Security Consideration For Deep Learning-Based Image Forensics

TL;DR

This paper investigates the security vulnerabilities of deep learning-based image forensics methods, highlighting their susceptibility to adversarial noise and proposing strategies to enhance their robustness against such attacks.

Contribution

It is the first work to focus on the security of deep learning in image forensics, introducing new training strategies to defend against adversarial images.

Findings

Deep learning methods fail under slight adversarial noise.

Proposed penalty term improves robustness to adversarial images.

Fused training with normal and adversarial images enhances security.

Abstract

Recently, image forensics community has paied attention to the research on the design of effective algorithms based on deep learning technology and facts proved that combining the domain knowledge of image forensics and deep learning would achieve more robust and better performance than the traditional schemes. Instead of improving it, in this paper, the safety of deep learning based methods in the field of image forensics is taken into account. To the best of our knowledge, this is a first work focusing on this topic. Specifically, we experimentally find that the method using deep learning would fail when adding the slight noise into the images (adversarial images). Furthermore, two kinds of strategys are proposed to enforce security of deep learning-based method. Firstly, an extra penalty term to the loss function is added, which is referred to the 2-norm of the gradient of the loss with respect to the input images, and then an novel training method are adopt to train the model by fusing the normal and adversarial images. Experimental results show that the proposed algorithm can achieve good performance even in the case of adversarial images and provide a safety consideration for deep learning-based image forensics