Evasion Attack STeganography: Turning Vulnerability of Machine Learning to Adversarial Attacks into A Real-world Application

Salah Ghamizi; Maxime Cordy; Mike Papadakis; Yves Le Traon

doi:10.1109/ICCVW54120.2021.00010

Evasion Attack STeganography: Turning Vulnerability of Machine Learning to Adversarial Attacks into A Real-world Application

Salah Ghamizi, Maxime Cordy, Mike Papadakis, Yves Le Traon

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

12 Citations (Scopus)

Abstract

Evasion Attacks have been commonly seen as a weakness of Deep Neural Networks. In this paper, we flip the paradigm and envision this vulnerability as a useful application. We propose EAST, a new steganography and watermarking technique based on multi-label targeted evasion attacks. The key idea of EAST is to encode data as the labels of the image that the evasion attacks produce.Our results confirm that our embedding is elusive; it not only passes unnoticed by humans, steganalysis methods, and machine-learning detectors. In addition, our embedding is resilient to soft and aggressive image tampering (87% recovery rate under jpeg compression). EAST outperforms existing deep-learning-based steganography approaches with images that are 70% denser and 73% more robust and supports multiple datasets and architectures.We provide our algorithm and open-source code at https://github.com/yamizi/Adversarial-Embedding

Original language	English
Title of host publication	Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	4031-4039
Number of pages	9
ISBN (Electronic)	9781665401913
DOIs	https://doi.org/10.1109/ICCVW54120.2021.00010
Publication status	Published - 2021
Externally published	Yes
Event	18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021 - Virtual, Online, Canada Duration: 11 Oct 2021 → 17 Oct 2021

Publication series

Name	Proceedings of the IEEE International Conference on Computer Vision
Volume	2021-October
ISSN (Print)	1550-5499

Conference

Conference	18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021
Country/Territory	Canada
City	Virtual, Online
Period	11/10/21 → 17/10/21

Access to Document

10.1109/ICCVW54120.2021.00010

Cite this

Ghamizi, S., Cordy, M., Papadakis, M., & Traon, Y. L. (2021). Evasion Attack STeganography: Turning Vulnerability of Machine Learning to Adversarial Attacks into A Real-world Application. In Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021 (pp. 4031-4039). (Proceedings of the IEEE International Conference on Computer Vision; Vol. 2021-October). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCVW54120.2021.00010

Ghamizi, Salah ; Cordy, Maxime ; Papadakis, Mike et al. / Evasion Attack STeganography : Turning Vulnerability of Machine Learning to Adversarial Attacks into A Real-world Application. Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 4031-4039 (Proceedings of the IEEE International Conference on Computer Vision).

@inproceedings{3d2ac37106af41f3a1e19c87f93d5cfb,

title = "Evasion Attack STeganography: Turning Vulnerability of Machine Learning to Adversarial Attacks into A Real-world Application",

abstract = "Evasion Attacks have been commonly seen as a weakness of Deep Neural Networks. In this paper, we flip the paradigm and envision this vulnerability as a useful application. We propose EAST, a new steganography and watermarking technique based on multi-label targeted evasion attacks. The key idea of EAST is to encode data as the labels of the image that the evasion attacks produce.Our results confirm that our embedding is elusive; it not only passes unnoticed by humans, steganalysis methods, and machine-learning detectors. In addition, our embedding is resilient to soft and aggressive image tampering (87% recovery rate under jpeg compression). EAST outperforms existing deep-learning-based steganography approaches with images that are 70% denser and 73% more robust and supports multiple datasets and architectures.We provide our algorithm and open-source code at https://github.com/yamizi/Adversarial-Embedding",

author = "Salah Ghamizi and Maxime Cordy and Mike Papadakis and Traon, {Yves Le}",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021 ; Conference date: 11-10-2021 Through 17-10-2021",

year = "2021",

doi = "10.1109/ICCVW54120.2021.00010",

language = "English",

series = "Proceedings of the IEEE International Conference on Computer Vision",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "4031--4039",

booktitle = "Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021",

address = "United States",

}

Ghamizi, S, Cordy, M, Papadakis, M & Traon, YL 2021, Evasion Attack STeganography: Turning Vulnerability of Machine Learning to Adversarial Attacks into A Real-world Application. in Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021. Proceedings of the IEEE International Conference on Computer Vision, vol. 2021-October, Institute of Electrical and Electronics Engineers Inc., pp. 4031-4039, 18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021, Virtual, Online, Canada, 11/10/21. https://doi.org/10.1109/ICCVW54120.2021.00010

Evasion Attack STeganography: Turning Vulnerability of Machine Learning to Adversarial Attacks into A Real-world Application. / Ghamizi, Salah; Cordy, Maxime; Papadakis, Mike et al.
Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 4031-4039 (Proceedings of the IEEE International Conference on Computer Vision; Vol. 2021-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Evasion Attack STeganography

T2 - 18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021

AU - Ghamizi, Salah

AU - Cordy, Maxime

AU - Papadakis, Mike

AU - Traon, Yves Le

PY - 2021

Y1 - 2021

N2 - Evasion Attacks have been commonly seen as a weakness of Deep Neural Networks. In this paper, we flip the paradigm and envision this vulnerability as a useful application. We propose EAST, a new steganography and watermarking technique based on multi-label targeted evasion attacks. The key idea of EAST is to encode data as the labels of the image that the evasion attacks produce.Our results confirm that our embedding is elusive; it not only passes unnoticed by humans, steganalysis methods, and machine-learning detectors. In addition, our embedding is resilient to soft and aggressive image tampering (87% recovery rate under jpeg compression). EAST outperforms existing deep-learning-based steganography approaches with images that are 70% denser and 73% more robust and supports multiple datasets and architectures.We provide our algorithm and open-source code at https://github.com/yamizi/Adversarial-Embedding

AB - Evasion Attacks have been commonly seen as a weakness of Deep Neural Networks. In this paper, we flip the paradigm and envision this vulnerability as a useful application. We propose EAST, a new steganography and watermarking technique based on multi-label targeted evasion attacks. The key idea of EAST is to encode data as the labels of the image that the evasion attacks produce.Our results confirm that our embedding is elusive; it not only passes unnoticed by humans, steganalysis methods, and machine-learning detectors. In addition, our embedding is resilient to soft and aggressive image tampering (87% recovery rate under jpeg compression). EAST outperforms existing deep-learning-based steganography approaches with images that are 70% denser and 73% more robust and supports multiple datasets and architectures.We provide our algorithm and open-source code at https://github.com/yamizi/Adversarial-Embedding

UR - http://www.scopus.com/inward/record.url?scp=85123053278&partnerID=8YFLogxK

U2 - 10.1109/ICCVW54120.2021.00010

DO - 10.1109/ICCVW54120.2021.00010

M3 - Conference contribution

AN - SCOPUS:85123053278

T3 - Proceedings of the IEEE International Conference on Computer Vision

SP - 4031

EP - 4039

BT - Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 11 October 2021 through 17 October 2021

ER -

Ghamizi S, Cordy M, Papadakis M, Traon YL. Evasion Attack STeganography: Turning Vulnerability of Machine Learning to Adversarial Attacks into A Real-world Application. In Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 4031-4039. (Proceedings of the IEEE International Conference on Computer Vision). doi: 10.1109/ICCVW54120.2021.00010

Evasion Attack STeganography: Turning Vulnerability of Machine Learning to Adversarial Attacks into A Real-world Application

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this