Adversarial CNN Training Under JPEG Laundering Attacks: a Game-Theoretic Approach

Detecting image manipulations in the presence of JPEG post-processing is often a challenging task. For this reason, in many cases, JPEG compression is applied as a laundering-type counter-forensic attack, to impair the performance of the detector. A possible countermeasure, for data-driven approaches, consists in building a JPEG-aware detector by training the detector on JPEG-compressed images. However, the choice of the quality factor (QF) used to compress the training images is not obvious, given that the detector does not know the QF used by the attacker. In this work, we introduce a game-theoretic framework to compare three possible approaches to make such a choice, namely: I) training on images compressed using a single QF chosen strategically by taking into account the different goals of the forensic analyst and the attacker, ii) estimation of the QF used by the attacker and subsequent use of a network trained on a matched QF, iii) training on a mixture of QFs. We exemplify the proposed framework by applying it to the detection of a specific image manipulation, namely Adaptive Histogram Equalization (AHE). The experiments show how the proposed framework allows to design a JPEG-aware AHE-detector and set the stage for the use of a similar procedure for the detection of other image manipulations in the presence of JPEG-laundering attacks.