{"title":"通过集合隐写分析和对抗性扰动最小化提高图像隐写术的安全性","authors":"","doi":"10.1016/j.jisa.2024.103835","DOIUrl":null,"url":null,"abstract":"<div><p>Adversarial embedding, which can deceive the CNN-based steganalyzers, has emerged as an effective strategy to improve image steganography security. However, its efficacy might be easily weakened when confronting re-trained or unknown steganalyzers. In this work, the security of adversarial embedding-based image steganography is further improved by ensemble steganalysis and adversarial perturbation minimization. Different from the existing works that rely on a single targeted steganalyzer, the proposed approach develops an ensemble steganographic classifier, which leverages the majority voting rule to smartly select those pixels that are more suitable for adversarial embedding. To mitigate the interference caused by adversarial embedding, two strategies are adopted. Firstly, a cover image is divided into two non-overlapping regions in terms of pixel gradient amplitude. The regions with higher gradient amplitudes are progressively conducted with adversarial embedding until the targeted steganalyzer is effectively deceived. Secondly, the embedding costs are fine-tuned to minimize the degradation of image quality. Extensive experimental results demonstrate that the proposed approach achieves superior steganography security. Under black-box attacks, with S-UNIWARD and HILL as baseline methods and Deng-Net as the targeted steganalyzer, the proposed approach improves the average detection accuracy of 4.88% and 2.47% for S-UNIWARD and HILL, respectively. In comparison, the existing works only achieve improvements of 2.88% and 2.93% for S-UNIWARD, and 1.44% and 1.12% for HILL, respectively.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8000,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Improving image steganography security via ensemble steganalysis and adversarial perturbation minimization\",\"authors\":\"\",\"doi\":\"10.1016/j.jisa.2024.103835\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Adversarial embedding, which can deceive the CNN-based steganalyzers, has emerged as an effective strategy to improve image steganography security. However, its efficacy might be easily weakened when confronting re-trained or unknown steganalyzers. In this work, the security of adversarial embedding-based image steganography is further improved by ensemble steganalysis and adversarial perturbation minimization. Different from the existing works that rely on a single targeted steganalyzer, the proposed approach develops an ensemble steganographic classifier, which leverages the majority voting rule to smartly select those pixels that are more suitable for adversarial embedding. To mitigate the interference caused by adversarial embedding, two strategies are adopted. Firstly, a cover image is divided into two non-overlapping regions in terms of pixel gradient amplitude. The regions with higher gradient amplitudes are progressively conducted with adversarial embedding until the targeted steganalyzer is effectively deceived. Secondly, the embedding costs are fine-tuned to minimize the degradation of image quality. Extensive experimental results demonstrate that the proposed approach achieves superior steganography security. Under black-box attacks, with S-UNIWARD and HILL as baseline methods and Deng-Net as the targeted steganalyzer, the proposed approach improves the average detection accuracy of 4.88% and 2.47% for S-UNIWARD and HILL, respectively. In comparison, the existing works only achieve improvements of 2.88% and 2.93% for S-UNIWARD, and 1.44% and 1.12% for HILL, respectively.</p></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2024-07-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212624001376\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001376","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
逆向嵌入可以欺骗基于 CNN 的隐写分析器,已成为提高图像隐写术安全性的一种有效策略。然而,在面对经过重新训练或未知的隐分析器时,它的功效很容易被削弱。在这项研究中,通过集合隐写分析和对抗性扰动最小化,基于对抗性嵌入的图像隐写术的安全性得到了进一步提高。与依赖单一目标隐分析器的现有工作不同,所提出的方法开发了一种集合隐分析分类器,利用多数投票规则,智能地选择那些更适合进行对抗性嵌入的像素。为了减轻对抗性嵌入造成的干扰,采用了两种策略。首先,按像素梯度振幅将封面图像划分为两个非重叠区域。梯度幅度较大的区域逐步进行对抗性嵌入,直到目标隐分析仪被有效欺骗为止。其次,对嵌入成本进行微调,以尽量减少图像质量的下降。广泛的实验结果表明,所提出的方法实现了卓越的隐写术安全性。在黑盒攻击下,以 S-UNIWARD 和 HILL 为基线方法,Deng-Net 为目标隐写分析器,提出的方法提高了 S-UNIWARD 和 HILL 的平均检测准确率,分别为 4.88% 和 2.47%。相比之下,现有方法对 S-UNIWARD 和 HILL 的平均检测准确率仅分别提高了 2.88% 和 2.93%,对 S-UNIWARD 和 HILL 的平均检测准确率仅分别提高了 1.44% 和 1.12%。
Improving image steganography security via ensemble steganalysis and adversarial perturbation minimization
Adversarial embedding, which can deceive the CNN-based steganalyzers, has emerged as an effective strategy to improve image steganography security. However, its efficacy might be easily weakened when confronting re-trained or unknown steganalyzers. In this work, the security of adversarial embedding-based image steganography is further improved by ensemble steganalysis and adversarial perturbation minimization. Different from the existing works that rely on a single targeted steganalyzer, the proposed approach develops an ensemble steganographic classifier, which leverages the majority voting rule to smartly select those pixels that are more suitable for adversarial embedding. To mitigate the interference caused by adversarial embedding, two strategies are adopted. Firstly, a cover image is divided into two non-overlapping regions in terms of pixel gradient amplitude. The regions with higher gradient amplitudes are progressively conducted with adversarial embedding until the targeted steganalyzer is effectively deceived. Secondly, the embedding costs are fine-tuned to minimize the degradation of image quality. Extensive experimental results demonstrate that the proposed approach achieves superior steganography security. Under black-box attacks, with S-UNIWARD and HILL as baseline methods and Deng-Net as the targeted steganalyzer, the proposed approach improves the average detection accuracy of 4.88% and 2.47% for S-UNIWARD and HILL, respectively. In comparison, the existing works only achieve improvements of 2.88% and 2.93% for S-UNIWARD, and 1.44% and 1.12% for HILL, respectively.
期刊介绍:
Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
