Security Consideration For Deep Learning-Based Image Forensics
This addresses a safety problem for the image forensics community, highlighting a critical vulnerability in existing methods.
The paper tackles the vulnerability of deep learning-based image forensics to adversarial attacks by adding slight noise to images, and proposes two strategies—adding a penalty term to the loss function and training with both normal and adversarial images—that achieve good performance in adversarial cases.
Recently, image forensics community has paied attention to the research on the design of effective algorithms based on deep learning technology and facts proved that combining the domain knowledge of image forensics and deep learning would achieve more robust and better performance than the traditional schemes. Instead of improving it, in this paper, the safety of deep learning based methods in the field of image forensics is taken into account. To the best of our knowledge, this is a first work focusing on this topic. Specifically, we experimentally find that the method using deep learning would fail when adding the slight noise into the images (adversarial images). Furthermore, two kinds of strategys are proposed to enforce security of deep learning-based method. Firstly, an extra penalty term to the loss function is added, which is referred to the 2-norm of the gradient of the loss with respect to the input images, and then an novel training method are adopt to train the model by fusing the normal and adversarial images. Experimental results show that the proposed algorithm can achieve good performance even in the case of adversarial images and provide a safety consideration for deep learning-based image forensics