• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1087-1098
• /
• 2023

The rapid advancement of artificial intelligence (AI) technology has led to its proactive utilization across various fields. However, this widespread adoption of AI-based systems has raised concerns about the increasing threat of attacks on these systems. In particular, deep neural networks, commonly used in deep learning, have been found vulnerable to adversarial attacks that intentionally manipulate input data to induce model errors. In this study, we propose a method to protect image classification models from visually imperceptible One-Pixel attacks, where only a single pixel is altered in an image. The proposed defense technique utilizes an autoencoder model to remove potential threat elements from input images before forwarding them to the classification model. Experimental results, using the CIFAR-10 dataset, demonstrate that the autoencoder-based defense approach significantly improves the robustness of pretrained image classification models against One-Pixel attacks, with an average defense rate enhancement of 81.2%, all without the need for modifications to the existing models.

• Spatial Information Research
• /
• v.21 no.3
• /
• pp.31-43
• /
• 2013

Although the vector map data possesses much higher values than other types of multimedia, the data copyright and the protection against illegal duplication are still far away from the attention. This paper proposes a novel watermarking technique which is both robust to diverse attacks and optimized to a vector map structure. Six approaches are proposed for the design of the watermarking algorithm: point-based approach, building a minimum perimeter triangle, watermark embedding in the length ratio, referencing to the pixel position of the watermark image, grouping, and using the one-way function. Our method preserves the characteristics of watermarking such as embedding effectiveness, fidelity, and false positive rate, while maintaining robustness to all types of attack except a noise attack. Furthermore, our method is a blind scheme in which robustness is independent of the map data. Finally, our method provides a solution to the challenging issue of degraded robustness under severe simplification attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.5C
• /
• pp.406-414
• /
• 2005

The necessity for a technique to protect intellectual property of a digital content has been increasing, especially for the image/video contents which are the most favorite because of their high information-intensive property. According to this demand, this paper proposed a digital watermarking algorithm, which is recognized as the most promising technique. This algorithm targets MPEG compression system and the watermarking process is to be performed during the compression process. It inserts watermark only in Y components of I-frames. Experimental results showed that the proposed method satisfied both imperceptibility and robustness against various attacks. The PSNR difference between the compressed images(the average compression ratio was about 27:1 with Y:Cb:Cr=4:2:0 color format for TM5-based compression) with and without watermarking was only 1.8dB ($4.2\%$). In each case that the resulting image after an attack was reusable the normalized correlation between the extracted watermark and the original one was above 0.8.

• Journal of Broadcast Engineering
• /
• v.21 no.6
• /
• pp.845-860
• /
• 2016

This paper proposes a digital watermarking scheme to protect the ownership of the freeview 2D or 3D image such that the viewer watches the image(s) by rendering a arbitrary viewpoint image(s) with the received texture image and its depth image. In this case a viewpoint change attack essentially occurs, even if it is not malicious. In addition some malicious attacks should be considered, which is to remove the embedded watermark information. In this paper, we generate a depth variation map (DVM) to find the locations less sensitive to the viewpoint change. For each LH subband after 3-level 2DDWT for the texture image, the watermarking locations are found by referring the DVM. The method to embed a watermark bit to a pixel uses a linear quantizer whose quantization step is determined according to the energy of the subband. To extract the watermark information, all the possible candidates are first extracted from the attacked image by considering the correlation to the original watermark information. For each bit position, the final extracted bit is determined by a statistical treatment with all the candidates corresponding that position. The proposed method is experimented with various test images for the various attacks and compared to the previous methods to show that the proposed one has excellent performance.