Weaponizing Neural Networks
<html>In your browser!</html>
<p>Andrei Cotaie – Senior Security Engineer</p>
<p>Tiberiu Boros - Computer Scientist</p>
Or how to abuse neural networks in learning stupid stuff !
The opinions and views expressed in this presentation are based on our
independent research and does not relate on our employer.
The research presented in this presentation should only be used for
Do we trust
machine learning ?
Where are we going?
Where do we come from?
What are we?
• Probably, you already saw the DeepFake Videos :D ;)
going to talk
• Machine Learning
• Neural networks
• Hiding intelligence (overfitting)
• Training of a NN
• Executing NN in HTML pages
• Reverse Engineering the NN JSON/JS
• Natural and Embedded AntiForensic
A .js world
Into the Browser:
Out of the browser:
Wscript.exe, Cscript.exe, node, jsc, rhino etc
JS desktop applications frameworks:
• The GOOD, The BAD and The UGLY
• Obfuscation != Encryption
HOW TO obfuscate your life:
• Dead Code insertion
• Subroutine reordering
• Code transposition
• Instruction substitution
• Code integration
• Register reassignment
Compression of data ?
ML to the !“rescue”
• This is a single Long-Short-
Term Memory Cell
• It "learns" what it needs to
What it sees
ML Libraries for JS
• brain.js (Neural Networks)
• Synaptic (Neural Networks)
• Natural (Natural Language Processing)
• ConvNetJS (Convolutional Neural
• mljs (A set of sub-libraries with a variety
• Neataptic (Neural Networks)
• Webdnn (Deep Learning)
• Tensorflow (google project)
.JS+ ML + PAYLOAD +
Whole lotta love...
• Maybe delete or undefine the
(delete OR unset)
• And maybe more legit cover channels might
• Make sure transitions between NN calls are
made untraceable. Add some intelligence to
• Do IT yourself! You can Float too! (using any ML
• Statically reverting input data is almost impossible
using just the latent representations
• Whenever great minds create something
innovative, lazy evil minds will abuse it
• Do we trust neural networks to run in our browsers?