Skip to main content
SpringerLink
Log in

Gradient-Based Adversarial Image Forensics

  • Conference paper
  • First Online:
Neural Information Processing (ICONIP 2020)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12533))

Included in the following conference series:

Abstract

Adversarial images which can fool deep neural networks attract researchers’ attentions to the security of machine learning. In this paper, we employ a blind forensic method to detect adversarial images which are generated by the gradient-based attacks including FGSM, BIM, RFGSM and PGD. Through analyzing adversarial images, we find out that the gradient-based attacks cause significant statistical changes in the image difference domain. Besides, the gradient-based attacks add different perturbations on R, G, B channels, which inevitably change the dependencies among R, G, B channels. To measure those dependencies, the \(3^{rd}\)-order co-occurrence is employed to construct the feature. Unlike previous works which extract the co-occurrence within each channel, we extract the co-occurrences across from the \(1^{st}\)-order difference of R, G, B channels to capture the inter dependence changes. Due to the shift of difference elements caused by attacks, some co-occurrence elements of the adversarial images have distinct larger values than those of legitimate images. Experimental results demonstrate that the proposed method performs stable for different attack types and different attack strength, and achieves detection accuracy up to 99.9% which exceeding state-of-the-art much.

Thanks Weilin Xu et al. and Cleverhans for providing the codes of attacks. This work was partially supported by NSFC (No. 61702429), Sichuan Science and Technology Program (No. 19yyjc1656).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)

    Google Scholar 

  2. Szegedy, C., Zaremba, W.: Intriguing properties of neural networks. In: Proceedings of International Conference on Learning Representations arxiv: 1312.6199 (2014)

  3. Cleverhans. https://github.com/tensorflow/cleverhans

  4. Goodfellow, I., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: Proceedings of ICML, pp. 1–10 (2015)

    Google Scholar 

  5. Tramèr, F., Kurakin, A.: Ensemble adversarial training: attacks and defenses. In: Proceedings of ICLR, pp. 1–20 (2018)

    Google Scholar 

  6. Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial examples in the physical world. In: Proceedings of International Conference on Learning Representations arxiv: 1607.02533 (2016)

  7. Moosavidezfooli, S., Fawziand, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: Proceedings of Computer Vision and Pattern Recognition, pp. 2574–2582 (2015)

    Google Scholar 

  8. Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: IEEE Symposium on Security and Privacy, pp. 39–57 (2017)

    Google Scholar 

  9. Papernot, N.: Distillation as a defense to adversarial perturbations against deep neural networks. In: IEEE Symposium on Security and Privacy, pp. 582–597 (2016)

    Google Scholar 

  10. Meng, D., Chen, H.: MagNet: a two-pronged defense against adversarial examples. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 135–147 (2017)

    Google Scholar 

  11. Hendrycks, D., Gimpel, K.: Early methods for detecting adversarial images arXiv:1608.00530 (2016)

  12. Li, X., Li, F.: Adversarial examples detection in deep networks with convolutional filter statistics. In: Proceedings of IEEE International Conference on Computer Vision, pp. 5775–5783 (2017)

    Google Scholar 

  13. Lu, J., Issaranon, T., Forsyth, D.: SafetyNet: detecting and rejecting adversarial examples robustly. In: Proceedings of IEEE International Conference on Computer Vision, pp. 446–454 (2017)

    Google Scholar 

  14. Xu, W., David, Y., Yan, J.: Feature squeezing: detecting adversarial examples in deep neural networks. In: Network and Distributed System Security Symposium. arXiv:1704.01155 (2017). https://evadeML.org/zoo

  15. Guo, F.: Detecting adversarial examples via prediction difference for deep neural networks. Inf. Sci. 501, 182–192 (2019)

    Article  Google Scholar 

  16. Schöttle, P., Schlögl, A., Pasquini, C.: Detecting adversarial examples-a lesson from multimedia security. In: Proceedings of the 26th IEEE European Signal Processing Conference, pp. 947–951 (2018)

    Google Scholar 

  17. Fan, W., Sun, G., Su, Y., Liu, Z., Lu, X.: Integration of statistical detector and Gaussian noise injection detector for adversarial example detection in deep neural networks. Multimedia Tools Appl. 78(14), 20409–20429 (2019). https://doi.org/10.1007/s11042-019-7353-6

    Article  Google Scholar 

  18. Pevny, T., Bas, P., Fridrich, J.: Steganalysis by subtractive pixel adjacency matrix. IEEE Trans. Inf. Forensics Secur. 5(2), 215–224 (2010)

    Article  Google Scholar 

  19. Fridrich, J., Kodovsky, J.: Rich models for steganalysis of digital images. IEEE Trans. Inf. Forensics Secur. 7(3), 868–882 (2012)

    Article  Google Scholar 

  20. Liu, J., Zhang, W., Zhang, Y.: Detecting Adversarial Examples Based on Steganalysis arXiv:1806.09186 (2018)

  21. Madry, A.: Towards deep learning models resistant to adversarial attacks. In: Proceedings of International Conference on Learning Representations arXiv:1706.06083 (2017)

  22. Chen, J., Kang, X., Liu, Y.: Median filtering forensics based on convolutional neural networks. IEEE Signal Process. Lett. 22(11), 1849–1853 (2015)

    Article  Google Scholar 

  23. Belhassen, B., Stamm, M.C.: Constrained convolutional neural networks: a new approach towards general purpose image manipulation detection. IEEE Trans. Inf. Forensics Secur. 13(11), 2691–2706 (2018)

    Article  Google Scholar 

  24. Goljan, M., Cogranne, R.: Rich model for steganalysis of color images. In: Proceedings of IEEE WIFS, pp. 185–190 (2014)

    Google Scholar 

  25. Kodovsky, J., Fridrich, J., Holub, V.: Ensemble classifiers for steganalysis of digital media. IEEE Trans. Inf. Forensics Secur. 7(2), 432–444 (2012)

    Article  Google Scholar 

  26. Liang, B., Li, H., Su, M., Li, X., Shi, W., Wang, X.: Detecting adversarial image examples in deep neural networks with adaptive noise reduction. IEEE Trans. Dependable Secure Comput. https://doi.org/10.1109/TDSC.2018.2874243

  27. Grosse, K., Manoharan, P., Papernot, N., Backes, M.: On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280 (2017)

  28. Metzen, J. H., Genewein, T., Fischer, V., Bischoff, B.: On detecting adversarial perturbations arXiv:1702.04267 (2017)

  29. Liao, F., Liang, M., Dong, Y., Pang, T., Zhu, J.: Defense against adversarial attacks using high-level representation guided denoiser arXiv:1712.02976 (2017)

  30. Athalye, A., Carlini, N., Wagner, D.: Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples arXiv:1802.00420 (2018)

  31. Guo, C., Rana, M., Cisse, M., van der Maaten, L.: Countering adversarial images using input transformations arXiv:1711.00117 (2017)

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Southwest University of Science and Technology, Mianyang, 621010, Sichuan, China

    Anjie Peng, Kang Deng, Shenghai Luo, Hui Zeng & Wenxin Yu

  2. China University of Mining and Technology, Xuzhou, 221116, Jiangsu, China

    Jing Zhang

Authors
  1. Anjie Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kang Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jing Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shenghai Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hui Zeng
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Wenxin Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hui Zeng .

Editor information

Editors and Affiliations

  1. Department of AI, Ping An Life, Shenzhen, China

    Haiqin Yang

  2. Faculty of Information Technology, King Mongkut’s Institute of Technology Ladkrabang, Bangkok, Thailand

    Kitsuchart Pasupa

  3. City University of Hong Kong, Kowloon, China

    Andrew Chi-Sing Leung

  4. Department of Computer Science and Engineering, Hong Kong University of Science and Technology, Hong Kong, Hong Kong

    James T. Kwok

  5. School of Information Technology, King Mongkut’s University of Technology Thonburi, Bangkok, Thailand

    Jonathan H. Chan

  6. The Chinese University of Hong Kong, New Territories, Hong Kong

    Irwin King

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Peng, A., Deng, K., Zhang, J., Luo, S., Zeng, H., Yu, W. (2020). Gradient-Based Adversarial Image Forensics. In: Yang, H., Pasupa, K., Leung, A.CS., Kwok, J.T., Chan, J.H., King, I. (eds) Neural Information Processing. ICONIP 2020. Lecture Notes in Computer Science(), vol 12533. Springer, Cham. https://doi.org/10.1007/978-3-030-63833-7_35

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63833-7_35

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63832-0

  • Online ISBN: 978-3-030-63833-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation