RESUMO
The intellectual property of deep networks can be easily "stolen" by surrogate model attack. There has been significant progress in protecting the model IP in classification tasks. However, little attention has been devoted to the protection of image processing models. By utilizing consistent invisible spatial watermarks, the work [1] first considered model watermarking for deep image processing networks and demonstrated its efficacy in many downstream tasks. Its success depends on the hypothesis that if a consistent watermark exists in all prediction outputs, that watermark will be learned into the attacker's surrogate model. However, when the attacker uses common data augmentation attacks (e.g., rotate, crop, and resize) during surrogate model training, it will fail because the underlying watermark consistency is destroyed. To mitigate this issue, we propose a new watermarking methodology, "structure consistency", based on which a new deep structure-aligned model watermarking algorithm is designed. Specifically, the embedded watermarks are designed to be aligned with physically consistent image structures, such as edges or semantic regions. Experiments demonstrate that our method is more robust than the baseline in resisting data augmentation attacks. Besides that, we test the generalization ability and robustness of our method to a broader range of adaptive attacks.
RESUMO
Modern cryptography attributes the security of a cryptographic system to the security of the key. How to securely distribute the key has always been a bottleneck in key management. This paper proposes a secure group key agreement scheme for multiple parties using a multiple twinning superlattice physical unclonable function (PUF) that can be synchronized. By sharing the challenge and helper data among multiple twinning superlattice PUF holders, the scheme employs a reusable fuzzy extractor to obtain the key locally. Moreover, adopting public-key encryption encrypts public data for establishing the subgroup key, which provides independent communication for the subgroup. At the same time, when the subgroup membership changes, the public key encrypts new public data to update the subgroup key, forming scalable group communication. This paper also presents a cost and formal security analysis, which shows that the proposed scheme can achieve computational security by applying the key obtained by the computationally secure reusable fuzzy extractor to the EAV-secure symmetric-key encryption, which has indistinguishable encryption in the presence of an eavesdropper. Additionally, the scheme is secure against physical attacks, man-in-the-middle attacks, and machine learning modeling attacks.
RESUMO
Reversible data hiding in encrypted images (RDH-EI) is instrumental in image privacy protection and data embedding. However, conventional RDH-EI models, involving image providers, data hiders, and receivers, limit the number of data hiders to one, which restricts its applicability in scenarios requiring multiple data embedders. Therefore, the need for an RDH-EI accommodating multiple data hiders, especially for copyright protection, has become crucial. Addressing this, we introduce the application of Pixel Value Order (PVO) technology to encrypted reversible data hiding, combined with the secret image sharing (SIS) scheme. This creates a novel scheme, PVO, Chaotic System, Secret Sharing-based Reversible Data Hiding in Encrypted Image (PCSRDH-EI), which satisfies the (k,n) threshold property. An image is partitioned into N shadow images, and reconstruction is feasible when at least k shadow images are available. This method enables separate data extraction and image decryption. Our scheme combines stream encryption, based on chaotic systems, with secret sharing, underpinned by the Chinese remainder theorem (CRT), ensuring secure secret sharing. Empirical tests show that PCSRDH-EI can reach a maximum embedding rate of 5.706 bpp, outperforming the state-of-the-art and demonstrating superior encryption effects.
RESUMO
Network security situation awareness (NSSA) is an integral part of cybersecurity defense, and it is essential for cybersecurity managers to respond to increasingly sophisticated cyber threats. Different from traditional security measures, NSSA can identify the behavior of various activities in the network and conduct intent understanding and impact assessment from a macro perspective so as to provide reasonable decision support, predicting the development trend of network security. It is a means to analyze the network security quantitatively. Although NSSA has received extensive attention and exploration, there is a lack of comprehensive reviews of the related technologies. This paper presents a state-of-the-art study on NSSA that can help bridge the current research status and future large-scale application. First, the paper provides a concise introduction to NSSA, highlighting its development process. Then, the paper focuses on the research progress of key technologies in recent years. We further discuss the classic use cases of NSSA. Finally, the survey details various challenges and potential research directions related to NSSA.
RESUMO
Recent research shows deep neural networks are vulnerable to different types of attacks, such as adversarial attacks, data poisoning attacks, and backdoor attacks. Among them, backdoor attacks are the most cunning and can occur in almost every stage of the deep learning pipeline. Backdoor attacks have attracted lots of interest from both academia and industry. However, most existing backdoor attack methods are visible or fragile to some effortless pre-processing such as common data transformations. To address these limitations, we propose a robust and invisible backdoor attack called "Poison Ink". Concretely, we first leverage the image structures as target poisoning areas and fill them with poison ink (information) to generate the trigger pattern. As the image structure can keep its semantic meaning during the data transformation, such a trigger pattern is inherently robust to data transformations. Then we leverage a deep injection network to embed such input-aware trigger pattern into the cover image to achieve stealthiness. Compared to existing popular backdoor attack methods, Poison Ink outperforms both in stealthiness and robustness. Through extensive experiments, we demonstrate that Poison Ink is not only general to different datasets and network architectures but also flexible for different attack scenarios. Besides, it also has very strong resistance against many state-of-the-art defense techniques.
Assuntos
Venenos , Tinta , Redes Neurais de Computação , SemânticaRESUMO
Semiconductor superlattice true random number generator (SSL-TRNG) has an outstanding practical property on high-throughput and high-security cryptographic applications. Security in random number generators is closely related to the min-entropy of the raw output because feeding cryptographic applications with insufficient entropy leads to poor security and vulnerability to malicious attacks. However, no research has focused on the min-entropy estimation based on the stochastic model for SSL-TRNG, which is a highly recommended method for evaluating the security of a specific TRNG structure. A min-entropy estimation method is proposed in this paper for the SSL-TRNG by extending the Markov stochastic model derived from the memory effects. By calculating the boundary of the transition matrix, the min-entropy result is the average value of each sample (1 bit) is 0.2487. Moreover, the experimental results show that the estimator is accurate enough to adjust compression rate dynamically in post-processing to reach the required security level, estimating entropy on the fly rather than off-line.
RESUMO
Despite the tremendous success, deep neural networks are exposed to serious IP infringement risks. Given a target deep model, if the attacker knows its full information, it can be easily stolen by fine-tuning. Even if only its output is accessible, a surrogate model can be trained through student-teacher learning by generating many input-output training pairs. Therefore, deep model IP protection is important and necessary. However, it is still seriously under-researched. In this work, we propose a new model watermarking framework for protecting deep networks trained for low-level computer vision or image processing tasks. Specifically, a special task-agnostic barrier is added after the target model, which embeds a unified and invisible watermark into its outputs. When the attacker trains one surrogate model by using the input-output pairs of the barrier target model, the hidden watermark will be learned and extracted afterwards. To enable watermarks from binary bits to high-resolution images, a deep invisible watermarking mechanism is designed. By jointly training the target model and watermark embedding, the extra barrier can even be absorbed into the target model. Through extensive experiments, we demonstrate the robustness of the proposed framework, which can resist attacks with different network structures and objective functions.