As an effective means to content authentication and privacy protection, reversible data hiding (RDH) permits us to hide a payload such as authentication data in a media file. The resulting marked ...content will not introduce noticeable artifacts. In order to achieve superior payload-distortion performance, the conventional RDH algorithms often exploit the smooth content for data embedding. Since RDH allows both the embedded payload and the raw content to be perfectly reconstructed, it is required that, the altered smooth regions within the cover should be identified without error by a data receiver. Therefore, a core work in RDH is to design an efficient content-aware algorithm that can enable a data hider to take advantages of the smooth cover elements as much as possible while the detection procedure for the marked elements should be invertible to a data receiver. This has motivated the authors to present a novel patch-level selection and breadth-first prediction strategy for efficient RDH in this paper. However, different from many conventional RDH works, the proposed approach allows a data hider to preferentially and simultaneously use adjacent smooth elements as many as possible, which can benefit data embedding procedure a lot. Experiments show that our work significantly outperforms a part of advanced RDH algorithms in terms of the payload-distortion performance, which has demonstrated the superiority and applicability.
In recent years, with the improvements in machine learning, image forensics has made considerable progress in detecting editing manipulations. This progress also raises more questions in image ...forensics research, such as can the parameters applied in a manipulation be estimated. Many parameter estimation works have already been performed. However, most of these works are based on mathematical analyses. In this paper, we attempt to solve a particular parameter estimation problem from a different aspect. Specifically, a new convolutional neural network (CNN) model is proposed to estimate the resampling rate for resampled images regardless of whether the image is upscaled or downscaled. This model features an original layer to generate a measurable energy map toward the estimation of resampling rate (METEOR). The METEOR layer is demonstrated to be an outstanding method that can assist in enhancing the estimation performance of the CNN. Furthermore, the METEOR layer can also increase the robustness of the CNN against JPEG compression, which makes it extremely important in realistic application scenarios. Our work has verified that machine learning, particularly CNNs, with proper optimization can also be refined to adapt to parameter estimation in digital forensics with excellent performance and robustness.
Benefiting from the rapid development of computer hardware and big data, deep neural networks (DNNs) have been widely applied in commercial speaker recognition systems, achieving a kind of symmetry ...between “machine-learning-as-a-service” providers and consumers. However, this symmetry is threatened by attackers whose goal is to illegally steal and use the service. It is necessary to protect these DNN models from symmetry breaking, i.e., intellectual property (IP) infringement, which motivated the authors to present a black-box watermarking method for IP protection of the speaker recognition model in this paper. The proposed method enables verification of the ownership of the target marked model by querying the model with a set of carefully crafted trigger audio samples, without knowing the internal details of the model. To achieve this goal, the proposed method marks the host model by training it with normal audio samples and carefully crafted trigger audio samples. The trigger audio samples are constructed by adding a trigger signal in the frequency domain of normal audio samples, which enables the trigger audio samples to not only resist against malicious attack but also avoid introducing noticeable distortion. In order to not impair the performance of the speaker recognition model on its original task, a new label is assigned to all the trigger audio samples. The experimental results show that the proposed black-box DNN watermarking method can not only reliably protect the intellectual property of the speaker recognition model but also maintain the performance of the speaker recognition model on its original task, which verifies the superiority and maintains the symmetry between “machine-learning-as-a-service” providers and consumers.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
Embedding multiple watermarks into a digital object enables multiple purposes to be realized. In this paper, we present a multi-party watermark embedding framework based on frequency-hopping ...sequences (FHSs). In the proposed work, a certain number of FHSs are generated in advance and then randomly assigned to multiple users. Each user uses an assigned FHS to embed his own watermark data into the cover object by slightly modifying the content. In this way, the resulting marked object containing multiple watermarks can be put into use. During the phase of watermark verification, each user can extract his own watermark from the marked object with the corresponding FHS without interacting with other users. Since the used FHSs can result in a very low number of element collisions, the probability of altering the same content within the digital object would be low, meaning that, the error rate of data extraction for each user will be low. Moreover, if the digital object was modified, the embedded information can be still retrieved as the FHSs provide high randomness. Experimental results have shown that, our work enables the multiple users to reliably extract their own watermark information for verification even the marked object was maliciously attacked, which verifies the superiority.
Full text
Available for:
EMUNI, FIS, FZAB, GEOZS, GIS, IJS, IMTLJ, KILJ, KISLJ, MFDPS, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, SBMB, SBNM, UKNU, UL, UM, UPUK, VKSCE, ZAGLJ
Copy-move forgery is a commonly used operation for digital image. Most of the existing copy-move schemes designed to region duplication are block-based and keypoint-based. In general, block-based ...methods fail to handle geometric transformations. Though keypoint-based methods can handle geometric transformations, they have a poor detection effect on the smooth region. This has motivated us to propose an efficient copy-move forgery detection method, which is based on superpixel segmentation and cluster analysis to improve the detection accuracy due to some specified attacks in this paper. In the proposed method, K-means clustering technology is used to divide the superpixel of the image into complex regions and smooth regions. The clustering rule is based on the mean and standard deviation of the pixels, and the ratio of the feature points in the superpixel block, this clustering method can distinguish complex regions (non-smooth regions) and smooth regions. In complex regions, Scale-Invariant Feature Transform (SIFT) features are used to detect tampering. In smooth regions, the sector mask feature and RGB color feature are proposed to detect tampering. Filtering out error matching is applied to these two kinds of regions for the copy-move detection. Experimental results have shown that the proposed method can detect the tampering of complex regions and smooth regions and it indeed has the advantage in the detection accuracy compared with some related works when the test images are processed by blurring, adding noise, JPEG compression and rotation.
Social media plays an increasingly important role in providing information and social support to users. Due to the easy dissemination of content, as well as difficulty to track on the social network, ...we are motivated to study the way of concealing sensitive messages in this channel with high confidentiality. In this paper, we design a steganographic visual stories generation model that enables users to automatically post stego status on social media without any direct user intervention and use the mutual-perceived joint attention (MPJA) to maintain the imperceptibility of stego text. We demonstrate our approach on the visual storytelling (VIST) dataset and show that it yields high-quality steganographic texts. Since the proposed work realizes steganography by auto-generating visual story using deep learning, it enables us to move steganography to the real-world online social networks with intelligent steganographic bots.
With the extensive adoption of generative models across various domains, the protection of copyright for these models has become increasingly vital. Some researchers suggest embedding watermarks in ...the images generated by these models as a means of preserving IP rights. In this paper, we find that existing generative model watermarking introduces high-frequency artifacts in the high-frequency spectrum of the marked images, thereby compromising the imperceptibility and security of the generative model watermarking system. Given this revelation, we propose an innovative image watermarking technology that takes into account frequency-domain imperceptibility. Our approach abandons the conventional convolutional neural network (CNN) structure typically used as the watermarking embedding network in popular watermarking techniques. This helps the image watermarking system to avoid the inherent high-frequency artifacts commonly produced by CNNs. In addition, we design a frequency perturbation generation network to generate low-frequency perturbations. These perturbations are subsequently added as watermarks to the low-frequency components of the carrier image, thus minimizing the impact of the watermark embedding process on the high-frequency properties of the image. The results show that our proposed watermarking framework can effectively embed low-frequency perturbation watermarks into images and effectively suppress high-frequency artifacts in images, thus significantly improving the frequency-domain imperceptibility and security of the image watermarking system. The introduced approach enhances the average invisibility performance in the frequency domain by up to 24.9% when contrasted with prior methods. Moreover, the method attains superior image quality (>50 dB) in the spatial domain, accompanied by a 100% success rate in watermark extraction in the absence of attacks. This underscores its capability to uphold the efficacy of the protected network and preserve the integrity of the watermarking process. It always maintains excellent imperceptibility and robustness. Thus, the framework shows great potential as a state-of-the-art solution for protecting intellectual property.
Reversible data hiding (RDH) has become a hot spot in recent years as it allows both the secret data and the raw host to be perfectly reconstructed, which is quite desirable in sensitive applications ...requiring no degradation of the host. A lot of RDH algorithms have been designed by a sophisticated empirical way. It is not easy to extend them to a general case, which, to a certain extent, may have limited their wide-range applicability. Therefore, it motivates us to revisit the conventional RDH algorithms and present a general framework of RDH in this paper. The proposed framework divides the system design of RDH at the data hider side into four important parts, i.e., binary-map generation, content prediction, content selection, and data embedding, so that the data hider can easily design and implement, as well as improve, an RDH system. For each part, we introduce content-adaptive techniques that can benefit the subsequent data-embedding procedure. We also analyze the relationships between these four parts and present different perspectives. In addition, we introduce a fast histogram shifting optimization (FastHiSO) algorithm for data embedding to keep the payload-distortion performance sufficient while reducing the computational complexity. Two RDH algorithms are presented to show the efficiency and applicability of the proposed framework. It is expected that the proposed framework can benefit the design of an RDH system, and the introduced techniques can be incorporated into the design of advanced RDH algorithms.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
Mainstream transferable adversarial attacks tend to introduce noticeable artifacts into the generated adversarial examples, which will impair the invisibility of adversarial perturbation and make ...these attacks less practical in real-world scenarios. To deal with this problem, in this paper, we propose a novel black-box adversarial attack method that can significantly improve the invisibility of adversarial examples. We analyze the sensitivity of a deep neural network in the frequency domain and take into account the characteristics of the human visual system in order to quantify the contribution of each frequency component in adversarial perturbation. Then, we collect a set of candidate frequency components that are insensitive to the human visual system by applying K-means clustering and we propose a joint loss function during the generation of adversarial examples, limiting the frequency distribution of perturbations during attacks. The experimental results show that the proposed method significantly outperforms existing transferable black-box adversarial attack methods in terms of invisibility, which verifies the superiority, applicability and potential of this work.
Ever-evolving advances in flexible magnetic sensors are promising to fuel technological developments in the fields of touchless human–machine interaction, implantable medical diagnosis, and ...magnetoreception for artificial intelligence. However, the realization of highly flexible and extremely sensitive magnetic sensors remains a challenge. Here, we report a cost-effective, flexible, and ultra-sensitive heterostructural magnetoelectric (ME) sensor consisting of piezoelectric Pb(Zr0.52Ti0.48)O3 (PZT) thick films and Metglas foils. The flexible sensor exhibits a strong ME coefficient of 19.3 V cm−1 Oe−1 at low frequencies and 280.5 V cm−1 Oe−1 at resonance due to the exceptionally high piezoelectric coefficient d33 ∼ 72 pC N−1 of the constituent PZT thick films. The flexible ME sensor possesses not only ultrahigh sensitivities of 200 nT at low frequencies and 200 pT at resonance but also shows an excellent mechanical endurance. Through 5000 bending cycles (radii of ∼1 cm), the sensors showed no fatigue-induced performance degradation. This ultrasensitive flexible sensor provides a platform capable of sensing and responding to external magnetic fields and will find applications in soft robotics, wearable healthcare monitoring, and consumer electronics.