Abstract
Machine learning is becoming increasingly popular in a variety of modern technology. However, research has demonstrated that machine learning models are vulnerable to adversarial examples in their inputs. Potential attacks include poisoning datasets by perturbing input samples to mislead a machine learning model into producing undesirable results. Such perturbations are often subtle and imperceptible from a human’s perspective. This paper investigates two methods of verifying the visual fidelity of image based datasets by detecting perturbations made to the data using QR codes. In the first method, a verification string is stored for each image in a dataset. These verification strings can be used to determine whether an image in the dataset has been perturbed. In the second method, only a single verification string stored and is used to verify whether an entire dataset is intact.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Akhtar, N., Mian, A.S.: Threat of adversarial attacks on deep learning in computer vision: a survey. IEEE Access 6, 14410–14430 (2018)
Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. In: Proceedings of the 29th International Conference on Machine Learning, ICML 2012, vol. 2, pp. 1807–1814 (2012)
Biggio, B., Roli, F.: Wild patterns: ten years after the rise of adversarial machine learning. Pattern Recogn. 84, 317–331 (2018)
Cardamone, N., d’Amore, F.: DWT and QR code based watermarking for document DRM. In: Yoo, C.D., Shi, Y.-Q., Kim, H.J., Piva, A., Kim, G. (eds.) IWDW 2018. LNCS, vol. 11378, pp. 137–150. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-11389-6_11
Chow, Y., Susilo, W., Tonien, J., Vlahu-Gjorgievska, E., Yang, G.: Cooperative secret sharing using QR codes and symmetric keys. Symmetry 10(4), 95 (2018)
Chow, Y.-W., Susilo, W., Tonien, J., Zong, W.: A QR code watermarking approach based on the DWT-DCT technique. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 314–331. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59870-3_18
Denso Wave Incorporated. QRcode.com. http://www.qrcode.com/en/
Floyd, R.W., Steinberg, L.: An adaptive algorithm for spatial greyscale. Proc. Soc. Inf. Display 17(2), 75–77 (1976)
Fu, Z., Cheng, Y., Yu, B.: Visual cryptography scheme with meaningful shares based on QR codes. IEEE Access 6, 59567–59574 (2018)
Guan, Z.-H., Huang, F., Guan, W.: Chaos-based image encryption algorithm. Phys. Lett. A 346(1–3), 153–157 (2005)
International Organization for Standardization: Information technology—automatic identification and data capture techniques–QR code 2005 bar code symbology specification. ISO/IEC 18004:2006 (2006)
Ishizuka, H., Echizen, I., Iwamura, K., Sakurai, K.: A zero-watermarking-like steganography and potential applications. In: 2014 Tenth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 459–462, August 2014
Kang, Q., Li, K., Yang, J.: A digital watermarking approach based on DCT domain combining QR code and chaotic theory. In: 2014 Eleventh International Conference on Wireless and Optical Communications Networks (WOCN), pp. 1–7, September 2014
Lee, H.C., Dong, C.R., Lin, T.M.: Digital watermarking based on JND model and QR code features. In: Pan, J.S., Yang, C.N., Lin, C.C. (eds.) Advances in Intelligent Systems and Applications. SIST, vol. 21, pp. 141–148. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35473-1_15
Li, D., Liu, Z., Cui, L.: A zero-watermark scheme for identification photos based on QR code and visual cryptography. Int. J. Secur. Appl. 10(1), 203–214 (2016)
Liu, F., Yan, W.Q.: Various applications of visual cryptography. In: Liu, F., Yan, W.Q. (eds.) Visual Cryptography for Image Processing and Security, pp. 127–143. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-09644-5_5
Mallat, S.: A theory for multiresolution signal decomposition: the wavelet representation. IEEE Trans. Pattern Anal. Mach. Intell. 11(7), 674–693 (1989)
Papernot, N., McDaniel, P.D., Goodfellow, I.J., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. In: Karri, R., Sinanoglu, O., Sadeghi, A., Yi, X. (eds.) Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, 2–6 April 2017, pp. 506–519. ACM (2017)
Rubinstein, B.I., et al.: Antidote: understanding and defending against poisoning of anomaly detectors. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement, IMC 2009, pp. 1–14. ACM, New York (2009)
Seenivasagam, V., Velumani, R.: A QR code based zero-watermarking scheme for authentication of medical images in teleradiology cloud. Comput. Math. Methods Med. 2013(516465), 16 (2013)
Thulasidharan, P.P., Nair, M.S.: QR code based blind digital image watermarking with attack detection code. AEU - Int. J. Electron. Commun. 69(7), 1074–1084 (2015)
Tkachenko, I., Puech, W., Destruel, C., Strauss, O., Gaudin, J., Guichard, C.: Two-level QR code for private message sharing and document authentication. IEEE Trans. Inf. Forensics Secur. 11(3), 571–583 (2016)
Xiao, H., Biggio, B., Brown, G., Fumera, G., Eckert, C., Roli, F.: Is feature selection secure against training data poisoning? In: 32nd International Conference on Machine Learning, ICML 2015, vol. 2, pp. 1689–1698 (2015)
Acknowledgment
The authors would like to acknowledge the support of the NSW Cybersecurity Network grant, the NUW Alliance grant and the National Natural Science Foundation of China (Nos. 61572382 and 61702401) that were awarded for this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Example results for ‘peppers’ image (a) input image; (b) dithered \(LL_{2}\) sub-band; (c) visual depiction of the verification string; (d) \(S_{R}\) after JPEG compression; (e) \(S_{R}\) after noise; (f) \(S_{R}\) after blurring; (g) reconstructed QR code from (d); (h) reconstructed QR code from (e); (i) reconstructed QR code from (f).
Example results for ‘mandrill’ image (a) input image; (b) dithered \(LL_{2}\) sub-band; (c) visual depiction of the verification string; (d) \(S_{R}\) after JPEG compression; (e) \(S_{R}\) after noise; (f) \(S_{R}\) after blurring; (g) reconstructed QR code from (d); (h) reconstructed QR code from (e); (i) reconstructed QR code from (f).
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Chow, YW. et al. (2019). Protecting the Visual Fidelity of Machine Learning Datasets Using QR Codes. In: Chen, X., Huang, X., Zhang, J. (eds) Machine Learning for Cyber Security. ML4CS 2019. Lecture Notes in Computer Science(), vol 11806. Springer, Cham. https://doi.org/10.1007/978-3-030-30619-9_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-30619-9_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30618-2
Online ISBN: 978-3-030-30619-9
eBook Packages: Computer ScienceComputer Science (R0)