539 research outputs found
On the Removal of Steganographic Content from Images
Steganography is primarily used for the covert transmission of information even though the purpose can be legitimate or malicious. The primary purpose of this work is to build a firewall which will thwart this transmission. This will be achieved by radiometric and geometric operations. These operations will degrade the quality of cover image. However these can be restored to some extent by a deconvolution operation. The finally deconvolved image is subjected to steganalysis to verify the absence of stego content. Experimental results showed that PSNR and SSIM values are between 35 dB - 45 dB and 0.96, respectively which are above the acceptable range. Our method can suppress the stego content to large extent irrespective of embedding algorithm in spatial and transform domain. We verified by using RS steganalysis, difference image histogram and chi-square attack, that 95 per cent of the stego content embedded in the spatial domain was removed by our showering techniques. We also verified that 100 per cent of the stego content was removed in the transform domain with PSNR 30 dB - 45 dB and SSIM between 0.67-0.99. Percentage of stego removed in both domains was measured by using bit error rate and first order Markov feature
Generative Autoencoders as Watermark Attackers: Analyses of Vulnerabilities and Threats
Invisible watermarks safeguard images' copyrights by embedding hidden
messages detectable by owners. It also prevents people from misusing images,
especially those generated by AI models. Malicious adversaries can violate
these rights by removing the watermarks. In order to remove watermarks without
damaging the visual quality, the adversary needs to erase them while retaining
the essential information in the image. This is analogous to the encoding and
decoding process of generative autoencoders, especially variational
autoencoders (VAEs) and diffusion models. We propose a framework using
generative autoencoders to remove invisible watermarks and test it using VAEs
and diffusions. Our results reveal that, even without specific training,
off-the-shelf Stable Diffusion effectively removes most watermarks, surpassing
all current attackers. The result underscores the vulnerabilities in existing
watermarking schemes and calls for more robust methods for copyright
protection
Embarrassingly Simple Text Watermarks
We propose Easymark, a family of embarrassingly simple yet effective
watermarks. Text watermarking is becoming increasingly important with the
advent of Large Language Models (LLM). LLMs can generate texts that cannot be
distinguished from human-written texts. This is a serious problem for the
credibility of the text. Easymark is a simple yet effective solution to this
problem. Easymark can inject a watermark without changing the meaning of the
text at all while a validator can detect if a text was generated from a system
that adopted Easymark or not with high credibility. Easymark is extremely easy
to implement so that it only requires a few lines of code. Easymark does not
require access to LLMs, so it can be implemented on the user-side when the LLM
providers do not offer watermarked LLMs. In spite of its simplicity, it
achieves higher detection accuracy and BLEU scores than the state-of-the-art
text watermarking methods. We also prove the impossibility theorem of perfect
watermarking, which is valuable in its own right. This theorem shows that no
matter how sophisticated a watermark is, a malicious user could remove it from
the text, which motivate us to use a simple watermark such as Easymark. We
carry out experiments with LLM-generated texts and confirm that Easymark can be
detected reliably without any degradation of BLEU and perplexity, and
outperform state-of-the-art watermarks in terms of both quality and
reliability
Improved anti-noise attack ability of image encryption algorithm using de-noising technique
Information security is considered as one of the important issues in the information age used to preserve the secret information through out transmissions in practical applications. With regard to image encryption, a lot of schemes related to information security were applied. Such approaches might be categorized into 2 domains; domain frequency and domain spatial. The presented work develops an encryption technique on the basis of conventional watermarking system with the use of singular value decomposition (SVD), discrete cosine transform (DCT), and discrete wavelet transform (DWT) together, the suggested DWT-DCT-SVD method has high robustness in comparison to the other conventional approaches and enhanced approach for having high robustness against Gaussian noise attacks with using denoising approach according to DWT. MSE in addition to the peak signal-to-noise ratio (PSNR) specified the performance measures which are the base of this study’s results, as they are showing that the algorithm utilized in this study has high robustness against Gaussian noise attacks
SUDS: Sanitizing Universal and Dependent Steganography
Steganography, or hiding messages in plain sight, is a form of information
hiding that is most commonly used for covert communication. As modern
steganographic mediums include images, text, audio, and video, this
communication method is being increasingly used by bad actors to propagate
malware, exfiltrate data, and discreetly communicate. Current protection
mechanisms rely upon steganalysis, or the detection of steganography, but these
approaches are dependent upon prior knowledge, such as steganographic
signatures from publicly available tools and statistical knowledge about known
hiding methods. These dependencies render steganalysis useless against new or
unique hiding methods, which are becoming increasingly common with the
application of deep learning models. To mitigate the shortcomings of
steganalysis, this work focuses on a deep learning sanitization technique
called SUDS that is not reliant upon knowledge of steganographic hiding
techniques and is able to sanitize universal and dependent steganography. SUDS
is tested using least significant bit method (LSB), dependent deep hiding
(DDH), and universal deep hiding (UDH). We demonstrate the capabilities and
limitations of SUDS by answering five research questions, including baseline
comparisons and an ablation study. Additionally, we apply SUDS to a real-world
scenario, where it is able to increase the resistance of a poisoned classifier
against attacks by 1375%.Comment: Accepted to European Conference on Artificial Intelligence (ECAI)
202
Challenges and Remedies to Privacy and Security in AIGC: Exploring the Potential of Privacy Computing, Blockchain, and Beyond
Artificial Intelligence Generated Content (AIGC) is one of the latest
achievements in AI development. The content generated by related applications,
such as text, images and audio, has sparked a heated discussion. Various
derived AIGC applications are also gradually entering all walks of life,
bringing unimaginable impact to people's daily lives. However, the rapid
development of such generative tools has also raised concerns about privacy and
security issues, and even copyright issues in AIGC. We note that advanced
technologies such as blockchain and privacy computing can be combined with AIGC
tools, but no work has yet been done to investigate their relevance and
prospect in a systematic and detailed way. Therefore it is necessary to
investigate how they can be used to protect the privacy and security of data in
AIGC by fully exploring the aforementioned technologies. In this paper, we
first systematically review the concept, classification and underlying
technologies of AIGC. Then, we discuss the privacy and security challenges
faced by AIGC from multiple perspectives and purposefully list the
countermeasures that currently exist. We hope our survey will help researchers
and industry to build a more secure and robust AIGC system.Comment: 43 pages, 10 figure
Robust Multi-bit Natural Language Watermarking through Invariant Features
Recent years have witnessed a proliferation of valuable original natural
language contents found in subscription-based media outlets, web novel
platforms, and outputs of large language models. However, these contents are
susceptible to illegal piracy and potential misuse without proper security
measures. This calls for a secure watermarking system to guarantee copyright
protection through leakage tracing or ownership identification. To effectively
combat piracy and protect copyrights, a multi-bit watermarking framework should
be able to embed adequate bits of information and extract the watermarks in a
robust manner despite possible corruption. In this work, we explore ways to
advance both payload and robustness by following a well-known proposition from
image watermarking and identify features in natural language that are invariant
to minor corruption. Through a systematic analysis of the possible sources of
errors, we further propose a corruption-resistant infill model. Our full method
improves upon the previous work on robustness by +16.8% point on average on
four datasets, three corruption types, and two corruption ratios. Code
available at https://github.com/bangawayoo/nlp-watermarking.Comment: ACL 2023 lon
- …