• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.25-32
• /
• 2022

Recently, the image processing industry has been activated as deep learning-based technology is introduced in the image recognition and detection field. With the development of deep learning technology, learning model vulnerabilities for adversarial attacks continue to be reported. However, studies on countermeasures against poisoning attacks that inject malicious data during learning are insufficient. The conventional countermeasure against poisoning attacks has a limitation in that it is necessary to perform a separate detection and removal operation by examining the training data each time. Therefore, in this paper, we propose a technique for reducing the attack success rate by applying modifications to the training data and inference data without a separate detection and removal process for the poison data. The One-shot kill poison attack, a clean label poison attack proposed in previous studies, was used as an attack model. The attack performance was confirmed by dividing it into a general attacker and an intelligent attacker according to the attacker's attack strategy. According to the experimental results, when the proposed defense mechanism is applied, the attack success rate can be reduced by up to 65% compared to the conventional method.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.3
• /
• pp.616-621
• /
• 2005

In this paper. digital watermarking algorithm based on human visual system and transform domain is presented. Firstly, original image is separated into RGB thannels, watermark is embedded into the coefficients of DCT so as to consider a contrast sensitivity and texture degrees. In preprocessing, DCT domain based transform is involved and binary image of visually recognizable patterns is utilized as a watermark. Consequently, experimental results showed that proposed algorithm is robust and imperceptibility such destruction attack as JPEG compression.

• The KIPS Transactions:PartB
• /
• v.12B no.4 s.100
• /
• pp.421-428
• /
• 2005

A new method of Semi-fragile image watermarking which ensures the integrity of the contents of digital image is presented. Proposed watermarking scheme embeds watermark in the form of quantization noise on the wavelet transform coefficients in a specific mid frequency subbands selected from a wavelet packet decomposition based on energy distribution of wavelet transform coefficients. By controlling the strength of embedded watermark using HVS (Human Visual System) characteristic, it is imperceptible by a human viewer while robust against non-malicious attack such as compression for storage and/or transmission. When an attack is applied on the original image, it is highly probable that wavelet transform coefficients not only at the exact attack positions but also the neighboring ones are modified. Therefore, proposed authentication method utilizes whether both current coefficient and its neighbors are damaged. together. So it can efficiently detect and accurately localize attacks inflicted on the content of original image. Decision threshold for authentication can be user controlled for different application areas as needed.

• Journal of Korea Multimedia Society
• /
• v.9 no.5
• /
• pp.624-634
• /
• 2006

This paper presents a new watermarking scheme that is robust against geometrical attacks such as translation and rotation. The proposed method is based on the conventional PSADT(Polar Coordinates Shape Adaptive Discrete Transform) method which is an robust watermarking scheme for an arbitrarily-shaped image such as character images. The PSADT method shows perfect robustness against geometrical attack if there is no change in the shape of the image object. However, it cannot be utilized to watermark general rectangular images because of the missing alignment between the watermarked signals in the embedding and extracting side. To overcome this problem we propose a new watermarking scheme that aligns the watermark signal using the image inherent feature, especially corner. Namely the proposed method decides a consistent target region whose shape and position isn't changed by any malicious attack and then embeds the watermark in it using the PSADT method. Experimental results show the robustness of the proposed method against geometrical attacks as well as image compression.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.201-210
• /
• 2023

Deep learning-based face verificattion model show high performance and are used in many fields, but there is a possibility the user's face image may be leaked in the process of inputting the face image to the model. Althoughde-identification technology exists as a method for minimizing the exposure of face features, there is a problemin that verification performance decreases when the existing technology is applied. In this paper, after combining the face features of other person, a de-identified face image is created through StyleGAN. In addition, we propose a method of optimizingthe combining ratio of features according to the face verification model using HopSkipJumpAttack. We visualize the images generated by the proposed method to check the de-identification performance, and evaluate the ability to maintain the performance of the face verification model through experiments. That is, face verification can be performed using the de-identified image generated through the proposed method, and leakage of face personal information can be prevented.

• International Journal of Computer Science & Network Security
• /
• v.24 no.1
• /
• pp.127-132
• /
• 2024

With the rapid evolution of the Internet, the application of artificial intelligence fields is more and more extensive, and the era of AI has come. At the same time, adversarial attacks in the AI field are also frequent. Therefore, the research into adversarial attack security is extremely urgent. An increasing number of researchers are working in this field. We provide a comprehensive review of the theories and methods that enable researchers to enter the field of adversarial attack. This article is according to the "Why? → What? → How?" research line for elaboration. Firstly, we explain the significance of adversarial attack. Then, we introduce the concepts, types, and hazards of adversarial attack. Finally, we review the typical attack algorithms and defense techniques in each application area. Facing the increasingly complex neural network model, this paper focuses on the fields of image, text, and malicious code and focuses on the adversarial attack classifications and methods of these three data types, so that researchers can quickly find their own type of study. At the end of this review, we also raised some discussions and open issues and compared them with other similar reviews.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.33 no.2
• /
• pp.18-22
• /
• 2010

The purpose of this study was to investigated correlation between personal aggression and skin conductance level during watching attack image. Twenty three male ($21.4\pm1.8$ years) college students participated in this experiment. A personal aggression of each subject measured by questionnaire. The experimental procedure consisted of four phases, i.e., rest state (15 min), control image 1 (2 min. 14 sec), aggression image (50 sec), and control image 2 (2 min. 14 sec). Control image 1 and 2 consisted of sea, mountain, and valley scenary. Aggression image used scenes of the violence movie. Skin Conductance Level (SCL) of electrothermal activity was measured during watching the images. The SCL was greater during aggression image than during control image 1 and 2. A negative correlation was found between aggressive personality and change rate of SCL during watching aggression image compared to control image 1. This results suggests that aggression image was accompanied by the higher activation of Sympathetic Nervous System (SNS). Also, the higher aggression scores, an increasing rate of SNS activation was become smaller during watching aggression image.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.3
• /
• pp.1785-1801
• /
• 2017

In recent years, image encryption algorithms have been developed rapidly in order to ensure the security of image transmission. With the assistance of our previous work, this paper proposes a novel chaotic image encryption algorithm based on self-adaptive model and feedback mechanism to enhance the security and improve the efficiency. Different from other existing methods where the permutation is performed by the self-adaptive model, the initial values of iteration are generated in a novel way to make the distribution of initial values more uniform. Unlike the other schemes which is on the strength of the feedback mechanism in the stage of diffusion, the piecewise linear chaotic map is first introduced to produce the intermediate values for the sake of resisting the differential attack. The security and efficiency analysis has been performed. We measure our scheme through comprehensive simulations, considering key sensitivity, key space, encryption speed, and resistance to common attacks, especially differential attack.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.41 no.6
• /
• pp.1-7
• /
• 2004

The rapid growth of digital media and communication networks has created an urgent need for self-contained data identification methods to create adequate intellectual property right(IPR) protection technology. In this paper we propose a new watermarking method that could embed the gray-scale watermark logo in low frequency coefficients of discrete wavelet transform(DWT) domain as the marking space by using our Linear Bit-eXpansion(LBX) interleaving of gray-scale watermark, to use lots of watermark information without distortion of watermarked image quality and particularly to be robust against attack which could remove a part of image. Experimental results demonstrated the high robustness in particular against attacks such as image cropping and rotation which could remove a part of image.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.11
• /
• pp.2221-2234
• /
• 2011

The fuzzy vault scheme has emerged as a promising solution to user privacy and fingerprint template security problems. Recently, however, the fuzzy vault scheme has been shown to be susceptible to a correlation attack. This paper proposes a novel scheme for one-time templates for fingerprint authentication based on the fuzzy vault scheme. As in one-time passwords, the suggested method changes templates after each completion of authentication, and thus the compromised templates cannot be reused. Furthermore, a huge number of chaff minutiae can be added by expanding the size of the fingerprint image. Therefore, the proposed method can protect a user's fingerprint minutiae against the correlation attack. In our experiments, the proposed approach can improve the security level of a typical approach against brute-force attack by the factor of $10^{34}$.