English

Adversarial Attack on Deep Learning-Based Splice Localization

Computer Vision and Pattern Recognition 2020-04-21 v1

Abstract

Regarding image forensics, researchers have proposed various approaches to detect and/or localize manipulations, such as splices. Recent best performing image-forensics algorithms greatly benefit from the application of deep learning, but such tools can be vulnerable to adversarial attacks. Due to the fact that most of the proposed adversarial example generation techniques can be used only on end-to-end classifiers, the adversarial robustness of image-forensics methods that utilize deep learning only for feature extraction has not been studied yet. Using a novel algorithm capable of directly adjusting the underlying representations of patches we demonstrate on three non end-to-end deep learning-based splice localization tools that hiding manipulations of images is feasible via adversarial attacks. While the tested image-forensics methods, EXIF-SC, SpliceRadar, and Noiseprint, rely on feature extractors that were trained on different surrogate tasks, we find that the formed adversarial perturbations can be transferable among them regarding the deterioration of their localization performance.

Keywords

Cite

@article{arxiv.2004.08443,
  title  = {Adversarial Attack on Deep Learning-Based Splice Localization},
  author = {Andras Rozsa and Zheng Zhong and Terrance E. Boult},
  journal= {arXiv preprint arXiv:2004.08443},
  year   = {2020}
}

Comments

This is a pre-print of the original paper accepted at the CVPR Workshop on Media Forensics 2020

R2 v1 2026-06-23T14:55:47.101Z