and Security, Computer Science - Computers and Society
Abstract

The evolution of drone technology in the past nine years since the first commercial drone was introduced at CES 2010 has caused many individuals and businesses to adopt drones for various purposes. We are currently living in an era in which drones are being used for pizza delivery, the shipment of goods, and filming, and they are likely to provide an alternative for transportation in the near future. However, drones also pose a significant challenge in terms of security and privacy within society (for both individuals and organizations), and many drone related incidents are reported on a daily basis. These incidents have called attention to the need to detect and disable drones used for malicious purposes and opened up a new area of research and development for academia and industry, with a market that is expected to reach $1.85 billion by 2024. While some of the knowledge used to detect UAVs has been adopted for drone detection, new methods have been suggested by industry and academia alike to deal with the challenges associated with detecting the very small and fast flying objects. In this paper, we describe new societal threats to security and privacy created by drones, and present academic and industrial methods used to detect and disable drones. We review methods targeted at areas that restrict drone flights and analyze their effectiveness with regard to various factors (e.g., weather, birds, ambient light, etc.). We present the challenges arising in areas that allow drone flights, introduce the methods that exist for dealing with these challenges, and discuss the scientific gaps that exist in this area. Finally, we review methods used to disable drones, analyze their effectiveness, and present their expected results. Finally, we suggest future research directions.

Published
2019

15. Piping Botnet - Turning Green Technology into a Water Disaster

Author

Nassi, Ben, Sror, Moshe, Lavi, Ido, Meidan, Yair, Shabtai, Asaf, and Elovici, Yuval

Subjects
Computer Science - Cryptography and Security, Computer Science - Computers and Society
Abstract

The current generation of IoT devices is being used by clients and consumers to regulate resources (such as water and electricity) obtained from critical infrastructure (such as urban water services and smart grids), creating a new attack vector against critical infrastructure. In this research we show that smart irrigation systems, a new type of green technology and IoT device aimed at saving water and money, can be used by attackers as a means of attacking urban water services. We present a distributed attack model that can be used by an attacker to attack urban water services using a botnet of commercial smart irrigation systems. Then, we show how a bot running on a compromised device in a LAN can:(1) detect a connected commercial smart irrigation system (RainMachine, BlueSpray, and GreenIQ) within 15 minutes by analyzing LAN's behavior using a dedicated classification model, and (2) launch watering via a commercial smart irrigation system according to an attacker's wishes using spoofing and replay attacks. In addition, we model the damage that can be caused by performing such an attack and show that a standard water tower can be emptied in an hour using a botnet of 1,355 sprinklers and a flood water reservoir can be emptied overnight using a botnet of 23,866 sprinklers. Finally, we discuss countermeasure methods and hypothesize whether the next generation of plumbers will use Kali Linux instead of a monkey wrench., Comment: https://www.youtube.com/watch?v=Yy8tOEhH6T0

Published
2018

16. Game of Drones - Detecting Streamed POI from Encrypted FPV Channel

Author

Nassi, Ben, Ben-Netanel, Raz, Shamir, Adi, and Elovici, Yuval

Subjects
Computer Science - Cryptography and Security
Abstract

Drones have created a new threat to people's privacy. We are now in an era in which anyone with a drone equipped with a video camera can use it to invade a subject's privacy by streaming the subject in his/her private space over an encrypted first person view (FPV) channel. Although many methods have been suggested to detect nearby drones, they all suffer from the same shortcoming: they cannot identify exactly what is being captured, and therefore they fail to distinguish between the legitimate use of a drone (for example, to use a drone to film a selfie from the air) and illegitimate use that invades someone's privacy (when the same operator uses the drone to stream the view into the window of his neighbor's apartment), a distinction that in some cases depends on the orientation of the drone's video camera rather than on the drone's location. In this paper we shatter the commonly held belief that the use of encryption to secure an FPV channel prevents an interceptor from extracting the POI that is being streamed. We show methods that leverage physical stimuli to detect whether the drone's camera is directed towards a target in real time. We investigate the influence of changing pixels on the FPV channel (in a lab setup). Based on our observations we demonstrate how an interceptor can perform a side-channel attack to detect whether a target is being streamed by analyzing the encrypted FPV channel that is transmitted from a real drone (DJI Mavic) in two use cases: when the target is a private house and when the target is a subject., Comment: https://www.youtube.com/watch?v=4icQwducz68

Published
2018

17. Oops!...I think I scanned a malware

Author

Nassi, Ben, Shamir, Adi, and Elovici, Yuval

Subjects
Computer Science - Cryptography and Security
Abstract

This article presents a proof-of-concept illustrating the feasibility of creating a covert channel between a C\&C server and a malware installed in an organization by exploiting an organization's scanner and using it as a means of interaction. We take advantage of the light sensitivity of a flatbed scanner, using a light source to infiltrate data to an organization. We present an implementation of the method for different purposes (even to trigger a ransomware attack) in various experimental setups using: (1) a laser connected to a stand (2) a laser carried by a drone, and (3) a hijacked smart bulb within the targeted organization from a passing car. In our experiments we were able to infiltrate data using different types of light sources (including infrared light), from a distance of up to 900 meters away from the scanner. We discuss potential counter measures to prevent the attack., Comment: Cyber-Security, Covert Channel, Data Infiltration, Scanner

Published
2017

18. Game of Drones - Detecting Spying Drones Using Time Domain Analysis

Author

Nassi, Ben, Ben-Netanel, Raz, Shamir, Adi, Elovici, Yuval, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Dolev, Shlomi, editor, Margalit, Oded, editor, Pinkas, Benny, editor, and Schwarzmann, Alexander, editor

Published
2021
Full Text
View/download PDF

19. Handwritten Signature Verification Using Hand-Worn Devices

Author

Nassi, Ben, Levy, Alona, Elovici, Yuval, and Shmueli, Erez

Subjects
Computer Science - Cryptography and Security, Computer Science - Computer Vision and Pattern Recognition, Computer Science - Computers and Society
Abstract

Online signature verification technologies, such as those available in banks and post offices, rely on dedicated digital devices such as tablets or smart pens to capture, analyze and verify signatures. In this paper, we suggest a novel method for online signature verification that relies on the increasingly available hand-worn devices, such as smartwatches or fitness trackers, instead of dedicated ad-hoc devices. Our method uses a set of known genuine and forged signatures, recorded using the motion sensors of a hand-worn device, to train a machine learning classifier. Then, given the recording of an unknown signature and a claimed identity, the classifier can determine whether the signature is genuine or forged. In order to validate our method, it was applied on 1980 recordings of genuine and forged signatures that we collected from 66 subjects in our institution. Using our method, we were able to successfully distinguish between genuine and forged signatures with a high degree of accuracy (0.98 AUC and 0.05 EER).

Published
2016

20. Virtual Breathalyzer

Author

Nassi, Ben, Rokach, Lior, and Elovici, Yuval

Subjects
Computer Science - Human-Computer Interaction, Computer Science - Computers and Society
Abstract

Driving under the influence of alcohol is a widespread phenomenon in the US where it is considered a major cause of fatal accidents. In this research we present a novel approach and concept for detecting intoxication from motion differences obtained by the sensors of wearable devices. We formalize the problem of drunkenness detection as a supervised machine learning task, both as a binary classification problem (drunk or sober) and a regression problem (the breath alcohol content level). In order to test our approach, we collected data from 30 different subjects (patrons at three bars) using Google Glass and the LG G-watch, Microsoft Band, and Samsung Galaxy S4. We validated our results against an admissible breathalyzer used by the police. A system based on this concept, successfully detected intoxication and achieved the following results: 0.95 AUC and 0.05 FPR, given a fixed TPR of 1.0. Applications based on our system can be used to analyze the free gait of drinkers when they walk from the car to the bar and vice-versa, in order to alert people, or even a connected car and prevent people from driving under the influence of alcohol.

Published
2016

21. Protecting Autonomous Cars from Phantom Attacks.

Author

NASSI, BEN, MIRSKY, YISROEL, SHAMS, JACOB, BEN-NETANEL, RAZ, NASSI, DUDI, and ELOVICI, YUVAL

Subjects
*DRIVERLESS cars, *CYBERTERRORISM, *OBJECT recognition (Computer vision), *DRIVER assistance systems, *ARTIFICIAL intelligence, *COMPUTER security
Abstract

This article looks at the prevention of phantom attacks in autonomous (also known as driverless) cars and cars with advanced driver-assistance systems. Phantom attacks in advanced driver-assisted or driverless cars occur when phantoms, depth-less visual objects used to deceive object detection in computer vision, are purposely presented by cyber attackers to trigger a reaction such as an alarm or sudden automatic braking of the car. For prevention of these attacks the authors suggest extra focus on securing the artificial intelligence model and tips on evaluating the model’s enhanced security against phantom attacks. [EPC]

Published
2023
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results