Adversarial Source Identification Game With Corrupted Training

Barni, Mauro; Tondi, Benedetta

doi:10.1109/tit.2018.2806742

Cited by 15 publications

(7 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also mention the case of unknown sources, where the source statistics are estimated from training data, possibly corrupted by the attacker. In this scenario, the detection game has been studied for a partially active case, with both uncorrupted and corrupted training data [13,14]. The extension of such analyses to the fully active scenario represents a further interesting direction for future research.…”

Section: Discussionmentioning

confidence: 99%

“…Some variants of this attack-detection game have also been studied; for instance, in [13], the setting is extended to the case where the sources are known to neither the defender nor the attacker, while the training data from both sources are available to both parties. Within this framework, the case where part of the training data available to the defender is corrupted by the attacker has also been studied (see [14]).…”

Section: Introductionmentioning

confidence: 99%

“…Such an assumption, according to which the detector has access to a limited set of empirical statistics of the sequence, is referred to as limited resources assumption (see [12] for an introduction on this terminology). In particular, as already done in related literature [11,13,14], we limit the detection resources to first-order statistics, which are known to be a sufficient statistic for memoryless systems (Section 2.9, [19]). In the setup studied in this paper, the sources are indeed assumed to be memoryless, however one might still be concerned regarding the sufficiency of first-order statistics in our setting, since the attack channel is not assumed memoryless in the first place.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Detection Games under Fully Active Adversaries

Tondi

Merhav

Barni

2018

Entropy

Self Cite

View full text Add to dashboard Cite

We study a binary hypothesis testing problem in which a defender must decide whether a test sequence has been drawn from a given memoryless source P 0 , while an attacker strives to impede the correct detection. With respect to previous works, the adversarial setup addressed in this paper considers an attacker who is active under both hypotheses, namely, a fully active attacker, as opposed to a partially active attacker who is active under one hypothesis only. In the fully active setup, the attacker distorts sequences drawn both from P 0 and from an alternative memoryless source P 1 , up to a certain distortion level, which is possibly different under the two hypotheses, to maximize the confusion in distinguishing between the two sources, i.e., to induce both false positive and false negative errors at the detector, also referred to as the defender. We model the defender–attacker interaction as a game and study two versions of this game, the Neyman–Pearson game and the Bayesian game. Our main result is in the characterization of an attack strategy that is asymptotically both dominant (i.e., optimal no matter what the defender’s strategy is) and universal, i.e., independent of P 0 and P 1 . From the analysis of the equilibrium payoff, we also derive the best achievable performance of the defender, by relaxing the requirement on the exponential decay rate of the false positive error probability in the Neyman–Pearson setup and the tradeoff between the error exponents in the Bayesian setup. Such analysis permits characterizing the conditions for the distinguishability of the two sources given the distortion levels.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Detection Games under Fully Active Adversaries

Tondi

Merhav

Barni

2018

Entropy

Self Cite

View full text Add to dashboard Cite

show abstract

“…Finally, we conclude with the note that anomaly detection problems involve adversarial aspects (e.g., adversarial signal processing, adversarial hypothesis testing) which involve adversaries (intruders) who change their strategies over time. For a glimpse of such research areas, we refer to References 72‐75. Naturally, machine learning techniques play a pivotal role in these areas.…”

Section: A Summary and Potential Extensionsmentioning

confidence: 99%

Detecting systematic anomalies affecting systems when inputs are stationary time series

Sun

Yang

Zitikis

2022

Appl Stoch Models Bus & Ind

View full text Add to dashboard Cite

We develop an anomaly detection method when systematic anomalies, possibly statistically very similar to genuine inputs, are affecting control systems at the input and/or output stages. The method allows anomaly free inputs (i.e., those before contamination) to originate from a wide class of random sequences, thus opening up possibilities for diverse applications. To illustrate how the method works on data, and how to interpret its results and make decisions, we analyze several actual time series, which are originally nonstationary but in the process of analysis are converted into stationary. As a further illustration, we provide a controlled experiment with anomaly free inputs following an ARMA time series model under various contamination scenarios.

show abstract

“…Game theory has also been used in many other contiguous security-related fields, e.g., in watermarking [37] and multimedia forensics [38,39]. A game-theoretic framework to account for the presence of adversaries in general binary detection problems has been studied in [40,41]. The game-theoretic approach followed in this paper is similar to the one adopted in [42], where the problem of data fusion in the presence of malicious nodes is studied.…”

Section: Prior Art On Game Theory In Related Security Areasmentioning

confidence: 99%

CNN-based Steganalysis and Parametric Adversarial Embedding: a Game-Theoretic Framework

Shi

Tondi

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

CNN-based steganalysis has recently achieved very good performance in detecting content-adaptive steganography. At the same time, recent works have shown that, by adopting an approach similar to that used to build adversarial examples, a steganographer can adopt an adversarial embedding strategy to effectively counter a target CNN steganalyzer. In turn, the good performance of the steganalyzer can be restored by retraining the CNN with adversarial stego images. A problem with this model is that, arguably, at training time the steganalizer is not aware of the exact parameters used by the steganograher for adversarial embedding and, vice versa, the steganographer does not know how the images that will be used to train the steganalyzer are generated. In order to exit this apparent deadlock, we introduce a game theoretic framework wherein the problem of setting the parameters of the steganalyzer and the steganographer is solved in a strategic way. More specifically, a non-zero sum game is first formulated to model the problem, and then instantiated by considering a specific adversarial embedding scheme setting its operating parameters in a game-theoretic fashion. Our analysis shows that the equilibrium solution of the non zero-sum game can be conveniently found by solving an associated zero-sum game, thus reducing greatly the complexity of the problem. Then we run several experiments to derive the optimum strategies for the steganographer and the staganalyst in a game-theoretic sense, and to evaluate the performance of the game at the equilibrium, characterizing the loss with respect to the conventional non-adversarial case. Eventually, by leveraging on the analysis of the equilibrium point of the game, we introduce a new strategy to improve the reliability of the steganalysis, which shows the benefits of addressing the security issue in a game-theoretic perspective.

show abstract

Adversarial Source Identification Game With Corrupted Training

Cited by 15 publications

References 30 publications

Detection Games under Fully Active Adversaries

Detection Games under Fully Active Adversaries

Detecting systematic anomalies affecting systems when inputs are stationary time series

CNN-based Steganalysis and Parametric Adversarial Embedding: a Game-Theoretic Framework

Contact Info

Product

Resources

About