Kejiang Chen

Kejiang Chen
University of Science and Technology of China | USTC · Department of Electronics Science and Technology

Doctor of Engineering

About

53
Publications
6,045
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
561
Citations
Citations since 2017
52 Research Items
560 Citations
2017201820192020202120222023050100150
2017201820192020202120222023050100150
2017201820192020202120222023050100150
2017201820192020202120222023050100150

Publications

Publications (53)
Article
In recent years, many model intellectual property (IP) proof methods for IP protection have been proposed, such as model watermarking and model fingerprinting. However, with the increasing number of models transmitted and deployed on the Internet, quickly finding the suspect model among thousands of models on the model-sharing platforms such as Git...
Preprint
Full-text available
Whereas cryptography easily arouses attacks by means of encrypting a secret message into a suspicious form, steganography is advantageous for its resilience to attacks by concealing the message in an innocent-looking cover signal. Minimal distortion steganography, one of the mainstream steganography frameworks, embeds messages while minimizing the...
Article
Transferable adversarial attacks against Deep neural networks (DNNs) have received broad attention in recent years. An adversarial example can be crafted by a surrogate model and then attack the unknown target model successfully, which brings a severe threat to DNNs. The exact underlying reasons for the transferability are still not completely unde...
Preprint
Transferable adversarial attacks against Deep neural networks (DNNs) have received broad attention in recent years. An adversarial example can be crafted by a surrogate model and then attack the unknown target model successfully, which brings a severe threat to DNNs. The exact underlying reasons for the transferability are still not completely unde...
Article
Full-text available
Automatic speaker recognition is an important biometric authentication approach with emerging applications. However, recent research has shown its vulnerability on adversarial attacks. In this paper, we propose a new type of adversarial examples by generating imperceptible adversarial samples for targeted attacks on black-box systems of automatic s...
Article
Text content created by humans or language models is often stolen or misused by adversaries. Tracing text provenance can help claim the ownership of text content or identify the malicious users who distribute misleading content like machine-generated fake news. There have been some attempts to achieve this, mainly based on watermarking techniques....
Preprint
Full-text available
Face privacy-preserving is one of the hotspots that arises dramatic interests of research. However, the existing face privacy-preserving methods aim at causing the missing of semantic information of face and cannot preserve the reusability of original facial information. To achieve the naturalness of the processed face and the recoverability of the...
Article
Online Social Networks (OSNs) are becoming increasingly entrenched in peoples lives and a huge number of images are shared on them every day, which are well-suited platforms for image steganography. Generally, the image can be regarded as the channel for steganography. However, OSNs usually perform lossy processing on uploaded images, which invalid...
Article
Many pretrained deep learning models have been released to help engineers and researchers develop deep learning-based systems or conduct research with minimall effort. Previous work has shown that at secret message can be embedded in neural network parameters without compromising the accuracy of the model. Malicious developers can, therefore, hide...
Article
Convolutional Neural Networks (CNNs) achieve remarkable performances in various areas. However, adversarial examples threaten their security. They are designed to mislead CNNs to output incorrect results. Many methods are proposed to detect adversarial examples. Unfortunately, most detection-based defense methods are vulnerable to second-round adve...
Article
Whereas cryptography easily arouses attacks by means of encrypting a secret message into a suspicious form, steganography is advantageous for its resilience to attacks by concealing the message in an innocent-looking cover signal. Minimal distortion steganography, one of the mainstream steganography frameworks, embeds messages while minimizing the...
Article
A high-value dataset is the key for accurate deep learning models, therefore, protecting the dataset is particularly important. Once the dataset is stolen, the attacker can easily train a surrogate model with similar performance to the original model. One possible solution to address such threat is data poisoning, whereby the performance of the sur...
Preprint
Full-text available
Deep learning has achieved enormous success in various industrial applications. Companies do not want their valuable data to be stolen by malicious employees to train pirated models. Nor do they wish the data analyzed by the competitors after using them online. We propose a novel solution for dataset protection in this scenario by robustly and reve...
Preprint
Full-text available
Text content created by humans or language models is often stolen or misused by adversaries. Tracing text provenance can help claim the ownership of text content or identify the malicious users who distribute misleading content like machine-generated fake news. There have been some attempts to achieve this, mainly based on watermarking techniques....
Preprint
As an effective method for intellectual property (IP) protection, model watermarking technology has been applied on a wide variety of deep neural networks (DNN), including speech classification models. However, how to design a black-box watermarking scheme for automatic speech recognition (ASR) models is still an unsolved problem, which is a signif...
Preprint
Nowadays, people are sharing their pictures on online social networks (OSNs), so OSN is a good platform for Steganography. But OSNs usually perform JPEG compression on the uploaded image, which will invalidate most of the existing steganography algorithms. Recently, some works try to design robust steganography which can resist JPEG compression, su...
Article
In recent years, deep learning-based steganalyzers far outperformed handcrafted feature-based steganalyzers. However, a large amount of data is needed to train deep learning networks. For steganalysis tasks, the steganographic traces are subtle and the steganographic signals are difficult to be captured when the number of cover/stego pairs in the t...
Article
Steganography is the art and science of hiding secret messages in public communication so that the presence of the secret messages cannot be detected. There are two distribution-preserving steganographic frameworks, one is sampler-based and the other is compression-based. The former requires a perfect sampler which yields data following the same di...
Article
Three-dimensional (3-D) meshes are commonly used to represent virtual surfaces and volumes. Over the past decade, 3-D meshes have emerged in industrial, medical, and entertainment applications, being of large practical significance for 3-D mesh steganography and steganalysis. In this article, we provide a systematic survey of the literature on 3-D...
Preprint
Full-text available
Three-dimensional (3-D) meshes are commonly used to represent virtual surfaces and volumes. Over the past decade, 3-D meshes have emerged in industrial, medical, and entertainment applications, being of large practical significance for 3-D mesh steganography and steganalysis. In this article, we provide a systematic survey of the literature on 3-D...
Article
The application of adversarial embedding in single image steganography exhibits its advantage in resisting convolutional neural network (CNN)-based steganalysis. As an important technique to move the steganography from the laboratory to the real world, batch steganography is developed based on the single image steganography, which uses a series of...
Preprint
Data hiding is the art of concealing messages with limited perceptual changes. Recently, deep learning has provided enriching perspectives for it and made significant progress. In this work, we conduct a brief yet comprehensive review of existing literature and outline three meta-architectures. Based on this, we summarize specific strategies for va...
Preprint
Full-text available
Deep neural networks have been proved that they are vulnerable to adversarial examples, which are generated by adding human-imperceptible perturbations to images. To defend these adversarial examples, various detection based methods have been proposed. However, most of them perform poorly on detecting adversarial examples with extremely slight pert...
Article
Reversible Data Hiding (RDH) in JPEG images is valuable for many applications, such as archive management and image authentication. Recently, there emerged a lot of related works for JPEG RDH, however, the current methods utilize the histogram-shifting-based framework in a constant distortion metric, which does not consider the property of DCT coef...
Preprint
Full-text available
Deep neural networks have made tremendous progress in 3D point-cloud recognition. Recent works have shown that these 3D recognition networks are also vulnerable to adversarial samples produced from various attack methods, including optimization-based 3D Carlini-Wagner attack, gradient-based iterative fast gradient method, and skeleton-detach based...
Article
Side channel steganalysis refers to detecting a steganographer in social websites via behavior analysis. In this paper, we first design a side channel steganalysis based on the correlation between image sequences of social users, which aims to find out the behaviorally anomalous steganographer. According to the experimental results of side channel...
Preprint
Full-text available
Recent work has demonstrated that neural networks are vulnerable to adversarial examples. To escape from the predicament, many works try to harden the model in various ways, in which adversarial training is an effective way which learns robust feature representation so as to resist adversarial attacks. Meanwhile, the self-supervised learning aims t...
Article
Sharing images on social network platforms (SNPs) from mobile intelligent devices is becoming more and more popular and has great potential for covert communication. However, images will be processed by lossy social network channels, such as JPEG compression, which reduces image quality and destroys message extraction. Previous robust steganographi...
Article
The standard tensor voting technique shows its versatility in tasks such as object recognition and semantic segmentation by recognizing feature points and sharp edges that can segment a model into several patches. We propose a high-level representation-guided tensor voting model for 3D mesh steganalysis. Because existing steganalytic methods do not...
Article
Previous studies have exhibited that incorporating side-information, e.g., a high-quality “precover” image, can significantly improve steganographic security for JPEG images. This motivates us to estimate the side-information for traditional steganographic scenario in which only a JPEG image is available. It is expected to achieve high-level securi...
Article
Steganography is the art of covert communication, which aims to hide the secret messages into cover medium while achieving high undetectability. To this end, the framework of minimal distortion embedding is widely adopted for adaptive steganography, where a well-designed distortion function is significant. In this paper, inspired by the phenomenon...
Article
Full-text available
This paper intents to solve the challenging problem of steganographer detection in the real world from a new perspective: side channel attack. We propose utilizing the behavior of actors in the social network to identify the steganographer. While there are many behavior information may expose the steganographer, we just consider the correlation bet...
Article
Full-text available
Currently, the most successful model for image adaptive steganography is the framework of minimal distortion, in which a reasonable definition of costs can improve the security level. In the authors' previous work, they developed a rule for cost reassignment in spatial domain called the 'controversial pixel prior (CPP)' rule, which defines controve...
Preprint
Neural networks are vulnerable to adversarial examples, which poses a threat to their application in security sensitive systems. We propose simple random sampling (SRS) and statistical outlier removal (SOR) as defenses for 3D point cloud classification, where both methods remove points by estimating probability of points serving as adversarial poin...
Article
We propose a novel technique for steganography on 3D meshes so as to resist steganalysis. The majority of existing methods modulate vertex coordinates to embed messages in a non-adaptive way. We take account of complexity of local regions as joint distortion of a triple unit (vertice) and coding method such as Syndrome Trellis Codes (STCs) to adapt...
Preprint
In this paper, we propose provably secure steganography on generative media. Firstly, we discuss the essence of the steganographic security, which is identical to behavioral security. The behavioral security implies that the generative media are suitable for information hiding as well. Based on the duality of source coding and generating discrete d...
Article
Minimal distortion steganography is the most successful model for adaptive steganography, in which the cost function determines the security. Texture complexity is the major factor on defining cost function in images. In this paper, we proposed a method to improve the cost function of JPEG steganography by exploiting the texture in microscale. The...
Conference Paper
Full-text available
Deep neural network based steganalysis has developed rapidly in recent years, which poses a challenge to the security of steganography. However, there is no steganography method that can effectively resist the neural networks for steganalysis at present. In this paper, we propose a new strategy that constructs enhanced covers against neural network...
Conference Paper
Full-text available
Recent studies have shown that the non-additive distortion model of Decomposing Joint Distortion ($DeJoin$) can work well for spatial image steganography by defining joint distortion with the principle of Synchronizing Modification Directions (SMD). However, no principles have yet produced to instruct the definition of joint distortion for JPEG ste...
Article
We describe an effective and efficient strategy building steganography detector for patch synthesis based steganography, one case of which is reversible texture synthesis based steganography method proposed by Wu et al. (2015). By exploiting the observation that steganography destroys optimization of matching extent between the synthetic patch and...
Article
Different from all the previous reversible data hiding schemes, a completely novel one for the color image is proposed, which reversibly embeds messages into the color host image without modifying its corresponding gray version. The property of grayscale invariance is valuable, because many applications and image processing algorithms for color ima...
Conference Paper
Full-text available
In the framework of minimizing embedding distortion steganography, the definition of cost function almost determines the security of the method. Generally speaking, texture areas would be assigned low cost, while smooth areas with high cost. However, the prior methods are still not precise enough to capture image details. In this paper, we present...

Network

Cited By