HAG-NET: Hiding Data and Adversarial Attacking with Generative Adversarial Network

Haiju Fan,Jinsong Wang
DOI: https://doi.org/10.3390/e26030269
IF: 2.738
2024-03-19
Entropy
Abstract:Recent studies on watermarking techniques based on image carriers have demonstrated new approaches that combine adversarial perturbations against steganalysis with embedding distortions. However, while these methods successfully counter convolutional neural network-based steganalysis, they do not adequately protect the data of the carrier itself. Recognizing the high sensitivity of Deep Neural Networks (DNNs) to small perturbations, we propose HAG-NET, a method based on image carriers, which is jointly trained by the encoder, decoder, and attacker. In this paper, the encoder generates Adversarial Steganographic Examples (ASEs) that are adversarial to the target classification network, thereby providing protection for the carrier data. Additionally, the decoder can recover secret data from ASEs. The experimental results demonstrate that ASEs produced by HAG-NET achieve an average success rate of over 99% on both the MNIST and CIFAR-10 datasets. ASEs generated with the attacker exhibit greater robustness in terms of attack ability, with an average increase of about 3.32%. Furthermore, our method, when compared with other generative stego examples under similar perturbation strength, contains significantly more information according to image information entropy measurements.
physics, multidisciplinary
What problem does this paper attempt to address?
The main problem that this paper attempts to solve is that although the existing watermarking techniques based on image carriers can resist the steganalysis of convolutional neural networks (CNN), they fail to fully protect the security of the carrier data itself. Specifically, current methods, while making the watermark resistant to the target steganalysis, neglect the protection of the carrier image information. This is especially crucial in big - data applications because image data often contains personal sensitive information, such as portraits, addresses, incomes, and interests. Once this information is recognized by the target classification network, it may not only lead to personal information leakage (including junk information and telecom fraud), but also endanger user safety. Therefore, the author proposes a new dynamic data - hiding method - HAG - NET (Hiding data and Adversarial attacking with Generative adversarial Network), which can directly generate adversarial stego - samples (ASEs). HAG - NET generates ASEs that can not only perform adversarial attacks on the target recognition network but also hide secret information by jointly training three convolutional networks: an encoder, a decoder, and an attacker. In addition, on the basis of embedding secret information and resisting steganalysis, HAG - NET realizes the detection protection of the carrier data, and under the same - strength perturbation, the amount of information contained in the adversarial embedding perturbation generated by it is superior to other methods. The key contributions of the paper include: 1. Proposing a new type of generative adversarial network (GAN) framework, HAG - NET, in which the generator, discriminator, and attacker are jointly trained, and the robustness of the watermark is further enhanced through collaborative training with the attacker. 2. On the basis of secret - information embedding and steganalysis resistance, HAG - NET realizes the detection protection of the carrier data. 3. Compared with other generation methods of the same strength, the adversarial embedding perturbation generated by HAG - NET contains more information. Through these innovations, HAG - NET aims to provide a more secure and effective data - hiding and adversarial - attack method, which is suitable for application scenarios where the security of image - carrier data needs to be protected.