Detecting image manipulations in the presence of JPEG post-processing is often a challenging task. For this reason, in many cases, JPEG compression is applied as a laundering-type counter-forensic attack, to impair the performance of the detector. A possible countermeasure, for data-driven approaches, consists in building a JPEG-aware detector by training the detector on JPEG-compressed images. However, the choice of the quality factor (QF) used to compress the training images is not obvious, given that the detector does not know the QF used by the attacker. In this work, we introduce a game-theoretic framework to compare three possible approaches to make such a choice, namely: I) training on images compressed using a single QF chosen strategically by taking into account the different goals of the forensic analyst and the attacker, ii) estimation of the QF used by the attacker and subsequent use of a network trained on a matched QF, iii) training on a mixture of QFs. We exemplify the proposed framework by applying it to the detection of a specific image manipulation, namely Adaptive Histogram Equalization (AHE). The experiments show how the proposed framework allows to design a JPEG-aware AHE-detector and set the stage for the use of a similar procedure for the detection of other image manipulations in the presence of JPEG-laundering attacks.
Barni, M., Huang, D., Li, B., Tondi, B. (2019). Adversarial CNN Training Under JPEG Laundering Attacks: a Game-Theoretic Approach. In 2019 IEEE International Workshop on Information Forensics and Security (WIFS). New York : Institute of Electrical and Electronics Engineers Inc. [10.1109/WIFS47025.2019.9035110].
Adversarial CNN Training Under JPEG Laundering Attacks: a Game-Theoretic Approach
Barni, Mauro;Tondi, Benedetta
2019-01-01
Abstract
Detecting image manipulations in the presence of JPEG post-processing is often a challenging task. For this reason, in many cases, JPEG compression is applied as a laundering-type counter-forensic attack, to impair the performance of the detector. A possible countermeasure, for data-driven approaches, consists in building a JPEG-aware detector by training the detector on JPEG-compressed images. However, the choice of the quality factor (QF) used to compress the training images is not obvious, given that the detector does not know the QF used by the attacker. In this work, we introduce a game-theoretic framework to compare three possible approaches to make such a choice, namely: I) training on images compressed using a single QF chosen strategically by taking into account the different goals of the forensic analyst and the attacker, ii) estimation of the QF used by the attacker and subsequent use of a network trained on a matched QF, iii) training on a mixture of QFs. We exemplify the proposed framework by applying it to the detection of a specific image manipulation, namely Adaptive Histogram Equalization (AHE). The experiments show how the proposed framework allows to design a JPEG-aware AHE-detector and set the stage for the use of a similar procedure for the detection of other image manipulations in the presence of JPEG-laundering attacks.File | Dimensione | Formato | |
---|---|---|---|
09035110.pdf
non disponibili
Tipologia:
PDF editoriale
Licenza:
NON PUBBLICO - Accesso privato/ristretto
Dimensione
322.35 kB
Formato
Adobe PDF
|
322.35 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11365/1105751