2 research outputs found
Fraternal Twins: Unifying Attacks on Machine Learning and Digital Watermarking
Machine learning is increasingly used in security-critical applications, such
as autonomous driving, face recognition and malware detection. Most learning
methods, however, have not been designed with security in mind and thus are
vulnerable to different types of attacks. This problem has motivated the
research field of adversarial machine learning that is concerned with attacking
and defending learning methods. Concurrently, a different line of research has
tackled a very similar problem: In digital watermarking information are
embedded in a signal in the presence of an adversary. As a consequence, this
research field has also extensively studied techniques for attacking and
defending watermarking methods.
The two research communities have worked in parallel so far, unnoticeably
developing similar attack and defense strategies. This paper is a first effort
to bring these communities together. To this end, we present a unified notation
of black-box attacks against machine learning and watermarking that reveals the
similarity of both settings. To demonstrate the efficacy of this unified view,
we apply concepts from watermarking to machine learning and vice versa. We show
that countermeasures from watermarking can mitigate recent model-extraction
attacks and, similarly, that techniques for hardening machine learning can fend
off oracle attacks against watermarks. Our work provides a conceptual link
between two research fields and thereby opens novel directions for improving
the security of both, machine learning and digital watermarking
doi:10.1155/2007/64521 Research Article A Workbench for the BOWS Contest
The first break our watermarking system (BOWS) contest challenged researchers to remove the watermark from three given images. Participants could submit altered versions of the images to an online detector. For a successful attack, the watermark had to be unreadable to this detector with a quality above 30 dB peak signal-to-noise ratio. We implemented our experiments in R, a language for statistical computing. This paper presents the BOWS package, an extension for R, along with examples for using this experimental environment. The BOWS package provides an offline detector for several platforms. Furthermore, the particular watermarking algorithm used in the contest is analysed. We show how to find single coefficient attacks and derive high-quality images (62.6 dB PSNR) with full knowledge of the key. Copyright © 2007 Andreas Westfeld. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. 1