159 research outputs found
PCPT and ACPT: Copyright Protection and Traceability Scheme for DNN Models
Deep neural networks (DNNs) have achieved tremendous success in artificial
intelligence (AI) fields. However, DNN models can be easily illegally copied,
redistributed, or abused by criminals, seriously damaging the interests of
model inventors. The copyright protection of DNN models by neural network
watermarking has been studied, but the establishment of a traceability
mechanism for determining the authorized users of a leaked model is a new
problem driven by the demand for AI services. Because the existing traceability
mechanisms are used for models without watermarks, a small number of
false-positives are generated. Existing black-box active protection schemes
have loose authorization control and are vulnerable to forgery attacks.
Therefore, based on the idea of black-box neural network watermarking with the
video framing and image perceptual hash algorithm, a passive copyright
protection and traceability framework PCPT is proposed that uses an additional
class of DNN models, improving the existing traceability mechanism that yields
a small number of false-positives. Based on an authorization control strategy
and image perceptual hash algorithm, a DNN model active copyright protection
and traceability framework ACPT is proposed. This framework uses the
authorization control center constructed by the detector and verifier. This
approach realizes stricter authorization control, which establishes a strong
connection between users and model owners, improves the framework security, and
supports traceability verification
Chaos-based robust method of zero-watermarking for medical signals
The growing use of wireless health data transmission via Internet of Things is significantly beneficial to the healthcare industry for optimal usage of health-related facilities. However, at the same time, the use raises concern of privacy protection. Health-related data are private and should be suitably protected. Several pathologies, such as vocal fold disorders, indicate high risks of prevalence in individuals with voice-related occupations, such as teachers, singers, and lawyers. Approximately, one-third of the world population suffers from the voice-related problems during the life span and unauthorized access to their data can create unavoidable circumstances in their personal and professional lives. In this study, a zero-watermarking method is proposed and implemented to protect the identity of patients who suffer from vocal fold disorders. In the proposed method, an image for a patient's identity is generated and inserted into secret keys instead of a host medical signal. Consequently, imperceptibility is naturally achieved. The locations for the insertion of the watermark are determined by a computation of local binary patterns from the time–frequency spectrum. The spectrum is calculated for low frequencies such that it may not be affected by noise attacks. The experimental results suggest that the proposed method has good performance and robustness against noise, and it is reliable in the recovery of an individual's identity
Cyber Security
This open access book constitutes the refereed proceedings of the 17th International Annual Conference on Cyber Security, CNCERT 2021, held in Beijing, China, in AJuly 2021. The 14 papers presented were carefully reviewed and selected from 51 submissions. The papers are organized according to the following topical sections: ​data security; privacy protection; anomaly detection; traffic analysis; social network security; vulnerability detection; text classification
Data Hiding with Deep Learning: A Survey Unifying Digital Watermarking and Steganography
Data hiding is the process of embedding information into a noise-tolerant
signal such as a piece of audio, video, or image. Digital watermarking is a
form of data hiding where identifying data is robustly embedded so that it can
resist tampering and be used to identify the original owners of the media.
Steganography, another form of data hiding, embeds data for the purpose of
secure and secret communication. This survey summarises recent developments in
deep learning techniques for data hiding for the purposes of watermarking and
steganography, categorising them based on model architectures and noise
injection methods. The objective functions, evaluation metrics, and datasets
used for training these data hiding models are comprehensively summarised.
Finally, we propose and discuss possible future directions for research into
deep data hiding techniques
Large-capacity and Flexible Video Steganography via Invertible Neural Network
Video steganography is the art of unobtrusively concealing secret data in a
cover video and then recovering the secret data through a decoding protocol at
the receiver end. Although several attempts have been made, most of them are
limited to low-capacity and fixed steganography. To rectify these weaknesses,
we propose a Large-capacity and Flexible Video Steganography Network (LF-VSN)
in this paper. For large-capacity, we present a reversible pipeline to perform
multiple videos hiding and recovering through a single invertible neural
network (INN). Our method can hide/recover 7 secret videos in/from 1 cover
video with promising performance. For flexibility, we propose a
key-controllable scheme, enabling different receivers to recover particular
secret videos from the same cover video through specific keys. Moreover, we
further improve the flexibility by proposing a scalable strategy in multiple
videos hiding, which can hide variable numbers of secret videos in a cover
video with a single model and a single training session. Extensive experiments
demonstrate that with the significant improvement of the video steganography
performance, our proposed LF-VSN has high security, large hiding capacity, and
flexibility. The source code is available at https://github.com/MC-E/LF-VSN.Comment: Accepted by CVPR 202
Stealing Knowledge from Protected Deep Neural Networks Using Composite Unlabeled Data
As state-of-the-art deep neural networks are deployed at the core of more
advanced Al-based products and services, the incentive for copying them (i.e.,
their intellectual properties) by rival adversaries is expected to increase
considerably over time. The best way to extract or steal knowledge from such
networks is by querying them using a large dataset of random samples and
recording their output, followed by training a student network to mimic these
outputs, without making any assumption about the original networks. The most
effective way to protect against such a mimicking attack is to provide only the
classification result, without confidence values associated with the softmax
layer.In this paper, we present a novel method for generating composite images
for attacking a mentor neural network using a student model. Our method assumes
no information regarding the mentor's training dataset, architecture, or
weights. Further assuming no information regarding the mentor's softmax output
values, our method successfully mimics the given neural network and steals all
of its knowledge. We also demonstrate that our student network (which copies
the mentor) is impervious to watermarking protection methods, and thus would
not be detected as a stolen model.Our results imply, essentially, that all
current neural networks are vulnerable to mimicking attacks, even if they do
not divulge anything but the most basic required output, and that the student
model which mimics them cannot be easily detected and singled out as a stolen
copy using currently available techniques
Cyber Security
This open access book constitutes the refereed proceedings of the 17th International Annual Conference on Cyber Security, CNCERT 2021, held in Beijing, China, in AJuly 2021. The 14 papers presented were carefully reviewed and selected from 51 submissions. The papers are organized according to the following topical sections: ​data security; privacy protection; anomaly detection; traffic analysis; social network security; vulnerability detection; text classification
Privacy-preserving information hiding and its applications
The phenomenal advances in cloud computing technology have raised concerns about data privacy. Aided by the modern cryptographic techniques such as homomorphic encryption, it has become possible to carry out computations in the encrypted domain and process data without compromising information privacy. In this thesis, we study various classes of privacy-preserving information hiding schemes and their real-world applications for cyber security, cloud computing, Internet of things, etc.
Data breach is recognised as one of the most dreadful cyber security threats in which private data is copied, transmitted, viewed, stolen or used by unauthorised parties. Although encryption can obfuscate private information against unauthorised viewing, it may not stop data from illegitimate exportation. Privacy-preserving Information hiding can serve as a potential solution to this issue in such a manner that a permission code is embedded into the encrypted data and can be detected when transmissions occur.
Digital watermarking is a technique that has been used for a wide range of intriguing applications such as data authentication and ownership identification. However, some of the algorithms are proprietary intellectual properties and thus the availability to the general public is rather limited. A possible solution is to outsource the task of watermarking to an authorised cloud service provider, that has legitimate right to execute the algorithms as well as high computational capacity. Privacypreserving Information hiding is well suited to this scenario since it is operated in the encrypted domain and hence prevents private data from being collected by the cloud.
Internet of things is a promising technology to healthcare industry. A common framework consists of wearable equipments for monitoring the health status of an individual, a local gateway device for aggregating the data, and a cloud server for storing and analysing the data. However, there are risks that an adversary may attempt to eavesdrop the wireless communication, attack the gateway device or even access to the cloud server. Hence, it is desirable to produce and encrypt the data simultaneously and incorporate secret sharing schemes to realise access control. Privacy-preserving secret sharing is a novel research for fulfilling this function.
In summary, this thesis presents novel schemes and algorithms, including:
• two privacy-preserving reversible information hiding schemes based upon symmetric cryptography using arithmetic of quadratic residues and lexicographic permutations, respectively.
• two privacy-preserving reversible information hiding schemes based upon asymmetric cryptography using multiplicative and additive privacy homomorphisms, respectively.
• four predictive models for assisting the removal of distortions inflicted by information hiding based respectively upon projection theorem, image gradient, total variation denoising, and Bayesian inference.
• three privacy-preserving secret sharing algorithms with different levels of generality
Data Hiding and Its Applications
Data hiding techniques have been widely used to provide copyright protection, data integrity, covert communication, non-repudiation, and authentication, among other applications. In the context of the increased dissemination and distribution of multimedia content over the internet, data hiding methods, such as digital watermarking and steganography, are becoming increasingly relevant in providing multimedia security. The goal of this book is to focus on the improvement of data hiding algorithms and their different applications (both traditional and emerging), bringing together researchers and practitioners from different research fields, including data hiding, signal processing, cryptography, and information theory, among others
- …