Security Consideration For Deep Learning-Based Image Forensics

Recently, image forensics community has paied attention to the research on the design of effective algorithms based on deep learning technology and facts proved that combining the domain knowledge of image forensics and deep learning would achieve more robust and better performance than the traditional schemes. Instead of improving it, in this paper, the safety of deep learning based methods in the field of image forensics is taken into account. To the best of our knowledge, this is a first work focusing on this topic. Specifically, we experimentally find that the method using deep learning would fail when adding the slight noise into the images (adversarial images). Furthermore, two kinds of strategys are proposed to enforce security of deep learning-based method. Firstly, an extra penalty term to the loss function is added, which is referred to the 2-norm of the gradient of the loss with respect to the input images, and then an novel training method are adopt to train the model by fusing the normal and adversarial images. Experimental results show that the proposed algorithm can achieve good performance even in the case of adversarial images and provide a safety consideration for deep learning-based image forensics

[1]  Ananthram Swami,et al.  Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[2]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[3]  Marc Chaumont,et al.  Camera model identification with the use of deep convolutional neural networks , 2016, 2016 IEEE International Workshop on Information Forensics and Security (WIFS).

[4]  Paolo Bestagini,et al.  A Preliminary Study on Convolutional Neural Networks for Camera Model Identification , 2017, Media Watermarking, Security, and Forensics.

[5]  Paolo Bestagini,et al.  First Steps Toward Camera Model Identification With Convolutional Neural Networks , 2016, IEEE Signal Processing Letters.

[6]  Yao Zhao,et al.  Source camera identification based on content-adaptive fusion residual networks , 2017, Pattern Recognit. Lett..

[7]  Ananthram Swami,et al.  Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples , 2016, ArXiv.

[8]  Belhassen Bayar,et al.  A Deep Learning Approach to Universal Image Manipulation Detection Using a New Convolutional Layer , 2016, IH&MMSec.

[9]  Samy Bengio,et al.  Adversarial Machine Learning at Scale , 2016, ICLR.

[10]  Yao Zhao,et al.  Median filtering detection of small-size image based on CNN , 2018, J. Vis. Commun. Image Represent..

[11]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[12]  Yao Zhao,et al.  Recapture Image Forensics Based on Laplacian Convolutional Neural Networks , 2016, IWDW.

[13]  Paolo Bestagini,et al.  Aligned and Non-Aligned Double JPEG Detection Using Convolutional Neural Networks , 2017, J. Vis. Commun. Image Represent..

[14]  Z. Jane Wang,et al.  Median Filtering Forensics Based on Convolutional Neural Networks , 2015, IEEE Signal Processing Letters.