Protecting the Visual Fidelity of Machine Learning Datasets Using QR Codes
- 610 Downloads
Machine learning is becoming increasingly popular in a variety of modern technology. However, research has demonstrated that machine learning models are vulnerable to adversarial examples in their inputs. Potential attacks include poisoning datasets by perturbing input samples to mislead a machine learning model into producing undesirable results. Such perturbations are often subtle and imperceptible from a human’s perspective. This paper investigates two methods of verifying the visual fidelity of image based datasets by detecting perturbations made to the data using QR codes. In the first method, a verification string is stored for each image in a dataset. These verification strings can be used to determine whether an image in the dataset has been perturbed. In the second method, only a single verification string stored and is used to verify whether an entire dataset is intact.
KeywordsAdversarial machine learning Cyber security QR code Visual fidelity Watermarking
The authors would like to acknowledge the support of the NSW Cybersecurity Network grant, the NUW Alliance grant and the National Natural Science Foundation of China (Nos. 61572382 and 61702401) that were awarded for this research.
- 2.Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. In: Proceedings of the 29th International Conference on Machine Learning, ICML 2012, vol. 2, pp. 1807–1814 (2012)Google Scholar
- 7.Denso Wave Incorporated. QRcode.com. http://www.qrcode.com/en/
- 8.Floyd, R.W., Steinberg, L.: An adaptive algorithm for spatial greyscale. Proc. Soc. Inf. Display 17(2), 75–77 (1976)Google Scholar
- 11.International Organization for Standardization: Information technology—automatic identification and data capture techniques–QR code 2005 bar code symbology specification. ISO/IEC 18004:2006 (2006)Google Scholar
- 12.Ishizuka, H., Echizen, I., Iwamura, K., Sakurai, K.: A zero-watermarking-like steganography and potential applications. In: 2014 Tenth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 459–462, August 2014Google Scholar
- 13.Kang, Q., Li, K., Yang, J.: A digital watermarking approach based on DCT domain combining QR code and chaotic theory. In: 2014 Eleventh International Conference on Wireless and Optical Communications Networks (WOCN), pp. 1–7, September 2014Google Scholar
- 14.Lee, H.C., Dong, C.R., Lin, T.M.: Digital watermarking based on JND model and QR code features. In: Pan, J.S., Yang, C.N., Lin, C.C. (eds.) Advances in Intelligent Systems and Applications. SIST, vol. 21, pp. 141–148. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35473-1_15CrossRefGoogle Scholar
- 15.Li, D., Liu, Z., Cui, L.: A zero-watermark scheme for identification photos based on QR code and visual cryptography. Int. J. Secur. Appl. 10(1), 203–214 (2016)Google Scholar
- 18.Papernot, N., McDaniel, P.D., Goodfellow, I.J., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. In: Karri, R., Sinanoglu, O., Sadeghi, A., Yi, X. (eds.) Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, 2–6 April 2017, pp. 506–519. ACM (2017)Google Scholar
- 19.Rubinstein, B.I., et al.: Antidote: understanding and defending against poisoning of anomaly detectors. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement, IMC 2009, pp. 1–14. ACM, New York (2009)Google Scholar
- 23.Xiao, H., Biggio, B., Brown, G., Fumera, G., Eckert, C., Roli, F.: Is feature selection secure against training data poisoning? In: 32nd International Conference on Machine Learning, ICML 2015, vol. 2, pp. 1689–1698 (2015)Google Scholar