Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Towards Deep Network Steganography: From Networks to Networks (2307.03444v1)

Published 7 Jul 2023 in cs.CR and cs.AI

Abstract: With the widespread applications of the deep neural network (DNN), how to covertly transmit the DNN models in public channels brings us the attention, especially for those trained for secret-learning tasks. In this paper, we propose deep network steganography for the covert communication of DNN models. Unlike the existing steganography schemes which focus on the subtle modification of the cover data to accommodate the secrets, our scheme is learning task oriented, where the learning task of the secret DNN model (termed as secret-learning task) is disguised into another ordinary learning task conducted in a stego DNN model (termed as stego-learning task). To this end, we propose a gradient-based filter insertion scheme to insert interference filters into the important positions in the secret DNN model to form a stego DNN model. These positions are then embedded into the stego DNN model using a key by side information hiding. Finally, we activate the interference filters by a partial optimization strategy, such that the generated stego DNN model works on the stego-learning task. We conduct the experiments on both the intra-task steganography and inter-task steganography (i.e., the secret and stego-learning tasks belong to the same and different categories), both of which demonstrate the effectiveness of our proposed method for covert communication of DNN models.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. DeepiSign: invisible fragile watermark to protect the integrity and authenticity of CNN. In Proceedings of the 36th Annual ACM Symposium on Applied Computing. 952–959.
  2. Shumeet Baluja. 2020. Hiding Images within Images. IEEE Transactions on Pattern Analysis and Machine Intelligence 42, 7 (2020), 1685–1697. https://doi.org/10.1109/TPAMI.2019.2901877
  3. Deepsigns: An end-to-end watermarking framework for ownership protection of deep neural networks. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems. 485–497.
  4. Bert: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018).
  5. Deepip: Deep neural network intellectual property protection with passports. IEEE Transactions on Pattern Analysis and Machine Intelligence (2021).
  6. Yoav Goldberg. 2017. Neural network methods for natural language processing. Synthesis lectures on human language technologies 10, 1 (2017), 1–309.
  7. Kaliappan Gopalan. 2003. Audio steganography using bit modification. In 2003 International Conference on Multimedia and Expo. ICME’03. Proceedings (Cat. No. 03TH8698), Vol. 1. IEEE, I–629.
  8. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017).
  9. Reversible watermarking in deep convolutional neural networks for integrity authentication. In Proceedings of the 28th ACM International Conference on Multimedia. 2273–2280.
  10. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition. 770–778.
  11. Rethinking the Pruning Criteria for Convolutional Neural Network. Advances in Neural Information Processing Systems 34 (2021).
  12. HiNet: Deep Image Hiding by Invertible Network. In Proceedings of the IEEE/CVF International Conference on Computer Vision. 4733–4742.
  13. Diederik P Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014).
  14. An overview of text steganography. In 2017 Fourth International Conference on Signal Processing, Communication and Networking (ICSCN). IEEE, 1–6.
  15. Learning multiple layers of features from tiny images. Advances in neural information processing systems (2009).
  16. Imagenet classification with deep convolutional neural networks. Advances in neural information processing systems 25 (2012).
  17. Gradient-based learning applied to document recognition. Proc. IEEE 86, 11 (1998), 2278–2324.
  18. Adaptive Payload Distribution in Multiple Images Steganography Based on Image Texture Features. IEEE Transactions on Dependable and Secure Computing 19, 2 (2022), 897–911. https://doi.org/10.1109/TDSC.2020.3004708
  19. A new payload partition strategy in color image steganography. IEEE Transactions on Circuits and Systems for Video Technology 30, 3 (2019), 685–696.
  20. Large-capacity image steganography based on invertible neural networks. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 10816–10825.
  21. Secure Halftone Image Steganography Based on Pixel Density Transition. IEEE Transactions on Dependable and Secure Computing 18, 3 (2021), 1137–1149. https://doi.org/10.1109/TDSC.2019.2933621
  22. A new video steganography scheme based on Shi-Tomasi corner detector. IEEE Access 8 (2020), 161825–161837.
  23. Cats and dogs. In 2012 IEEE conference on computer vision and pattern recognition. IEEE, 3498–3505.
  24. Karen Simonyan and Andrew Zisserman. 2015. Very Deep Convolutional Networks for Large-Scale Image Recognition. In 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, 2015, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). http://arxiv.org/abs/1409.1556
  25. Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural networks 32 (2012), 323–332.
  26. An automatic cost learning framework for image steganography using deep reinforcement learning. IEEE Transactions on Information Forensics and Security 16 (2020), 952–967.
  27. Automatic steganographic distortion learning using a generative adversarial network. IEEE Signal Processing Letters 24, 10 (2017), 1547–1551.
  28. Probabilistic Selective Encryption of Convolutional Neural Networks for Hierarchical Services. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2205–2214.
  29. Embedding watermarks into deep neural networks. In Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval. 269–277.
  30. High-capacity convolutional video steganography with temporal residual modeling. In Proceedings of the 2019 on International Conference on Multimedia Retrieval. 87–95.
  31. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747 (2017).
  32. Detecting ai trojans using meta neural analysis. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 103–120.
  33. Beyond a gaussian denoiser: Residual learning of deep cnn for image denoising. IEEE transactions on image processing 26, 7 (2017), 3142–3155.
  34. Distortion Design for Secure Adaptive 3-D Mesh Steganography. IEEE Transactions on Multimedia 21, 6 (2019), 1384–1398. https://doi.org/10.1109/TMM.2018.2882088
  35. Hidden: Hiding data with deep networks. In Proceedings of the European conference on computer vision (ECCV). 657–672.
Citations (5)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now