Increased-confidence adversarial examples for deep learning counter-forensics
This addresses security vulnerabilities in multimedia forensics for forensic analysts, but it is incremental as it builds on existing adversarial attack methods.
The paper tackles the problem of low transferability of adversarial examples against deep learning-based multimedia forensics detectors by introducing a strategy to increase attack strength, showing that transferability can be largely increased at the expense of larger distortion, with experimental confirmation of security threats.
Transferability of adversarial examples is a key issue to apply this kind of attacks against multimedia forensics (MMF) techniques based on Deep Learning (DL) in a real-life setting. Adversarial example transferability, in fact, would open the way to the deployment of successful counter forensics attacks also in cases where the attacker does not have a full knowledge of the to-be-attacked system. Some preliminary works have shown that adversarial examples against CNN-based image forensics detectors are in general non-transferrable, at least when the basic versions of the attacks implemented in the most popular libraries are adopted. In this paper, we introduce a general strategy to increase the strength of the attacks and evaluate their transferability when such a strength varies. We experimentally show that, in this way, attack transferability can be largely increased, at the expense of a larger distortion. Our research confirms the security threats posed by the existence of adversarial examples even in multimedia forensics scenarios, thus calling for new defense strategies to improve the security of DL-based MMF techniques.