ABSTRACT
Recent research has shown that neural network models can be used to steal sensitive data or embed malware. Therefore, steganalysis for neural networks is urgently needed. However, existing neural network steganalysis methods do not perform well under small embedding rates. In addition, because of the large number of parameters, the neural network steganography method under a small embedding rate can embed enough information into the model for malicious purposes. To address this problem, this paper proposes a calibration-based steganalysis method, which fine-tunes the original neural network model without implicit constraints to obtain a reference model, then extracts and fuses statistical moments from the parameter distributions of the original model and its reference model, and finally trains a logistic regressor for detection. Extensive experiments show that the proposed method has superior performance in detecting steganographic neural network models under small embedding rates.
- Tom Brown, Benjamin Mann, Nick Ryder, Melanie Subbiah, Jared D Kaplan, Prafulla Dhariwal, Arvind Neelakantan, Pranav Shyam, Girish Sastry, Amanda Askell, et al. 2020. Language models are few-shot learners. Advances in neural information processing systems, Vol. 33 (2020), 1877--1901.Google Scholar
- Kyunghyun Cho, Bart Van Merriënboer, Caglar Gulcehre, Dzmitry Bahdanau, Fethi Bougares, Holger Schwenk, and Yoshua Bengio. 2014. Learning phrase representations using RNN encoder-decoder for statistical machine translation. arXiv preprint arXiv:1406.1078 (2014).Google Scholar
- Jessica Fridrich. 2005. Feature-based steganalysis for JPEG images and its implications for future design of steganographic schemes. In Information Hiding: 6th International Workshop, IH 2004, Toronto, Canada, May 23--25, 2004, Revised Selected Papers 6. Springer, 67--81.Google ScholarCross Ref
- Jessica Fridrich, Miroslav Goljan, and Dorin Hogea. 2003 a. Steganalysis of JPEG images: Breaking the F5 algorithm. In Information Hiding: 5th International Workshop, IH 2002 Noordwijkerhout, The Netherlands, October 7-9, 2002 Revised Papers 5. Springer, 310--323.Google ScholarCross Ref
- Jessica Fridrich, Miroslav Goljan, Dorin Hogea, and David Soukal. 2003 b. Quantitative steganalysis of digital images: estimating the secret message length. Multimedia systems, Vol. 9 (2003), 288--302.Google Scholar
- Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition. 770--778.Google ScholarCross Ref
- Jan Kodovskỳ and Jessica Fridrich. 2009. Calibration revisited. In Proceedings of the 11th ACM workshop on Multimedia and security. 63--74.Google ScholarDigital Library
- Alex Krizhevsky, Geoffrey Hinton, et al. 2009. Learning multiple layers of features from tiny images. (2009).Google Scholar
- Tao Liu, Zihao Liu, Qi Liu, Wujie Wen, Wenyao Xu, and Ming Li. 2020. StegoNet: Turn deep neural network into a stegomalware. In Annual Computer Security Applications Conference. 928--938.Google ScholarDigital Library
- Xudong Pan, Yifan Yan, Shengyao Zhang, Mi Zhang, and Min Yang. 2022. Matryoshka: Stealing Functionality of Private ML Data by Hiding Models in Model. arXiv preprint arXiv:2206.14371 (2022).Google Scholar
- Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, et al. 2011. Scikit-learn: Machine learning in Python. Journal of machine learning research, Vol. 12, Oct (2011), 2825--2830.Google ScholarDigital Library
- Tomas Pevny and Jessica Fridrich. 2007. Merging Markov and DCT features for multi-class JPEG steganalysis. In Security, steganography, and watermarking of multimedia contents IX, Vol. 6505. SPIE, 28--40.Google Scholar
- Herbert Robbins and Sutton Monro. 1951. A stochastic approximation method. The annals of mathematical statistics (1951), 400--407.Google Scholar
- Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014).Google Scholar
- Congzheng Song, Thomas Ristenpart, and Vitaly Shmatikov. 2017. Machine learning models that remember too much. In Proceedings of the 2017 ACM SIGSAC Conference on computer and communications security. 587--601.Google ScholarDigital Library
- Zhi Wang, Chaoge Liu, and Xiang Cui. 2021. Evilmodel: hiding malware inside of neural network models. In 2021 IEEE Symposium on Computers and Communications (ISCC). IEEE, 1--7.Google ScholarCross Ref
- Yi Yin, Weiming Zhang, Nenghai Yu, and Kejiang Chen. 2021. Steganalysis of neural networks based on parameter statistical bias. Journal of University of Science and Technology of China (2021).Google Scholar
- Chiyuan Zhang, Samy Bengio, Moritz Hardt, Benjamin Recht, and Oriol Vinyals. 2021. Understanding deep learning (still) requires rethinking generalization. Commun. ACM, Vol. 64, 3 (2021), 107--115. ioGoogle ScholarDigital Library
Index Terms
- Calibration-based Steganalysis for Neural Network Steganography
Recommendations
Implementation of Least Significant Bit Steganography and statistical steganalysis
CCSEIT '12: Proceedings of the Second International Conference on Computational Science, Engineering and Information TechnologyLeast Significant Bit (LSB) Steganography is a method for hidden information in such a way that can only be detected by its intended recipient. Steganography in Digital media becomes a challenging discipline, since the Human Auditory System (HAS) is ...
Steganalysis of HUGO steganography based on parameter recognition of syndrome-trellis-codes
Highly Undetectable steGO (HUGO steganography) is a well-known image steganography method proposed in recent years. The security of HUGO steganography is analyzed in this paper, and a corresponding steganalysis method is proposed based on the blind ...
Revisiting weighted Stego-image Steganalysis for PVD steganography
Weighted stego-image (WS) method is famous for estimating embedding rate of steganography using least significant bit (LSB) scheme. This paper investigates its feasibility of analyzing pixel-value differencing (PVD) steganography, an algorithm without ...
Comments