On the Security of the One-and-a-Half-Class Classifier for SPAM Feature-Based Image Forensics

被引:2
|
作者
Lorch, Benedikt [1 ]
Schirrmacher, Franziska [1 ]
Maier, Anatol [1 ]
Riess, Christian [1 ]
机构
[1] Friedrich Alexander Univ Erlangen Nurnberg, IT Secur Infrastruct Lab, D-91058 Erlangen, Germany
关键词
Detectors; Feature extraction; Robustness; Glass box; Security; Distortion; Quantization (signal); Image forensics; counter-forensics; adversarial examples; one-and-a-half-class classifier; MANIPULATION; TRACES;
D O I
10.1109/TIFS.2023.3266168
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Combining multiple classifiers is a promising approach to hardening forensic detectors against adversarial evasion attacks. The key idea is that an attacker must fool all individual classifiers to evade detection. The 1.5C classifier is one of these multiple-classifier detectors that is attack-agnostic, and thus even increases the difficulty for an omniscient attacker. Recent work evaluated the 1.5C classifier with SPAM features for image manipulation detection. Despite showing promising results, their security analysis leaves several aspects unresolved. Surprisingly, the results reveal that fooling only one component is often sufficient to evade detection. Additionally, the authors evaluate classifier robustness with only a black-box attack because, currently, there is no white-box attack against SPAM feature-based classifiers. This paper addresses these shortcomings and complements the previous security analysis. First, we develop a novel white-box attack against SPAM feature-based detectors. The proposed attack produces adversarial images with lower distortion than the previous attack. Second, by analyzing the 1.5C classifier's acceptance region, we identify three pitfalls that explain why the current 1.5C classifier is less robust than a binary classifier in some settings. Third, we illustrate how to mitigate these pitfalls with a simple axis-aligned split classifier. Our experimental evaluation demonstrates the increased robustness of the proposed detector for SPAM feature-based image manipulation detection.
引用
收藏
页码:2466 / 2479
页数:14
相关论文
共 50 条
  • [31] A flexible architecture for feature-based image editing
    Kuo, LC
    Wang, SJ
    2005 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH, AND SIGNAL PROCESSING, VOLS 1-5: SPEECH PROCESSING, 2005, : 1177 - 1180
  • [32] Feature-based image metamorphosis optimization algorithm
    Karam, H
    Hassanien, A
    Nakajima, M
    VSMM 2001: SEVENTH INTERNATIONAL CONFERENCE ON VIRTUAL SYSTEMS AND MULTIMEDIA, PROCEEDINGS: ENHANCED REALITIES: AUGMENTED AND UNPLUGGED, 2001, : 555 - 564
  • [33] Feature-Based Image Fusion Quality Metrics
    Hossny, Moharnrned
    Nahavandi, Saeid
    Crieghton, Doug
    INTELLIGENT ROBOTICS AND APPLICATIONS, PT I, PROCEEDINGS, 2008, 5314 : 469 - 478
  • [34] Feature-based arithmetical encoding for image compression
    Feng, X
    Xuan, GR
    NEW TECHNOLOGIES ON COMPUTER SOFTWARE, 1997, : 260 - 264
  • [35] Feature-based cluster segmentation of image sequences
    Ohm, JR
    Ma, P
    INTERNATIONAL CONFERENCE ON IMAGE PROCESSING - PROCEEDINGS, VOL III, 1997, : 178 - 181
  • [36] A feature-based approach for image retrieval by sketch
    Chans, Y
    Lei, ZB
    Lopresti, D
    Kung, SY
    MULTIMEDIA STORAGE AND ARCHIVING SYSTEMS II, 1997, 3229 : 220 - 231
  • [37] Feature-based Image Sequence Compression Coding
    周志权
    High Technology Letters, 2001, (02) : 31 - 33
  • [38] Point feature-based image registration: A survey
    Xiao, Ming
    Bao, Yong-Liang
    Yan, Zhong-Xing
    Binggong Xuebao/Acta Armamentarii, 2015, 36 : 326 - 340
  • [39] A feature-based retrieval technique for image database
    Kim, BG
    Oh, HS
    VSMM98: FUTUREFUSION - APPLICATION REALITIES FOR THE VIRTUAL AGE, VOLS 1 AND 2, 1998, : 580 - 586
  • [40] A Feature-based Document Image Retrieval Method
    Zhang, Tian
    PROCEEDINGS OF THE 2008 CHINESE CONFERENCE ON PATTERN RECOGNITION (CCPR 2008), 2008, : 360 - 364