DP-RAE: A Dual-Phase Merging Reversible Adversarial Example for Image Privacy Protection

Download PDF

Xia Du, Jiajie Zhu, Jizhe Zhou, Chi-Man Pun, Qizhen Xu, Xiaoyuan Liu

Published: 20 Jul 2024, Last Modified: 21 Jul 2024MM2024 PosterEveryoneRevisionsBibTeXCC BY 4.0
Abstract: In digital security, Reversible Adversarial Examples (RAE) blend adversarial attacks with Reversible Data Hiding (RDH) within images to thwart unauthorized access. Traditional RAE methods, however, compromise attack efficiency for the sake of perturbation concealment, diminishing the protective capacity of valuable perturbations and limiting applications to white-box scenarios. This paper proposes a novel Dual-Phase merging Reversible Adversarial Example (DP-RAE) generation framework, combining a heuristic black-box attack and RDH with Grayscale Invariance (RDH-GI) technology. This dual strategy not only evaluates and harnesses the adversarial potential of past perturbations more effectively but also guarantees flawless embedding of perturbation information and complete recovery of the original image. Experimental validation reveals our method's superiority, secured an impressive 96.9\% success rate and 100\% recovery rate in compromising black-box models. In particular, it achieved a 90\% misdirection rate against commercial models under a constrained number of queries. This marks the first successful attempt at targeted black-box reversible adversarial attacks for commercial recognition models. This achievement highlights our framework's capability to enhance security measures without sacrificing attack performance. Moreover, our attack framework is flexible, allowing the interchangeable use of different attack and RDH modules to meet advanced technological requirements.
Primary Subject Area: [Content] Vision and Language
Secondary Subject Area: [Experience] Multimedia Applications
Relevance To Conference: The Dual-Phase merging Reversible Adversarial Example (DP-RAE) framework revolutionizes multimedia security by integrating heuristic black-box attacks with reversible data hiding, utilizing Grayscale Invariance (RDH-GI). This innovation not only enhances the security of multimedia content against unauthorized access but also ensures the integrity and quality of the content remain intact. DP-RAE's successful application in commercial recognition models, achieving high attack success rate, marks a significant advancement in secure multimedia processing. Its adaptability to various attack and RDH modules makes it a versatile tool for addressing current and future multimedia security challenges. DP-RAE's contribution to the multimedia domain lies in its novel approach to balancing robust security measures with the preservation of multimedia content quality, setting a new standard for multimedia and multimodal processing technologies.
Supplementary Material: zip
Submission Number: 3254