Protecting the Visual Fidelity of Machine Learning Datasets Using QR Codes

  • Yang-Wai ChowEmail author
  • Willy Susilo
  • Jianfeng Wang
  • Richard Buckland
  • Joonsang Baek
  • Jongkil Kim
  • Nan Li
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11806)


Machine learning is becoming increasingly popular in a variety of modern technology. However, research has demonstrated that machine learning models are vulnerable to adversarial examples in their inputs. Potential attacks include poisoning datasets by perturbing input samples to mislead a machine learning model into producing undesirable results. Such perturbations are often subtle and imperceptible from a human’s perspective. This paper investigates two methods of verifying the visual fidelity of image based datasets by detecting perturbations made to the data using QR codes. In the first method, a verification string is stored for each image in a dataset. These verification strings can be used to determine whether an image in the dataset has been perturbed. In the second method, only a single verification string stored and is used to verify whether an entire dataset is intact.


Adversarial machine learning Cyber security QR code Visual fidelity Watermarking 



The authors would like to acknowledge the support of the NSW Cybersecurity Network grant, the NUW Alliance grant and the National Natural Science Foundation of China (Nos. 61572382 and 61702401) that were awarded for this research.


  1. 1.
    Akhtar, N., Mian, A.S.: Threat of adversarial attacks on deep learning in computer vision: a survey. IEEE Access 6, 14410–14430 (2018)CrossRefGoogle Scholar
  2. 2.
    Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. In: Proceedings of the 29th International Conference on Machine Learning, ICML 2012, vol. 2, pp. 1807–1814 (2012)Google Scholar
  3. 3.
    Biggio, B., Roli, F.: Wild patterns: ten years after the rise of adversarial machine learning. Pattern Recogn. 84, 317–331 (2018)CrossRefGoogle Scholar
  4. 4.
    Cardamone, N., d’Amore, F.: DWT and QR code based watermarking for document DRM. In: Yoo, C.D., Shi, Y.-Q., Kim, H.J., Piva, A., Kim, G. (eds.) IWDW 2018. LNCS, vol. 11378, pp. 137–150. Springer, Cham (2019). Scholar
  5. 5.
    Chow, Y., Susilo, W., Tonien, J., Vlahu-Gjorgievska, E., Yang, G.: Cooperative secret sharing using QR codes and symmetric keys. Symmetry 10(4), 95 (2018)CrossRefGoogle Scholar
  6. 6.
    Chow, Y.-W., Susilo, W., Tonien, J., Zong, W.: A QR code watermarking approach based on the DWT-DCT technique. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 314–331. Springer, Cham (2017). Scholar
  7. 7.
    Denso Wave Incorporated.
  8. 8.
    Floyd, R.W., Steinberg, L.: An adaptive algorithm for spatial greyscale. Proc. Soc. Inf. Display 17(2), 75–77 (1976)Google Scholar
  9. 9.
    Fu, Z., Cheng, Y., Yu, B.: Visual cryptography scheme with meaningful shares based on QR codes. IEEE Access 6, 59567–59574 (2018)CrossRefGoogle Scholar
  10. 10.
    Guan, Z.-H., Huang, F., Guan, W.: Chaos-based image encryption algorithm. Phys. Lett. A 346(1–3), 153–157 (2005)CrossRefGoogle Scholar
  11. 11.
    International Organization for Standardization: Information technology—automatic identification and data capture techniques–QR code 2005 bar code symbology specification. ISO/IEC 18004:2006 (2006)Google Scholar
  12. 12.
    Ishizuka, H., Echizen, I., Iwamura, K., Sakurai, K.: A zero-watermarking-like steganography and potential applications. In: 2014 Tenth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 459–462, August 2014Google Scholar
  13. 13.
    Kang, Q., Li, K., Yang, J.: A digital watermarking approach based on DCT domain combining QR code and chaotic theory. In: 2014 Eleventh International Conference on Wireless and Optical Communications Networks (WOCN), pp. 1–7, September 2014Google Scholar
  14. 14.
    Lee, H.C., Dong, C.R., Lin, T.M.: Digital watermarking based on JND model and QR code features. In: Pan, J.S., Yang, C.N., Lin, C.C. (eds.) Advances in Intelligent Systems and Applications. SIST, vol. 21, pp. 141–148. Springer, Heidelberg (2013). Scholar
  15. 15.
    Li, D., Liu, Z., Cui, L.: A zero-watermark scheme for identification photos based on QR code and visual cryptography. Int. J. Secur. Appl. 10(1), 203–214 (2016)Google Scholar
  16. 16.
    Liu, F., Yan, W.Q.: Various applications of visual cryptography. In: Liu, F., Yan, W.Q. (eds.) Visual Cryptography for Image Processing and Security, pp. 127–143. Springer, Cham (2014). Scholar
  17. 17.
    Mallat, S.: A theory for multiresolution signal decomposition: the wavelet representation. IEEE Trans. Pattern Anal. Mach. Intell. 11(7), 674–693 (1989)CrossRefGoogle Scholar
  18. 18.
    Papernot, N., McDaniel, P.D., Goodfellow, I.J., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. In: Karri, R., Sinanoglu, O., Sadeghi, A., Yi, X. (eds.) Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, 2–6 April 2017, pp. 506–519. ACM (2017)Google Scholar
  19. 19.
    Rubinstein, B.I., et al.: Antidote: understanding and defending against poisoning of anomaly detectors. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement, IMC 2009, pp. 1–14. ACM, New York (2009)Google Scholar
  20. 20.
    Seenivasagam, V., Velumani, R.: A QR code based zero-watermarking scheme for authentication of medical images in teleradiology cloud. Comput. Math. Methods Med. 2013(516465), 16 (2013)MathSciNetzbMATHGoogle Scholar
  21. 21.
    Thulasidharan, P.P., Nair, M.S.: QR code based blind digital image watermarking with attack detection code. AEU - Int. J. Electron. Commun. 69(7), 1074–1084 (2015)CrossRefGoogle Scholar
  22. 22.
    Tkachenko, I., Puech, W., Destruel, C., Strauss, O., Gaudin, J., Guichard, C.: Two-level QR code for private message sharing and document authentication. IEEE Trans. Inf. Forensics Secur. 11(3), 571–583 (2016)CrossRefGoogle Scholar
  23. 23.
    Xiao, H., Biggio, B., Brown, G., Fumera, G., Eckert, C., Roli, F.: Is feature selection secure against training data poisoning? In: 32nd International Conference on Machine Learning, ICML 2015, vol. 2, pp. 1689–1698 (2015)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Yang-Wai Chow
    • 1
    Email author
  • Willy Susilo
    • 1
  • Jianfeng Wang
    • 2
  • Richard Buckland
    • 3
  • Joonsang Baek
    • 1
  • Jongkil Kim
    • 1
  • Nan Li
    • 4
  1. 1.Institute of Cybersecurity and Cryptology, School of Computing and Information TechnologyUniversity of WollongongWollongongAustralia
  2. 2.State Key Laboratory of Integrated Service Networks (ISN)Xidian UniversityXidianChina
  3. 3.School of Computer Science and EngineeringUniversity of New South WalesSydneyAustralia
  4. 4.School of Electrical Engineering and ComputingUniversity of NewcastleNewcastleAustralia

Personalised recommendations