2018 IEEE European Symposium on Security and Privacy (EuroS&P) 2018
DOI: 10.1109/eurosp.2018.00041
|View full text |Cite
|
Sign up to set email alerts
|

Forgotten Siblings: Unifying Attacks on Machine Learning and Digital Watermarking

Abstract: Machine learning is increasingly used in security-critical applications, such as autonomous driving, face recognition and malware detection. Most learning methods, however, have not been designed with security in mind and thus are vulnerable to different types of attacks. This problem has motivated the research field of adversarial machine learning that is concerned with attacking and defending learning methods. Concurrently, a different line of research has tackled a very similar problem: In digital watermark… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
32
0

Year Published

2018
2018
2021
2021

Publication Types

Select...
5
3
1

Relationship

1
8

Authors

Journals

citations
Cited by 55 publications
(32 citation statements)
references
References 63 publications
(131 reference statements)
0
32
0
Order By: Relevance
“…Finally, we note that the concept of fragile fingerprints effectively demonstrates how asymmetries in the quality of accessible data can be exploited. In the context of recent unification attempts between related research disciplines [3,22], this may foster novel strategies in adversarial machine learning or signal processing. use the following identities between spatial pixels and DCT coefficients:…”
Section: Resultsmentioning
confidence: 99%
“…Finally, we note that the concept of fragile fingerprints effectively demonstrates how asymmetries in the quality of accessible data can be exploited. In the context of recent unification attempts between related research disciplines [3,22], this may foster novel strategies in adversarial machine learning or signal processing. use the following identities between spatial pixels and DCT coefficients:…”
Section: Resultsmentioning
confidence: 99%
“…An analogy becomes evident with digital watermarking [15]. In this application, the watermark signal pushes the input image into the detection region (the set of images deemed as watermarked by the detector), whereas here the adversarial perturbation drives the image outside its class region.…”
Section: Imperceptibility Of Adversarial Perturbationsmentioning
confidence: 99%
“…We also mention paper [7] which makes a very good comparison between attacks in watermarking and attacks on DL networks (a.k.a. adversarial sample -see Sect.…”
Section: Prior Workmentioning
confidence: 99%