Random Deep Feature Selection’s Efficiency in Securing Image Manipulation Detectors Opposed by Adversarial Attacks

Abstract

We investigate whether it is possible to extend the random feature selection approach to include detectors that incorporate Deep Learning features in addition to the improvement in the robustness of forensic detectors to targeted attacks mentioned in Chen et al. (IEEE Trans Inf Forensics Secur 14(9):2454–2469, 2019). This paper specifically investigates the transferability of adversarial cases targeting the original Convolutional Neural Network (CNN) image manipulation detector compared to other detectors that essentially respond to a subset of features randomly collected from the original network, particularly from its flattened layer. Considering the following features, the results were obtained: (1) Three image manipulation detection tasks, including rescaling, average filtering, and adaptive histogram equalization. (2) Two structures of the original network. (3) Three different classes of attacks. Randomization of features was found to contribute to disrupting attack transferability, even in cases where attack transferability can be prevented by retraining the detector or simply varying the detector architecture. © 2024 Elsevier B.V., All rights reserved.