Effectiveness of Random Deep Feature Selection for Securing Image Manipulation Detectors Against Adversarial Examples

Barni, Mauro; Nowroozi, Ehsan; Tondi, Benedetta; Zhang, B.

doi:10.1109/icassp40776.2020.9053318

Cited by 14 publications

(13 citation statements)

References 22 publications

(40 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In each case, transferability was low with cross-model-and-training scenario showing the lowest attack transferability. In the further work [15], Barni at al. proposed an effective method for the detection of adversarial attacks and effective protection of image forensics approaches from those attacks.…”

Section: Related Workmentioning

confidence: 94%

Multitask adversarial attack with dispersion amplification

Haleta¹,

Likhomanov²,

Sokol³

2021

EURASIP J. on Info. Security

View full text Add to dashboard Cite

Recently, adversarial attacks have drawn the community’s attention as an effective tool to degrade the accuracy of neural networks. However, their actual usage in the world is limited. The main reason is that real-world machine learning systems, such as content filters or face detectors, often consist of multiple neural networks, each performing an individual task. To attack such a system, adversarial example has to pass through many distinct networks at once, which is the major challenge addressed by this paper. In this paper, we investigate multitask adversarial attacks as a threat for real-world machine learning solutions. We provide a novel black-box adversarial attack, which significantly outperforms the current state-of-the-art methods, such as Fast Gradient Sign Attack (FGSM) and Basic Iterative Method (BIM, also known as Iterative-FGSM) in the multitask setting.

show abstract

Section: Related Workmentioning

confidence: 94%

Multitask adversarial attack with dispersion amplification

Haleta¹,

Likhomanov²,

Sokol³

2021

EURASIP J. on Info. Security

View full text Add to dashboard Cite

show abstract

“…This sprouted a huge offer of defensive methodologies against adversarial samples in this scenario, such as model enhancing via distillation [21] and adversarial sample detection via statistical methods [9] or auxiliary models [18,4]. Among them, most promising methods are based on the introduction of randomization in the prediction process [24,1]. Feinman et al [7] propose a detection scheme based on randomizing the output of the network using dropout that mostly relate with the rationale of our proposed detection method.…”

Section: Related Workmentioning

confidence: 99%

Defending Neural ODE Image Classifiers from Adversarial Attacks with Tolerance Randomization

Carrara

Caldelli

Falchi

et al. 2021

Pattern Recognition. ICPR International Workshops and Challenges

View full text Add to dashboard Cite

Deep learned models are now largely adopted in different fields, and they generally provide superior performances with respect to classical signal-based approaches. Notwithstanding this, their actual reliability when working in an unprotected environment is far enough to be proven. In this work, we consider a novel deep neural network architecture, named Neural Ordinary Differential Equations (N-ODE), that is getting particular attention due to an attractive property -a test-time tunable trade-off between accuracy and efficiency. This paper analyzes the robustness of N-ODE image classifiers when faced against a strong adversarial attack and how its effectiveness changes when varying such a tunable trade-off. We show that adversarial robustness is increased when the networks operate in different tolerance regimes during test time and training time. On this basis, we propose a novel adversarial detection strategy for N-ODE nets based on the randomization of the adaptive ODE solver tolerance. Our evaluation performed on standard image classification benchmarks shows that our detection technique provides high rejection of adversarial examples while maintaining most of the original samples under white-box attacks and zero-knowledge adversaries.

show abstract

“…Randomization strategy is another method in this category that can be employed to enhance the robustness for forensic detectors on DL for general models and standard-based forensics [82,83]. Zhang et al, [82] they optimized the feature sets, which intrinsically become secure against a PK attack by considering feature selection method on adversarial samples that increase the security versus attacks at test time.…”

Section: • Data Randomizationmentioning

confidence: 99%

“…Therefore, feature randomization plays an important role in the security-related application when a small set of features are considered to overcome the complexity or even enhance the performance of classification to tackle adversarial attacks. Barni et al, [83] considered random feature selection strategy that can improve the security and robustness of forensic detectors for the general model and standard ML-based to mitigate the adversarial dangerousness attacks. The experiments prove that feature randomization strategy reducing the transferability of attacks, and increase the security of detection even in the presence of mismatch architectures.…”

Section: • Data Randomizationmentioning

confidence: 99%

A Survey of Machine Learning Techniques in Adversarial Image Forensics

Nowroozi¹,

Dehghantanha²,

Parizi³

et al. 2020

Preprint

View full text Add to dashboard Cite

Image forensic plays a crucial role in both criminal investigations (e.g., dissemination of fake images to spread racial hate or false narratives about specific ethnicity groups) and civil litigation (e.g., defamation). Increasingly, machine learning approaches are also utilized in image forensics. However, there are also a number of limitations and vulnerabilities associated with machine learning-based approaches, for example how to detect adversarial (image) examples, with real-world consequences (e.g., inadmissible evidence, or wrongful conviction). Therefore, with a focus on image forensics, this paper surveys techniques that can be used to enhance the robustness of machine learning-based binary manipulation detectors in various adversarial scenarios.

show abstract

Effectiveness of Random Deep Feature Selection for Securing Image Manipulation Detectors Against Adversarial Examples

Cited by 14 publications

References 22 publications

Multitask adversarial attack with dispersion amplification

Multitask adversarial attack with dispersion amplification

Defending Neural ODE Image Classifiers from Adversarial Attacks with Tolerance Randomization

A Survey of Machine Learning Techniques in Adversarial Image Forensics

Contact Info

Product

Resources

About