Events
The Taub Faculty of Computer Science Events and Talks
Prof. Adi Shamir (Weizmann Institute of Science)
Tuesday, 20.06.2023, 14:30
In this talk I will describe how to plant novel types of backdoors in any facial recognition model based on the popular architecture of deep Siamese neural networks, by mathematically changing a small fraction of its weights (i.e., without using any additional training or optimization). These backdoors force the system to err only on specific persons which are preselected by the attacker. For example, we show how such a backdoored system can take any two images of a particular person and decide that they represent different persons (an anonymity attack), or take any two images of a particular pair of persons and decide that they represent the same person (a confusion attack), with almost no effect on the correctness of its decisions for other persons. Uniquely, we show that multiple backdoors can be independently installed by multiple attackers who may not be aware of each other's existence with almost no interference.
Joint work with Irad Zehavi.
Bio:
Adi Shamir is a Professor of Computer Science at the Weizmann Institute of Science. Professor Shamir's research focuses on the foundations and applications of cryptography. Among his research contributions are the RSA algorithm, the SSS scheme and differential cryptanalysis. He is the recipient of various awards and honors for his scientific contributions, including the Turing award, Erdos prize, and the Israel Prize.