Research On Source Camera Identification Method Against Adversarial Attacks

Source Camera Identification(SCI)is one of the research topics in digital image forensics.By verifying the authenticity of the camera source of the image,it can assist various criminal investigation trial and solve the copyright infringement in the forensics link.Thanks to the development of Deep Neural Network(DNN),its dentification accuracy has been improved significantly.However,the research shows that the DNN is vulnerable to adversarial attacks,that is,the attacker only needs to add slight noise in the original image to make the DNN produce misclassification.Therefore,the DNN-based SCI has brought great security risks.Existing general defense methods against attack are difficult to adapt to this application scenario,which does not take into account that SCI relies on image noise,so it is easy to reduce the identification accuracy in defense.In addition,the robustness optimization method represented by adversarial training has a high training cost,but it is not easy to migrate to other SCI models.Therefore,it is very important to put forward a method of SCI which is resistant to adversarial attacks.In this paper,we refine a DNN-baed SCI model,and the threat model of corresponding adversarial attack is obtained based on this model.Furthermore,a defense theory based on information monotony is proposed,and a defense target is constructed by using a local smooth mapping on manifolds,and a defense architecture is realized by using a Pre-defense Network(PDN)based on two-phase training.The main work of this paper includes:1.By modeling the feature extraction mapping in manifolds,we analyze the influence of feature extraction mapping on different noises on the local neighborhood of manifolds.We further found that the vulnerability of adversarial attacks essentially comes from the oscillation and discontinuity of feature extraction mapping.Therefore,we propose a defense theory against attack that satisfies the information monotonicity that make the mapping locally smooth on the local neighborhood of manifolds.2.Through a local coordinate system and local smooth mapping are defined on the manifolds,we proposed to minimize Kullback Leibler divergence between the local statistical coordinates on manifolds as defense goals to achieve local smooth mapping,which satisfies the information monotonicity and reach sufficient statistics.This objective remove redundant information and retain the information effectively,which guarantee both the identification accuracy and adversarial robustness.3.We propose and implement a flexible and easily trainable PDN,which adopts a twophase training strategy,and fit in with our defense objective.The proposed PDN is easy to migrate to different SCI models.Based on the Dataset Dresden Image Dataset,experiments were conducted in this paper to verify that the proposed method ensures the adversarial robustness of SCI models;meawhile,it has better feature discrimination and identification accuracy compared with the exsting general defense methods against adversarial attacks.At the same time,this paper discusses and verifies the portability of the proposed PDN.