Adversarial Attack Technology Against Steganalysis

In recent years,deep neural network has rapidly become a research hotspot in the field of artificial intelligence.However,the latest research shows that DNN is easy to be attacked by adversarial samples.The attacker deceives the classifier by adding small disturbances to the clean samples to generate adversarial samples They can’t be recognized by human eyes,but it will lead to high confidence misclassification in the model,greatly reducing the accuracy of model classification.Adversarial attack has a serious negative impact on some applications with strict security requirements,such as automatic driving,security monitoring system,etc.,and even crash the system or cause heavy losses.But at the same time,the development of adversarial attack will also promote the development of defense against adversarial attack technology.Due to the similarity between steganography and adversarial attack,this paper studies the attack and defense of adversarial attack from the perspective of steganography,and discusses the relationship between steganography and adversarial attack.On one hand,steganalysis is helpful to detect adversarial perturbations.On the other hand,steganography helps to form adversarial perturbations,which is not only invisible to the naked eye,but also statistically undetectable.The research focus of this paper is on how to use steganalyzer to detect adversarial samples and how to apply the idea of steganography to the generation of adversarial samples to improve the resistance to detection.The main work of this thesis is summarized as follows:(1)This paper comprehensively compares and analyzes the similarity between adversarial attack and steganography in theory,and trains the steganalyzers Xu Net and Ye Net based on convolutional neural network to detect adversarial samples generated by FGSM,Deep Fool and C&W and obtains a high detection accuracy.Experiments show that the detection technology based on steganalysis can detect the adversarial samples made by various attack technologies accurately.That is,steganographic images have similar characteristics with adversarial samples,which broadens the future research direction of adversarial samples and provides a new defense idea for the defender of adversarial samples.(2)This paper analyzes the principle of adaptive steganography algorithm bypassing steganalyzer,points out the importance of cost function,applies it to the process of generating adversarial samples,and puts forward an adversarial samples generation algorithm that can bypass the detection of steganalyzer.The algorithm is based on the idea of adaptive steganography bypassing the steganalyzer,and embeds the distortion function in the steganography algorithm HILL into the adversarial samples generation algorithm.By combining the gradient information with the distortion map,the appropriate anti disturbance pixels are selected.Then adversarial samples are generated through repeated iteration.Compared with the mainstream attack algorithm,our method not only maintains the attack capability,but also improves the anti-detection ability.Also it is not large and only takes 0.2s to generate a adversarial sample.The proposed algorithm provides a new way for attackers to improve the antidetection ability of adversarial samples.