Litcius/Paper detail

Evasion Attack STeganography: Turning Vulnerability Of Machine Learning To Adversarial Attacks Into A Real-world Application

Salah Ghamizi, Maxime Cordy, Mike Papadakis, Yves Le Traon

202118 citationsDOI

Abstract

Evasion Attacks have been commonly seen as a weakness of Deep Neural Networks. In this paper, we flip the paradigm and envision this vulnerability as a useful application. We propose EAST, a new steganography and watermarking technique based on multi-label targeted evasion attacks. The key idea of EAST is to encode data as the labels of the image that the evasion attacks produce.Our results confirm that our embedding is elusive; it not only passes unnoticed by humans, steganalysis methods, and machine-learning detectors. In addition, our embedding is resilient to soft and aggressive image tampering (87% recovery rate under jpeg compression). EAST outperforms existing deep-learning-based steganography approaches with images that are 70% denser and 73% more robust and supports multiple datasets and architectures.We provide our algorithm and open-source code at https://github.com/yamizi/Adversarial-Embedding

Topics & Concepts

Computer scienceSteganographyEvasion (ethics)EmbeddingDeep learningVulnerability (computing)AutoencoderArtificial intelligenceComputer securitySteganalysisCode (set theory)Key (lock)Source codeAdversarial systemMachine learningOperating systemProgramming languageImmunologySet (abstract data type)Immune systemBiologyAdversarial Robustness in Machine LearningDigital Media Forensic DetectionAdvanced Malware Detection Techniques
Evasion Attack STeganography: Turning Vulnerability Of Machine Learning To Adversarial Attacks Into A Real-world Application | Litcius