发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security最新文献

筛选
英文 中文
FederatedReverse: A Detection and Defense Method Against Backdoor Attacks in Federated Learning 联邦学习中后门攻击的检测与防御方法
Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security Pub Date : 2021-06-17 DOI: 10.1145/3437880.3460403
Chen Zhao, Yu Wen, Shuailou Li, Fucheng Liu, Dan Meng
{"title":"FederatedReverse: A Detection and Defense Method Against Backdoor Attacks in Federated Learning","authors":"Chen Zhao, Yu Wen, Shuailou Li, Fucheng Liu, Dan Meng","doi":"10.1145/3437880.3460403","DOIUrl":"https://doi.org/10.1145/3437880.3460403","url":null,"abstract":"Federated learning is a secure machine learning technology proposed to protect data privacy and security in machine learning model training. However, recent studies show that federated learning is vulnerable to backdoor attacks, such as model replacement attacks and distributed backdoor attacks. Most backdoor defense techniques are not appropriate for federated learning since they are based on entire data samples that cannot be hold in federated learning scenarios. The newly proposed methods for federated learning sacrifice the accuracy of models and still fail once attacks persist in many training rounds. In this paper, we propose a novel and effective detection and defense technique called FederatedReverse for federated learning. We conduct extensive experimental evaluation of our solution. The experimental results show that, compared with the existing techniques, our solution can effectively detect and defend against various backdoor attacks in federated learning, where the success rate and duration of backdoor attacks can be greatly reduced and the accuracies of trained models are almost not reduced.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130244660","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Towards Match-on-Card Finger Vein Recognition 基于匹配卡的手指静脉识别
Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security Pub Date : 2021-06-17 DOI: 10.1145/3437880.3460406
Michael Linortner, A. Uhl
{"title":"Towards Match-on-Card Finger Vein Recognition","authors":"Michael Linortner, A. Uhl","doi":"10.1145/3437880.3460406","DOIUrl":"https://doi.org/10.1145/3437880.3460406","url":null,"abstract":"Security and privacy is of great interest in biometric systems which can be offered by Match-on-Card (MoC) technology, successfully applied in several areas of biometrics. In finger vein recognition such a system is not available yet. Utilizing minutiae points from vein images in combination with classical minutiae-based fingerprint comparison software offers a great opportunity to integrate vein recognition on MoC systems. In this work a publicly available and two commercial fingerprint comparison tools are used to evaluate the recognition performance of vein minutiae, represented in a standardized data format, on three publicly available databases. The results strongly indicate that minutiae-based comparison technology from fingerprint recognition can be applied to finger vein recognition and is able to compete with and even outperform classical correlation-based methods utilized in this field. The work done here prepares the way for vein recognition on MoC systems.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130838256","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Evaluating and Designing against Side-Channel Leakage: White Box or Black Box? 侧道泄漏评估与设计:白盒还是黑盒?
Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security Pub Date : 2021-06-17 DOI: 10.1145/3437880.3458441
François-Xavier Standaert
{"title":"Evaluating and Designing against Side-Channel Leakage: White Box or Black Box?","authors":"François-Xavier Standaert","doi":"10.1145/3437880.3458441","DOIUrl":"https://doi.org/10.1145/3437880.3458441","url":null,"abstract":"Side-channel analysis is an important concern for the security of cryptographic implementations, and may lead to powerful key recovery attacks if no countermeasures are deployed. Therefore, various types of protection mechanisms have been proposed over the last 20 years. In view of the cost and performance overheads caused by these protections, their fair evaluation and scarce use are a primary concern for hardware and software designers. Yet, the physical nature of side-channel analysis also renders the security evaluation of cryptographic implementations very different from the one of cryptographic algorithms against mathematical cryptanalysis. That is, while the latter can be quantified based on (well-defined) time, data and memory complexities, the evaluation of side-channel security additionally requires to quantify the informativeness and exploitability of the physical leakages. This implies that a part of these security evaluations is inherently heuristic and dependent on engineering expertise. It also raises the question of the capabilities given to the adversary/evaluator. For example, should she get full (unrestricted) access to the implementation to gain a precise understanding of its functioning (which I will denote as the white box approach) or should she be more restricted? In this talk, I will argue that a white box approach is not only desirable in order to avoid designing and evaluating implementations with a \"false sense of security\" but also that such designs become feasible in view of the research progresses made over the last two decades.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122788419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Information Hiding in Cyber Physical Systems: Challenges for Embedding, Retrieval and Detection using Sensor Data of the SWAT Dataset 网络物理系统中的信息隐藏:利用SWAT数据集传感器数据嵌入、检索和检测的挑战
Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security Pub Date : 2021-06-17 DOI: 10.1145/3437880.3460413
Kevin Lamshöft, T. Neubert, Christian Krätzer, C. Vielhauer, J. Dittmann
{"title":"Information Hiding in Cyber Physical Systems: Challenges for Embedding, Retrieval and Detection using Sensor Data of the SWAT Dataset","authors":"Kevin Lamshöft, T. Neubert, Christian Krätzer, C. Vielhauer, J. Dittmann","doi":"10.1145/3437880.3460413","DOIUrl":"https://doi.org/10.1145/3437880.3460413","url":null,"abstract":"In this paper, we present an Information Hiding approach that would be suitable for exfiltrating sensible information of Industrial Control Systems (ICS) by leveraging the long-term storage of process data in historian databases. We show how hidden messages can be embedded in sensor measurements as well as retrieved asynchronously by accessing the historian. We evaluate this approach at the example of water-flow and water-level sensors of the Secure Water Treatment (SWAT) dataset from iTrust. To generalize from specific cover channels (sensors and their transmitted data), we reflect upon general challenges that arise in such Information Hiding scenarios creating network covert channels and discuss aspects of cover channel selection and and sender receiver synchronisation as well as temporal aspects such as the potential persistence of hidden messages in Cyber Physical Systems (CPS). For an empirical evaluation we design and implement a covert channel that makes use of different embedding strategies to perform an adaptive approach in regards to the noise in sensor measurements, resulting in dynamic capacity and bandwidth selection to reduce detection probability. The results of this evaluation show that, using such methods, the exfiltration of sensible information in long-term scaled attacks would indeed be possible. Additionally, we present two detection approaches for the introduced hidden channel and carry out an extensive evaluation of our detectors with multiple test data sets and different parameters. We determine a detection accuracy of up to 87.8% on test data at a false positive rate (FPR) of 0%.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116055203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Optimizing Additive Approximations of Non-additive Distortion Functions 非加性失真函数的加性逼近优化
Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security Pub Date : 2021-06-17 DOI: 10.1145/3437880.3460407
Solène Bernard, P. Bas, T. Pevný, John Klein
{"title":"Optimizing Additive Approximations of Non-additive Distortion Functions","authors":"Solène Bernard, P. Bas, T. Pevný, John Klein","doi":"10.1145/3437880.3460407","DOIUrl":"https://doi.org/10.1145/3437880.3460407","url":null,"abstract":"The progress in steganography is hampered by a gap between non-additive distortion functions, which capture well complex dependencies in natural images, and their additive counterparts, which are efficient for data embedding. This paper proposes a theoretically justified method to approximate the former by the latter. The proposed method, called Backpack (for BACKPropagable AttaCK), combines new results in the approximation of gradients of discrete distributions with a gradient of implicit functions in order to derive a gradient w.r.t. the distortion of each JPEG coefficient. Backpack combined with the min max iterative protocol leads to a very secure steganographic algorithm. For example, the error rate of XuNet on 512 X 512 JPEG images, compressed with quality factor 100 and a payload of 0.4 bits per non-zero AC coefficient is 37.3% with Backpack, compared to a 26.5% error rate using ADV-EMB with minmax (considered state of the art in this work) and a 16.9% error rate with J-UNIWARD.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124323766","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
A Protocol for Secure Verification of Watermarks Embedded into Machine Learning Models 嵌入到机器学习模型中的水印安全验证协议
Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security Pub Date : 2021-06-17 DOI: 10.1145/3437880.3460409
K. Kapusta, V. Thouvenot, Olivier Bettan, Hugo Beguinet, Hugo Senet
{"title":"A Protocol for Secure Verification of Watermarks Embedded into Machine Learning Models","authors":"K. Kapusta, V. Thouvenot, Olivier Bettan, Hugo Beguinet, Hugo Senet","doi":"10.1145/3437880.3460409","DOIUrl":"https://doi.org/10.1145/3437880.3460409","url":null,"abstract":"Machine Learning is a well established tool used in a variety of applications. As training advanced models requires considerable amounts of meaningful data in addition to specific knowledge, a new business model separate models creators from model users. Pre-trained models are sold or made available as a service. This raises several security challenges, among others the one of intellectual property protection. Therefore, a new research track actively seeks to provide techniques for model watermarking that would enable model identification in case of suspicion of model theft or misuse. In this paper, we focus on the problem of secure watermarks verification, which affects all of the proposed techniques and until now was barely tackled. First, we revisit the existing threat model. In particular, we explain the possible threats related to a semi-honest or dishonest verification authority. Secondly, we show how to reduce trust requirements between participants by performing the watermarks verification on encrypted data. Finally, we describe a novel secure verification protocol as well as detail its possible implementation using Multi-Party Computation. The proposed solution does not only preserve the confidentiality of the watermarks but also helps detecting evasion attacks. It could be adopted to work with other authentication schemes based on watermarking, especially with image watermarking schemes.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123593503","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Angular Margin Softmax Loss and Its Variants for Double Compressed AMR Audio Detection 角边际软最大损失及其变体双压缩AMR音频检测
Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security Pub Date : 2021-06-17 DOI: 10.1145/3437880.3460414
Aykut Büker, C. Hanilçi
{"title":"Angular Margin Softmax Loss and Its Variants for Double Compressed AMR Audio Detection","authors":"Aykut Büker, C. Hanilçi","doi":"10.1145/3437880.3460414","DOIUrl":"https://doi.org/10.1145/3437880.3460414","url":null,"abstract":"Double compressed (DC) adaptive multi-rate (AMR) audio detection is an important but challenging audio forensic task which has received great attention over the last decade. Although the majority of the existing studies extract hand-crafted features and classify these features using traditional pattern matching algorithms such as support vector machines (SVM), recently convolutional neural network (CNN) based DC AMR audio detection system was proposed which yields very promising detection performance. Similar to any traditional CNN based classification system, CNN based DC AMR recognition system uses standard softmax loss as the training criterion. In this paper, we propose to use angular margin softmax loss and its variants for DC AMR detection problem. Although using angular margin softmax was originally proposed for face recognition, we adapt it to the CNN based end-to-end DC audio detection system. The angular margin softmax basically introduces a margin between two classes so that the system can learn more discriminative embeddings for the problem. Experimental results show that adding angular margin penalty to the traditional softmax loss increases the average DC AMR audio detection from 95.83% to 100%. It is also found that the angular margin softmax loss functions boost the DC AMR audio detection performance when there is a mismatch between training and test datasets.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128217234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Tracing Data through Learning with Watermarking 通过水印学习跟踪数据
Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security Pub Date : 2021-06-17 DOI: 10.1145/3437880.3458442
Alexandre Sablayrolles
{"title":"Tracing Data through Learning with Watermarking","authors":"Alexandre Sablayrolles","doi":"10.1145/3437880.3458442","DOIUrl":"https://doi.org/10.1145/3437880.3458442","url":null,"abstract":"How can we gauge the privacy provided by machine learning algorithms? Models trained with differential privacy (DP) provably limit information leakage, but the question remains open for non-DP models. In this talk, we present multiple techniques for membership inference, which estimates if a given data sample is in the training set of a model. In particular, we introduce a watermarking-based method that allows for a very fast verification of data usage in a model: this technique creates marks called radioactive that propagates from the data to the model during training. This watermark is barely visible to the naked eye and allows data tracing even when the radioactive data represents only 1% of the training set.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132719164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Banners: Binarized Neural Networks with Replicated Secret Sharing 横幅:具有复制秘密共享的二值化神经网络
Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security Pub Date : 2021-06-17 DOI: 10.1145/3437880.3460394
Alberto Ibarrondo, H. Chabanne, Melek Önen
{"title":"Banners: Binarized Neural Networks with Replicated Secret Sharing","authors":"Alberto Ibarrondo, H. Chabanne, Melek Önen","doi":"10.1145/3437880.3460394","DOIUrl":"https://doi.org/10.1145/3437880.3460394","url":null,"abstract":"Binarized Neural Networks (BNN) provide efficient implementations of Convolutional Neural Networks (CNN). This makes them particularly suitable to perform fast and memory-light inference of neural networks running on resource-constrained devices. Motivated by the growing interest in CNN-based biometric recognition on potentially insecure devices, or as part of strong multi-factor authentication for sensitive applications, the protection of BNN inference on edge devices is rendered imperative. We propose a new method to perform secure inference of BNN relying on secure multiparty computation. While preceding papers offered security in a semi-honest setting for BNN or malicious security for standard CNN, our work yields security with abort against one malicious adversary for BNN by leveraging on Replicated Secret Sharing (RSS) for an honest majority with three computing parties. Experimentally, we implement Banners on top of MP-SPDZ and compare it with prior work over binarized models trained for MNIST and CIFAR10 image classification datasets. Our results attest the efficiency of Banners as a privacy-preserving inference technique.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117074995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Fast Detection of Heterogeneous Parallel Steganography for Streaming Voice 流语音异构并行隐写的快速检测
Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security Pub Date : 2021-06-17 DOI: 10.1145/3437880.3460404
Huili Wang, Zhongliang Yang, Yuting Hu, Zhen Yang, Yongfeng Huang
{"title":"Fast Detection of Heterogeneous Parallel Steganography for Streaming Voice","authors":"Huili Wang, Zhongliang Yang, Yuting Hu, Zhen Yang, Yongfeng Huang","doi":"10.1145/3437880.3460404","DOIUrl":"https://doi.org/10.1145/3437880.3460404","url":null,"abstract":"Heterogeneous parallel steganography (HPS) has become a new trend of current streaming media voice steganography, which hides secret information in the frames of streaming media with multiple kinds of orthogonal steganography. Because of the complexity and imperceptibility of HPS, detecting its existence is a challenge for previous steganalysis methods, especially in the case of short sliding window length and low embedding rate. In order to improve the situation, we design a fast and efficient detection method named the key feature extraction and fusion network (KFEF) based on attention mechanism. The proposed model is able to effectively extract the key characteristic of the exceptions due to steganography and fuse the extracted features for different steganographic algorithms used in HPS. Experimental results show that the proposed method significantly improves the classification accuracy in detecting both low embedding rate samples and short segment samples. In addition, the detection time consumption is shorter than other methods and meets real-time requirements. Finally, with the help of attention we can predict the approximate locations of secret information which may bring new ideas to further steganalysis.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130142335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信