A team composed of three Belgian researchers has developed a tool that makes users undetectable for person recognition software, reported cybersecurity specialists from the International Institute of Cyber Security (IICS).
Wiebe Van Ranst, Simen Thys and Toon Goedeme, from the KU Leuven University, presented their research entitled “Cheating Automated surveillance cameras: a patch to avoid individual detection” in a recent computer security event.
In broad terms, cybersecurity experts described the used method, which consists of a signaling that can defend the carrier against Darknet, an open source neural network framework with support for You Only Look Once (YOLO), real-time object detection system.
The use of the so called “adversarial images”, to deceive the detection systems that work with machine learning, increasingly call the attention of the cybersecurity community. Although the research work in this area is not scarce, the Belgian experts say that their method goes further, because previous research does not address something as diverse as people.
“The goal is to bypass the detection of security systems that use people recognition just as people enter the camera’s visual field,” the investigators say.
The researchers focused on YOLOv2; to achieve their goal, they added a set of data to images to return bounding boxes that surround the person’s image in the detection algorithm. “In a fixed position relative to these bounding boxes, then we apply the current version of our patch to the image”, is explained in the document.
“The resulting image is sent to the detector and measured the number of times the algorithm manages to detect the person after this process; the optimizer then changes the pixels in the patch to increase the detection protection level”.
The result of this process appears on the screen in the form of a multicolor patch of about 40cm². Researchers hope to extend their work to other neural network architectures like Faster R-CNN, and believe that they could print this pattern on a T-shirt that would render the user “virtually invisible” to the surveillance cameras detection algorithms.