CN111416683A - Concealed communication method based on structural countermeasure sample - Google Patents
Concealed communication method based on structural countermeasure sample Download PDFInfo
- Publication number
- CN111416683A CN111416683A CN202010247480.7A CN202010247480A CN111416683A CN 111416683 A CN111416683 A CN 111416683A CN 202010247480 A CN202010247480 A CN 202010247480A CN 111416683 A CN111416683 A CN 111416683A
- Authority
- CN
- China
- Prior art keywords
- secret information
- sample
- countermeasure
- label
- sender
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 41
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000013528 artificial neural network Methods 0.000 claims abstract description 9
- 238000000605 extraction Methods 0.000 claims description 6
- 230000015556 catabolic process Effects 0.000 claims description 3
- 238000006731 degradation reaction Methods 0.000 claims description 3
- 238000013507 mapping Methods 0.000 abstract description 3
- 238000013139 quantization Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 3
- 238000013136 deep learning model Methods 0.000 description 3
- 238000003062 neural network model Methods 0.000 description 3
- 239000008186 active pharmaceutical agent Substances 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 238000013145 classification model Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000003607 modifier Substances 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04K—SECRET COMMUNICATION; JAMMING OF COMMUNICATION
- H04K1/00—Secret communication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Life Sciences & Earth Sciences (AREA)
- Molecular Biology (AREA)
- Artificial Intelligence (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Editing Of Facsimile Originals (AREA)
Abstract
The invention provides a concealed communication method based on a structural countermeasure sample. The method comprises the following steps: a covert communication method hides the mapping relation between countermeasure samples without secret information and the secret information in a public neural network. Unlike steganography, the present invention aims at communication contents of a sender and a receiver not containing secret information. And (3) carrying out quantitative coding on the labels of part of sample images by using a public image classification network according to the secret information by a sender to obtain correct 'soft labels' with low confidence. And constructing a countermeasure sample according to the loss value between the soft label and the real label. The challenge sample itself contains no secret information, but can be mapped to a secret "soft tag" by a specific public model. Therefore, only the structural countermeasure sample needs to be transmitted between the two communication parties, and the receiver inputs the countermeasure sample into the public model and decodes the prediction result to obtain the secret information.
Description
Technical Field
The invention relates to the field of secret data transmission, in particular to a covert communication method based on a structural countermeasure sample. The hidden communication method is a hidden communication method which utilizes a public image classification network as a secret information extraction tool, and two communication parties can realize secret information transmission only by transmitting a structural countermeasure sample.
Background
Covert communication is the secure transmission of secret information by a sender to a receiver without causing third party suspicion. Steganography is an important way to implement covert communications. Steganography embeds secret information by slightly modifying the carrier signal, and the communicating parties communicate covertly by transmitting a secret signal. Therefore, a great deal of steganography work is devoted to reducing the loss of the original signal caused by the embedding of the secret information so as to improve the communication concealment. In recent years, however, machine learning-based steganalysis has made it possible to tap out the features of normal signals that differ from confidential signals and to make decisions on suspicious signals in order to block covert communications. Ideally, covert communication is insecure as long as the carrier signal contains secret information.
In recent years, deep neural networks have been rapidly developed and widely used in various fields by virtue of their powerful learning ability. Taking the image classification task as an example, high-performance deep neural network models like vgnet, ResNet, etc. are published for providing high-quality intelligent services. The deep neural network model is also gradually becoming a new form of digital product similar to digital images. In a business environment, the most common way to publish is to deploy the model on a cloud server, and provide input and output APIs for users to use. Taking the image classification task as an example, the user only needs to input the image to be classified into the model through the API, and the prediction result given by the model can be obtained. The prediction result is usually a probability vector output by the Softmax function, and each value in the vector represents the probability of belonging to the current class. And the classification result is the class with the highest probability in the corresponding vector.
In 2013, szegydy et al proposed the concept of fighting samples, i.e., input samples formed in the data set by deliberate subtle perturbations that would cause the model to give erroneous outputs with high confidence. In 2014, Goodfellow demonstrated that the main reason for fighting samples was excessive linearity of decision boundaries, and proposed a mechanism for specifying modelsThe Method of challenge attack to make challenge samples is called Fast Gradient Sign Method, FGSM. Given model to be attacked
And the original sample x, y is the label corresponding to the sample x, then the optimal perturbation direction is
And the direction of the loss value between y. Thus, confrontation sample
Can be obtained by the following formula:
where J (×) is a loss function, typically categorical cross entropy,
is calculated for the gradient. Other common challenge challenges are IGSM, PGD and depfol, among others. These methods generate challenge samples that are visually similar to the original samples, with the added perturbation being similar to noise. Inspired by this, we consider countermeasure samples available for new forms of covert communication systems. According to research and development, related work for realizing covert communication by using a deep neural network is not available at present.
Disclosure of Invention
The invention aims to provide a covert communication method based on a structural countermeasure sample. And constructing a countermeasure sample appointed to be output by utilizing a public image classification model, and realizing safe covert communication by transmitting the countermeasure sample.
To achieve the above object, the idea of the present invention is:
and hiding the mapping relation between the normal communication content and the secret information in the public neural network. The sender and the receiver implicitly transmit normal content, but the receiver inputs the received normal content into a public neural network, and then a classified result containing a secret can be output. Meanwhile, in order not to cause a third party to be questioned, the classified result with the secret should not be an incorrect classified result, but still be a correct classified result with low confidence, namely a 'soft label'.
According to the invention idea, the invention adopts the following technical scheme:
a hidden communication method based on a structural countermeasure sample comprises the following specific operation steps:
1) the two communication parties take the deep neural network as a secret information extraction tool and prepare a candidate trigger set;
2) the sender groups the secret information and distributes trigger set samples;
3) the sender generates a secret soft label according to the secret information;
4) constructing a countermeasure sample corresponding to the 'soft label' by the sender by using the countermeasure attack FGSM;
5) the sender transmits the structural countercheck sample to the receiver;
6) the receiver inputs the confrontation sample into the model to obtain a dense soft label;
7) the receiver decodes the soft label to obtain the secret information.
The specific operation steps of the step 3) are as follows:
3-1) quantifying the original label;
3-2) counting the non-zero number of the secret information;
3-3) performing 'degradation' on the maximum value of the original label;
and 3-4) circularly traversing to the right by taking the maximum value as a starting point, and disturbing the original tag according to the secret information.
The specific operation steps of the step 7) are as follows:
7-1) subtracting the soft label from the original label;
7-2) circularly traversing to the right by taking the maximum value as a starting point, and obtaining the secret information according to the difference value.
Compared with the prior art, the invention has the following prominent substantive and technical progress:
1) the invention provides a covert communication method realized by means of a public deep learning model. The public deep learning model is used as a secret information extraction tool, so that the concealment of communication can be greatly improved. No deep learning model applied to the relevant work of covert communication exists so far, and the method has innovativeness and advancement.
2) The invention provides a concealed communication method based on a structural countermeasure sample. By means of the characteristics that the sample image of the designated output can be generated by resisting the attack and has no visual difference with the original image, the concealment of the communication is greatly improved. Unlike steganography, the countermeasure sample does not directly contain any secret information, and has extremely high security.
3) The invention provides a coding method of a soft label, which can embed secret information in a classification result without influencing the correct classification condition, improves the concealment of communication and has innovation.
Drawings
Fig. 1 is a schematic diagram of covert communication based on countermeasure samples.
Fig. 2 is a flow diagram of a method of covert communication based on constructive countermeasure samples.
Fig. 3 is a line graph showing the variation of various types of probability values in the generation process of the confrontation sample.
Detailed Description
Specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
First, it is assumed that a sender and a receiver are to transmit a piece of secret information bi∈{0,1},i=1,2,…,N。
As shown in fig. 1 and fig. 2, a concealed communication method based on a structural countermeasure sample includes the following specific operation steps:
step 1: the sender and the receiver agree in advance to select a deep neural network
As a secret information extraction tool and from the model
Is disclosedRandomly selecting a group of images in a data set as a candidate trigger set Xcand。
Step 2: the sender sends the secret information biGrouping k bits and selecting from the candidate trigger set XcandEach set of secret information is assigned a sample image x.
And step 3: the sender is based on each group of secret information bi∈ {0,1}, i ═ 1,2, …, k, where k must not be greater than tag ytrueFor the label y of the sample image xtruePerforming quantization coding to form a 'soft label' ysoft. Formed "Soft Label" ysoftCan decode the secret information.
And 4, step 4: sender constructs countermeasure sample X using countermeasure FGSMadvAs a trigger set. Input model for each confrontation sample in trigger set
A corresponding "soft label" is obtained.
And 5: the sender will confront with sample XadvAnd sending the data to a receiving party. Due to confrontation of sample XadvThere is no visual difference from a normal image and does not contain secret information by itself. So that the third party supervisor cannot extract secret information therefrom.
Step 6: the receiver will receive the confrontation sample XadvInput model
Obtaining a dense 'soft label' ypred。
And 7: receiver pair "soft tag" ypredDecoding to obtain secret information bi。
The idea of the soft label encoding method in step 3 is as follows:
the embedding process of the secret information can be similar to the L SB steganography method, and the probability value except the maximum value in the original label is modified, if the secret information is 1, a quantization unit is added to the probability value, and if the secret information is 0, the probability value is not changed.
The specific steps of the step 3 are as follows:
step 3.1, appointing a quantization unit q and matching the original label ytrueQuantization is performed. The magnitude of the quantization unit q determines the modification amplitude, and the smaller q, the more covert the secret information is hidden. However, if q is too small, the accuracy of secret information extraction is affected.
Step 3.2, statistics of biIs not zero number n1。n1To need the original label ytrueTotal modifier of (1).
Step 3.3, to ensure the probability sum is 1 rigid constraint, the original label ytrueIs "degraded". In order to ensure the classification correctness of the soft label, the index of the maximum value after degradation is required to be unchanged.
max(y)-n1×q
Step 3.4, with the original label ytrueIs circularly traversed to the right by taking the maximum value of (b) as a starting point, according to each secret information biFor ytrueAnd (6) coding is carried out. If the secret information is 1, the probability value is increased by one quantization unit, and if the secret information is 0, the probability value remains unchanged.
The specific steps of decoding in step 7 are:
step 7.1, classifying the result ypredWith the original label y in the data settrueThe difference is made to obtain d,
step 7.2, with ytrueAnd taking the maximum value as a starting point, and circularly traversing to the right, so as to judge the difference value to obtain the secret information. If the difference is a quantization unit, the secret information is extracted to be 1, and if the difference is 0, the secret information is not contained.
As shown in fig. 3, the challenge samples generated in the present invention can be accurately converged to contain a dense "soft label", demonstrating the feasibility of the present invention.
The invention provides a concealed communication method based on a structural countermeasure sample. The method comprises the following steps: the mapping relation between the normal communication content and the secret information is hidden in a hidden communication method of a public neural network model through countermeasure samples. And hiding the secret information in the classification result of part of the sample images by the sender by using a public image classification network. And constructing a countermeasure sample of the specified output through the countermeasure attack of the public deep neural network. The countermeasure sample itself does not contain secret information, but can be mapped to a secret "soft tag" by public secret information. Therefore, the sender and the receiver only need to transmit the countermeasure sample, and the covert communication can be realized. The invention is a new form of covert communication, and improves the concealment and the security of the communication.
Claims (3)
1. A covert communication method based on a structural countermeasure sample is characterized by comprising the following specific operation steps:
1) the two communication parties take the deep neural network as a secret information extraction tool and prepare a candidate trigger set;
2) the sender groups the secret information and distributes trigger set samples;
3) the sender generates a secret soft label according to the secret information;
4) constructing a countermeasure sample corresponding to the 'soft label' by the sender by using the countermeasure attack FGSM;
5) the sender transmits the structural countercheck sample to the receiver;
6) the receiver inputs the confrontation sample into the model to obtain a dense soft label;
7) the receiver decodes the soft label to obtain the secret information.
2. The method for blind communication based on constructive countermeasure samples according to claim 1, wherein the specific operation steps of step 3) are as follows:
3-1) quantifying the original label;
3-2) counting the non-zero number of the secret information;
3-3) performing 'degradation' on the maximum value of the original label;
and 3-4) circularly traversing to the right by taking the maximum value as a starting point, and disturbing the original tag according to the secret information.
3. The method for blind communication based on constructive countermeasure samples according to claim 1, wherein the specific operation steps of step 7) are as follows:
7-1) subtracting the soft label from the original label;
7-2) circularly traversing to the right by taking the maximum value as a starting point, and obtaining the secret information according to the difference value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010247480.7A CN111416683A (en) | 2020-03-31 | 2020-03-31 | Concealed communication method based on structural countermeasure sample |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010247480.7A CN111416683A (en) | 2020-03-31 | 2020-03-31 | Concealed communication method based on structural countermeasure sample |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111416683A true CN111416683A (en) | 2020-07-14 |
Family
ID=71494730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010247480.7A Pending CN111416683A (en) | 2020-03-31 | 2020-03-31 | Concealed communication method based on structural countermeasure sample |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111416683A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112019700A (en) * | 2020-08-14 | 2020-12-01 | 深圳大学 | Method for preventing secret-carrying image from being detected, intelligent terminal and storage medium |
| CN112839488A (en) * | 2021-01-15 | 2021-05-25 | 华南理工大学 | Detection device and detection method for anti-attack of deep neural network |
| CN113434691A (en) * | 2021-08-26 | 2021-09-24 | 南京山猫齐动信息技术有限公司 | Method and device for improving short message reach rate based on classification simulation model |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190220605A1 (en) * | 2019-03-22 | 2019-07-18 | Intel Corporation | Adversarial training of neural networks using information about activation path differentials |
| US20190325269A1 (en) * | 2018-04-20 | 2019-10-24 | XNOR.ai, Inc. | Image Classification through Label Progression |
| CN110415215A (en) * | 2019-06-27 | 2019-11-05 | 同济大学 | Intelligent detecting method based on figure neural network |
| CN110533570A (en) * | 2019-08-27 | 2019-12-03 | 南京工程学院 | A kind of general steganography method based on deep learning |
| EP3598343A1 (en) * | 2018-07-17 | 2020-01-22 | Nokia Technologies Oy | Method and apparatus for processing audio data |
-
2020
- 2020-03-31 CN CN202010247480.7A patent/CN111416683A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190325269A1 (en) * | 2018-04-20 | 2019-10-24 | XNOR.ai, Inc. | Image Classification through Label Progression |
| EP3598343A1 (en) * | 2018-07-17 | 2020-01-22 | Nokia Technologies Oy | Method and apparatus for processing audio data |
| US20190220605A1 (en) * | 2019-03-22 | 2019-07-18 | Intel Corporation | Adversarial training of neural networks using information about activation path differentials |
| CN110415215A (en) * | 2019-06-27 | 2019-11-05 | 同济大学 | Intelligent detecting method based on figure neural network |
| CN110533570A (en) * | 2019-08-27 | 2019-12-03 | 南京工程学院 | A kind of general steganography method based on deep learning |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112019700A (en) * | 2020-08-14 | 2020-12-01 | 深圳大学 | Method for preventing secret-carrying image from being detected, intelligent terminal and storage medium |
| CN112019700B (en) * | 2020-08-14 | 2022-03-29 | 深圳大学 | Method for preventing secret-carrying image from being detected, intelligent terminal and storage medium |
| CN112839488A (en) * | 2021-01-15 | 2021-05-25 | 华南理工大学 | Detection device and detection method for anti-attack of deep neural network |
| CN113434691A (en) * | 2021-08-26 | 2021-09-24 | 南京山猫齐动信息技术有限公司 | Method and device for improving short message reach rate based on classification simulation model |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111416683A (en) | Concealed communication method based on structural countermeasure sample | |
| Hayes et al. | Generating steganographic images via adversarial training | |
| Zhang et al. | A covert communication method using special bitcoin addresses generated by vanitygen | |
| Zhang et al. | Deep learning-enabled semantic communication systems with task-unaware transmitter and dynamic data | |
| Hu et al. | Robust semantic communications against semantic noise | |
| Qu et al. | An efficient quantum image steganography protocol based on improved EMD algorithm | |
| CN109818739A (en) | A kind of production image latent writing method based on confrontation network | |
| Jaradat et al. | A High‐Capacity Image Steganography Method Using Chaotic Particle Swarm Optimization | |
| Wang et al. | HidingGAN: High capacity information hiding with generative adversarial network | |
| Chen et al. | Novel quantum video steganography and authentication protocol with large payload | |
| Varghese et al. | A detailed review based on secure data transmission using cryptography and steganography | |
| Bi et al. | High‐Capacity Image Steganography Algorithm Based on Image Style Transfer | |
| CN103004177B (en) | Data transmission security is improved | |
| Kim et al. | Improved steganographic embedding exploiting modification direction in multimedia communications | |
| CN102315931B (en) | Method for hiding running coding of confidential information | |
| Veerashetty | Secure communication over wireless sensor network using image steganography with generative adversarial networks | |
| Sultan et al. | A new framework for analyzing color models with generative adversarial networks for improved steganography | |
| Jahnavi et al. | Novel multifold secured system by combining multimodal mask steganography and naive based random visual cryptography system for digital communication | |
| Liu et al. | To deliver more information in coverless information hiding | |
| Chen et al. | A high-capacity coverless image steganography method based on double-level index and block matching | |
| Zhang et al. | Adaptive Robust Blind Watermarking Scheme Improved by Entropy‐Based SVM and Optimized Quantum Genetic Algorithm | |
| CN114662061A (en) | Decoding and coding network steganography based on improved attention and loss function | |
| Zhang et al. | Pixel-Stega: Generative image steganography based on autoregressive models | |
| CN112637442A (en) | Method and device for encrypting circulating image by cloud server and local end | |
| Xu et al. | Deniable steganography |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200714 |
|
| RJ01 | Rejection of invention patent application after publication |