Short communicationAdversarial robust image steganography against lossy JPEG compression
Introduction
Image steganography is the technology of hiding secret messages within digital images in an imperceptible manner. To enhance the security of steganography, modern steganographic methods are designed under the framework of distortion minimization [1], and they are mainly focused on the design of embedding costs with the help of STC (Syndrome Trellis Codes) [2]. Up to now, many effective JPEG steganographic methods have been proposed, such as J-UNIWARD [3], UED [4], UERD [5] and J-MiPOD [6], [7]. Note that all above steganographic methods [3], [4], [5], [6], [7] are additive steganographic methods which the costs of and are symmetric. To further improve the security of existing steganography, several side-information steganography [8], [9], [10], [11] and adversarial embedding methods [12], [13], [14], [15] have been proposed. These non-additive steganographic methods modify the symmetric costs to asymmetric ones according to some additional information (i.e., quantization errors for side-information steganography and gradients obtained by the targeted steganalyzer for adversarial embedding steganography).
Traditional steganographic methods assume that the transmission channel is lossless. In real social networks, however, some lossy image processing, such as JPEG compression, scaling, and cropping, may be performed on those stego images so that the hidden secret messages can not be extracted correctly. To deal with this problem, robust steganography has been proposed recently. Different from traditional steganography, robust steganography should be robust against some lossy image processing to assure the correct extraction of secret messages from the resulting stegos undergone some lossy processing. At the same time, those stegos should not be detected easily by the steganalytic methods. Thus, both “robustness” and “security” should be simultaneously considered in robust steganography. In current social networks, such as Facebook, lossy JPEG compression is the most popular image processing due to limited bandwidth and storage. Thus, existing robust steganography mainly focuses on resisting the lossy JPEG compression channel.
According to the relationship between the quality factor of cover (i.e., ) and the quality factor of the JPEG compression channel (i.e., ), existing robust steganographic methods are divided into two categories in [16]: “Matching Robust” (i.e., ) [17], [18], [19], [20] and “Upward Robust” (i.e., ) [16], [21], [22], [23], [24]. For instance, methods [17], [18], [19] proposed that repetitive re-compression on the cover image is useful for enhancing robustness for “Matching Robust”. DMMR (Dither Modulation and Modification with Re-compression based robust steganography) [20] used double-checking STC-RS coding strategy and re-compression operation to further improve the robustness for “Matching Robust”. In “Upward Robust” scene, method [21] constructed compression-resistant domain based on the relative relationship of DCT coefficients in the same frequency of four adjacent DCT blocks, and proposed RS-STC coding strategy via combining RS codes and STC. Thereafter, DMAS (Dither Modulation-based robust Adaptive Steganography) [22] utilized dither modulation algorithm to construct robust embedding domain to improve the robustness and combined side-information steganography to enhance the security. E-DMAS (Enhancing Dither Modulation based robust Adaptive Steganography) [24] proposed STC-CRC coding strategy which combined CRC (Cyclical Redundancy Check) codes and STC to further improve the robustness and security compared with method [22]. GMAS (Generalized dither Modulation based robust Adaptive Steganography) [16] utilized estimated side-information steganography and ternary STC, and expanded the embedding domain to the lower frequency within the DCT blocks compared with DMAS. Method [25] improved the robustness of robust steganography via minimizing channel error rate. Method [26] proposed a simulated repetitive compression network to resist repetitive compression.
Up to now, most robust steganographic methods focus on image pre-processing and/or embedding domain selection to assure the robustness. The recent literature has shown that some modern methods can achieve good robustness against JPEG compression, especially for “Matching Robust”. However, the security of steganography is still far from satisfactory. In this paper, therefore, we propose an adversarial robust steganography in order to enhance the security of robust steganography. Inspired by some adversarial embedding methods [12], [13], [15], we first introduce adversarial mechanism into robust steganography. Different from adversarial embedding methods in traditional steganography which modify the original symmetric embedding costs to asymmetric, we propose an adversarial dither modulation algorithm according to the cover gradients calculated from a pre-trained CNN-based steganalyzer. The main idea of the proposed method is the design of adversarial modulation rule to determine the dither directions according to cover gradients signs and magnitudes. In addition, we carefully select embedding elements according to JPEG robust scenes (i.e., “Upward Robust” and “Matching Robust”) to obtain a good tradeoff between “robustness” and “security” based on experiments and analysis. Experiment results show that the proposed method can achieve significant security improvements while preserving very good robustness compared with related work. Overall, the main contributions of this paper are summarized as follows.
- •
This is the first work that introduces adversarial mechanism into robust steganography. We propose adversarial dither modulation algorithm to determine the dither directions via the signs and magnitudes of cover gradients calculated from a pre-trained CNN-based steganalyzer.
- •
According to “Matching Robust” or “Upward Robust” scene, we carefully select embedding elements to obtain a good tradeoff between “robustness against JPEG compression” and “steganography security”.
- •
We provide extensive experiments to show that the proposed method is very promising to enhance the steganography security while maintaining very good robustness simultaneously.
The rest of this paper is as follows. Section 2 gives the preliminaries. Section 3 describes the proposed adversarial robust steganography. Section 4 shows experimental results and discussions. Finally, the concluding remarks of this paper and future work are given in Section 5.
Section snippets
Notations
In this paper, boldface symbols stand for matrices or vectors, and handwriting symbols stand for sets. Specially, the quantized DCT coefficients of cover JPEG image with size is denoted as , and the corresponding stego is denoted as . The corresponding de-quantized DCT coefficients are denoted as and . In addition, the symbol denotes the decompressed spatial image using quantized DCT coefficients .
Dither modulation algorithm
Dither modulation algorithm is widely used in modern robust steganography
Proposed method
As illustrated in Fig 2, the proposed robust steganography includes two steps, that is, steganalyzer pre-training and adversarial stego generation. We will firstly describe them in the following two subsections, and then show the extracting procedure of the proposed method in the third subsection.
Experiment results and analysis
In our experiments, 20,000 grayscale images of size are taken from BOSSBase [27] and BOWS2 [30]. As in [31] and [32], all the images are resized into using “imresize” in Matlab with default settings and then JPEG compressed with quality factor 65 and 75 separately. For each cover set with a given quality factor, we divide it into three non-overlapping parts, that is, 14,000 images (10,000 from BOWS2 and 4,000 randomly selected from BOSSBase) for training, 1,000 images from
Conclusion
In this paper, we propose an adversarial robust steganography against lossy JPEG compression. To our best knowledgement, this is the first work that introducing adversarial mechanism into robust steganography. The proposed adversarial dither modulation algorithm designs adversarial modulation rule to determine the dither directions via the signs and magnitudes of cover gradients calculated from a pre-trained CNN-based steganalyzer. In addition, we carefully select embedding elements based on
CRediT authorship contribution statement
Minglin Liu: Conceptualization, Methodology, Software, Validation, Formal analysis, Writing – original draft. Hangyu Fan: Investigation, Writing – review & editing, Funding acquisition. Kangkang Wei: Data curation, Writing – review & editing. Weiqi Luo: Resources, Writing – review & editing, Funding acquisition, Project administration, Supervision. Wei Lu: Resources, Writing – review & editing.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgment
This work is supported by the National Science Foundation of China (U2001202, 61972430), the Natural Science Foundation of Guangdong (2019A1515011549), and the Alibaba Group through Alibaba Innovative Research (AIR) Program.
References (37)
- et al.
On the fault-tolerant performance for a class of robust image steganography
Signal Process.
(2018) - et al.
Enhancing reliability and efficiency for real-time robust adaptive steganography using cyclic redundancy check codes
J. Real Time Image Process.
(2020) - et al.
Improving robust adaptive steganography via minimizing channel errors
Signal Process.
(2022) - et al.
Anti-compression JPEG steganography over repetitive compression networks
Signal Process.
(2020) - et al.
Practical methods for minimizing embedding impact in steganography
Security, Steganography, and Watermarking of Multimedia Contents IX, San Jose, CA, USA, January 28, 2007
(2007) - et al.
Minimizing additive distortion in steganography using syndrome-trellis codes
IEEE Trans. Inf. Forensics Secur.
(2011) - et al.
Universal distortion function for steganography in an arbitrary domain
EURASIP J. Inf. Secur.
(2014) - et al.
Uniform embedding for efficient JPEG steganography
IEEE Trans. Inf. Forensics Secur.
(2014) - et al.
Using statistical image model for JPEG steganography: uniform embedding revisited
IEEE Trans. Inf. Forensics Secur.
(2015) - et al.
Steganography by minimizing statistical detectability: The cases of JPEG and color images
IH&MMSec ’20: ACM Workshop on Information Hiding and Multimedia Security, Denver, CO, USA, June 22–24, 2020
(2020)