Evasion Attack STeganography: Turning Vulnerability Of Machine Learning ToAdversarial Attacks Into A Real-world Application

GHAMIZI, Salah; CORDY, Maxime; PAPADAKIS, Mike; LE TRAON, Yves

doi:10.1109/ICCVW54120.2021.00010

Paper published in a journal (Scientific congresses, symposiums and conference proceedings)

Evasion Attack STeganography: Turning Vulnerability Of Machine Learning ToAdversarial Attacks Into A Real-world Application

GHAMIZI, Salah; CORDY, Maxime; PAPADAKIS, Mike et al.

2021 • In Proceedings of International Conference on Computer Vision 2021

Peer reviewed

Permalink
https://hdl.handle.net/10993/47832

DOI
10.1109/ICCVW54120.2021.00010

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

EAST_ICCV_CameraReady.pdf

Author postprint (1.48 MB)

Request a copy

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Adversarial Attacks; Steganography; Watermarking

Abstract :

[en] Evasion Attacks have been commonly seen as a weakness of Deep Neural Networks. In this paper, we flip the paradigm and envision this vulnerability as a useful application. We propose EAST, a new steganography and watermarking technique based on multi-label targeted evasion attacks. Our results confirm that our embedding is elusive; it not only passes unnoticed by humans, steganalysis methods, and machine-learning detectors. In addition, our embedding is resilient to soft and aggressive image tampering (87% recovery rate under jpeg compression). EAST outperforms existing deep-learning-based steganography approaches with images that are 70% denser and 73% more robust and supports multiple datasets and architectures.

Disciplines :

Computer science

Author, co-author :

GHAMIZI, Salah ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

CORDY, Maxime ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal

PAPADAKIS, Mike ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

LE TRAON, Yves ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal

External co-authors :

Language :

English

Title :

Evasion Attack STeganography: Turning Vulnerability Of Machine Learning ToAdversarial Attacks Into A Real-world Application

Publication date :

11 October 2021

Event name :

2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT)

Event date :

11-17 October 2021

By request :

Yes

Journal title :

Proceedings of International Conference on Computer Vision 2021

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Available on ORBilu :

since 16 August 2021

Statistics

Number of views

320 (46 by Unilu)

Number of downloads

4 (2 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™

Bibliography

Hyrum S. Anderson. Evading machine learning malware detection. 2017.
Nicholas Carlini and David Wagner. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. 2017.
Chi-Kwong Chan and L.M. Cheng. Hiding data in images by simple lsb substitution. Pattern Recognition, 37:469-474, 03 2004.
Abbas Cheddad, Joan Condell, Kevin Curran, and Paul Mc Kevitt. Digital image steganography: Survey and analysis of current methods. Signal Processing, 90(3):727-752, 2010.
Francesco Croce and Matthias Hein. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. 2020.
Pieter Delobelle, Paul Temple, Gilles Perrouin, B. Fr'enay, P. Heymans, and B. Berendt. Ethical adversaries: Towards mitigating unfairness with adversarial machine learning. ArXiv, abs/2005.06852, 2020.
Jia Deng, Wei Dong, Richard Socher, Li-Jia Li, Kai Li, and Li Fei-Fei. Imagenet: A large-scale hierarchical image database. In 2009 IEEE conference on computer vision and pattern recognition, pages 248-255. Ieee, 2009.
F. Djebbar, B. Ayad, H. Hamam, and K. Abed-Meraim. A view on latest audio steganography techniques. In 2011 International Conference on Innovations in Information Technology, pages 409-414, April 2011.
Yinpeng Dong, Fangzhou Liao, Tianyu Pang, Hang Su, Jun Zhu, Xiaolin Hu, and Jianguo Li. Boosting adversarial attacks with momentum. 2018.
Sorina Dumitrescu, XiaolinWu, and ZheWang. Detection of lsb steganography via sample pair analysis. In International workshop on information hiding, pages 355-372. Springer, 2002.
M. Everingham, L. Van Gool, C. K. I. Williams, J. Winn, and A. Zisserman. The PASCAL Visual Object Classes Challenge 2012 (VOC2012) Results. http://www.pascalnetwork. org/challenges/VOC/voc2012/workshop/index.html, 2012.
Jeremy R. Flynn, Steve Ward, Julian Abich, and David Poole. Image quality assessment using the ssim and the just noticeable difference paradigm. In Don Harris, editor, Engineering Psychology and Cognitive Ergonomics. Understanding Human Cognition, pages 23-30, Berlin, Heidelberg, 2013. Springer Berlin Heidelberg.
Salah Ghamizi, Maxime Cordy, Martin Gubri, Mike Papadakis, Andrey Boystov, Yves Le Traon, and Anne Goujon. Search-based adversarial testing and improvement of constrained credit scoring systems. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2020, page 1089-1100, New York, NY, USA, 2020. Association for Computing Machinery.
Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and Harnessing Adversarial Examples. pages 1-11, 2014.
Vojtech Holub and Jessica J. Fridrich. Designing steganographic distortion using directional filters. 2012 IEEE International Workshop on Information Forensics and Security (WIFS), pages 234-239, 2012.
Vojtech Holub, Jessica J. Fridrich, and Tomás Denemark. Universal distortion function for steganography in an arbitrary domain. EURASIP Journal on Information Security, 2014:1-13, 2014.
Mehdi Hussain, Ainuddin Wahid Abdul Wahab, Yamani Idna Bin Idris, Anthony T.S. Ho, and Ki Hyun Jung. Image steganography in spatial domain: A survey. Signal Processing: Image Communication, 65(December 2017):46-66, 2018.
Andrew Ilyas, Shibani Santurkar, Dimitris Tsipras, Logan Engstrom, Brandon Tran, and Aleksander Madry. Adversarial examples are not bugs, they are features. arXiv preprint arXiv:1905.02175, 2019.
Hoki Kim. Torchattacks: A pytorch repository for adversarial attacks, 2021.
Alex Krizhevsky. Learning multiple layers of features from tiny images. University of Toronto, 05 2012.
William Ku and Chi-Hung Chi. Survey on the technological aspects of digital rights management. In International Conference on Information Security, pages 391-403. Springer, 2004.
Alexey Kurakin, Ian J. Goodfellow, and Samy Bengio. Adversarial machine learning at scale. ArXiv, abs/1611.01236, 2016.
Bin Li, Junhui He, Jiwu Huang, and Y.Q. Shi. A survey on image steganography and steganalysis. Journal of Information Hiding and Multimedia Signal Processing, 2, 05 2011.
Tsung-Yi Lin, Michael Maire, Serge Belongie, Lubomir Bourdev, Ross Girshick, James Hays, Pietro Perona, Deva Ramanan, C. Lawrence Zitnick, and Piotr Dollár. Microsoft coco: Common objects in context. 2014.
Jia Liu, Yan Ke, Zhuo Zhang, Yu Lei, Jun Li, Minqing Zhang, and Xiaoyuan Yang. Recent advances of image steganography with generative adversarial networks. IEEE Access, PP:1-1, 03 2020.
Jia Liu, Yan Ke, Zhuo Zhang, Yu Lei, Jun Li, Minqing Zhang, and Xiaoyuan Yang. Recent advances of image steganography with generative adversarial networks. IEEE Access, PP:1-1, 03 2020.
Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. Towards Deep Learning Models Resistant to Adversarial Attacks. pages 1-27, 2017.
David J. Miller, Zhen Xiang, and George Kesidis. Adversarial learning in statistical classification: A comprehensive review of defenses against attacks. ArXiv, abs/1904.06292, 2019.
Nicolas Papernot, Patrick Mcdaniel, Somesh Jha, Matt Fredrikson, Z. Berkay Celik, and Ananthram Swami. The limitations of deep learning in adversarial settings. Proceedings-2016 IEEE European Symposium on Security and Privacy, EURO S and P 2016, pages 372-387, 2016.
Adam Paszke, Sam Gross, Soumith Chintala, Gregory Chanan, Edward Yang, Zachary DeVito, Zeming Lin, Al-ban Desmaison, Luca Antiga, and Adam Lerer. Automatic differentiation in pytorch. 2017.
Tomás Pevný, Tomás Filler, and Patrick Bas. Using highdimensional image models to perform highly undetectable steganography. In Rainer Böhme, Philip W. L. Fong, and Reihaneh Safavi-Naini, editors, Information Hiding, pages 161-177, Berlin, Heidelberg, 2010. Springer Berlin Heidelberg.
Christine I Podilchuk and Edward J Delp. Digital watermarking: algorithms and applications. IEEE signal processing Magazine, 18(4):33-46, 2001.
I. S. Reed and G. Solomon. Polynomial codes over certain finite fields. Journal of the Society for Industrial and Applied Mathematics, 8(2):300-304, 1960.
Pouya Samangouei, Maya Kabkab, and Rama Chellappa. Defense-gan: Protecting classifiers against adversarial attacks using generative models. ArXiv, abs/1805.06605, 2018.
Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, and Michael Reiter. Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition. pages 1528-1540, 10 2016.
Haichao Shi, Jing Dong, Wei Wang, Yinlong Qian, and Xiaoyu Zhang. Ssgan: Secure steganography based on generative adversarial networks. 2018.
Qingquan Song, Haifeng Jin, Xiao Huang, and Xia Hu. Multi-label adversarial perturbations. In 2018 IEEE International Conference on Data Mining (ICDM), pages 1242-1247, 2018.
Jiawei Su, Danilo Vasconcellos Vargas, and Kouichi Sakurai. One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation, 23(5):828-841, Oct 2019.
Filiba Tomer. Reed solomon. https://github.com/ tomerfiliba/reedsolomon, 2020.
Denis Volkhonskiy, Ivan Nazarov, and Evgeny Burnaev. Steganographic generative adversarial networks. 2019.
YANG Xiaoyuan WANG Yaojie, NIU Ke. Information hiding scheme based on generative adversarial network. Journal of Computer Applications, 38(10):2923, 2018.
Tang Weixuan, Bin Li, Shunquan Tan, Mauro Barni, and Jiwu Huang. Cnn based adversarial embedding with minimum alteration for image steganography. 03 2018.
Andreas Westfeld. F5a steganographic algorithm. In Ira S. Moskowitz, editor, Information Hiding, pages 289-302, Berlin, Heidelberg, 2001. Springer Berlin Heidelberg.
Da-Chun Wu and Wen-Hsiang Tsai. A steganographic method for images by pixel-value differencing. Pattern Recognition Letters, 24(9):1613-1626, 2003.
Z. Yang, Yufei Han, and X. Zhang. Characterizing the evasion attackability of multi-label classifiers. In AAAI, 2021.
Jian Ye, Jiangqun Ni, and Yang Yi. Deep learning hierarchical representations for image steganalysis. IEEE Transactions on Information Forensics and Security, 12(11):2545-2557, 2017.
Kan Yuan, Di Tang, Xiaojing Liao, and Xiaofeng Wang. Stealthy Porn : Understanding Real-World Adversarial Images for Illicit Online Promotion. 2019 IEEE Symposium on Security and Privacy, pages 547-561, 2019.
Kevin Alex Zhang, Alfredo Cuesta-Infante, Lei Xu, and Kalyan Veeramachaneni. Steganogan: High capacity image steganography with gans. 2019.
Zhou Wang, A. C. Bovik, H. R. Sheikh, and E. P. Simoncelli. Image quality assessment: from error visibility to structural similarity. IEEE Transactions on Image Processing, 13(4):600-612, April 2004.
Jiren Zhu, Russell Kaplan, Justin Johnson, and Li Fei-Fei. Hidden: Hiding data with deep networks. 2018.