Superman Powered by Kryptonite: Turn the Adversarial Attack into Your Defense Weapon

The presentation discusses the use of Adversarial Machine Learning (ML) to defend against AI-powered attacks by leveraging the weakness of AI models. The focus is on using adversarial perturbation to mislead hackers' AI tools and reprogram their AI toolkit to steal their computing resources.

• Hackers are using AI technology to build deep learning models that can destroy previously unbreakable security mechanisms.
• Adversarial ML exploits vulnerabilities in AI models and crafts inputs to machine learning models that cause the model to make mistakes.
• The presentation proposes using adversarial perturbation to mislead hackers' AI tools and reprogram their AI toolkit to steal their computing resources.
• The presentation demonstrates how to use multiple levels of adversarial attack methods to fool hackers' AI tools and detect hackers when they use AI toolkits.
• The presentation uses the example of CAPTCHA service to illustrate how to use adversarial perturbation to fight against AI weaponized hackers.

The presentation uses the example of a panda image with adversarial perturbation added to it. While humans still see the image as a panda, the machine learning model predicts it as a gibbon with high confidence. This illustrates how adversarial perturbation can cause AI models to make mistakes.

Artificial Intelligence (AI) is wielding a profound impact on global economic and social progress as well as ordinary citizens' daily life. However, with the advancement of AI technology, the next-generation hackers have successfully built a deep learning model that can more easily and efficiently destroy previously unbreakable security mechanisms (e.g., for the most complex CAPTCHAs, the recognition rate is 99%).Similar to the scene in 'Avengers 3' when 'Thanos' (Hackers) created the "Infinity Gauntlet" (AI-powered exploit toolkit) with six gems, and inevitably erases half the universe creature with a finger snap. In reality, as avengers (security defenders), we propose to leverage the weakness of the omnipotent 'Infinity Gauntlet' (AI) to flight evils (hackers). The irony is that the weapon, named 'Adversarial Machine Learning (ML)' used to explore the weakness of AI, was developed by attackers themselves.Adversarial ML exploits vulnerabilities in AI models and crafts inputs to machine learning models that an attacker has intentionally designed to cause the model to make mistakes (i.e., optical illusions for machines). The rationale behind our idea is that we deliberately add "adversarial perturbation" to our "target asset" that does not affect human use, but entirely misleads hacker's AI tools. In the example of "CAPTCHAs" service, we demonstrate how to use multiple levels of adversarial attack methods to fool hacker's AI tools and to detect hackers when they use AI toolkits. Another contribution we made in this paper is to "reprogram" hacker's AI toolkit and steal hacker's computing resources to perform tasks for us.