Daniel Domscheit-Berg, born in 1978, is a German activist and IT security expert. He helped build the WikiLeaks platform from late 2007 to September 2010, and acted as its spokesperson under the pseudonym Daniel Schmitt. Domscheit-Berg wrote a book about his experiences "InsideWikiLeaks“, which was published in early 2011, was translated into 23 languages and was one source for the subsequent Hollywood movie "The Fifth Estate".
Before WikiLeaks, Domscheit-Berg worked for various Fortune 500 companies,
mainly building enterprise-scale wireless and wired networks for the automotive and transport industries.
A network security expert by trade, Domscheit-Berg is an advocate for transparency and freedom of speech by heart, deeply caring for equal access to knowledge and information in a globalized world. In 2011, he was named by Foreign Policy magazine in its FP Top 100 GlobalThinkers. Domscheit-Berg today is involved with various internet projects related to privacy and anonymity, and furthering the decentralization of the Internet's infrastructure.
Wiebe van Ranst
Researcher, KU Leuven
Wiebe Van Ranst is currently active as a post-doctoral researcher in
the EAVISE research group of KU Leuven. Currently, his research is on
applying neural nets on embedded hardware. During his career Wiebe also won some awards, the paper "Fooling automated surveillance cameras: adversarial patches to attack person detection." Which Wiebe co-authored was ranked number 97 in the Almetric most talked about papers of 2019.
Title: Fooling automated surveillance cameras: adversarial patches to attack person detection. Adverserial attacks on machine learning models have seen increasing interest in the past years. By making only subtle changes to the input of a convolutional neural network, the output of the network can be swayed to output a completely different result. The first attacks did this by changing pixel values of an input image slightly to fool a classifier to output the wrong class. Other approaches have tried to learn "patches" that can be applied to an object to fool detectors and classifiers. Some of these approaches have also shown that these attacks are feasible in the real-world, i.e. by modifying an object and filming it with a video camera. However, all of these approaches target classes that contain almost no intra-class variety (e.g. stop signs). The known structure of the object is then used to generate an adversarial patch on top of it.
This talk will be about our work on how to generate adversarial patches to targets with lots of intra-class variety, namely persons. In this work, the goal is to generate a patch that is able successfully hide a person from a person detector. With this goal in mind we explore the possibility of being able to maliciously circumvent surveillance systems.
After that we go deeper into the current state-of-the-art of real-world adversarial attacks.