Adversarial Signal Processing – ATLANTA SP01 CHAPTER on 03-December-2013
Security-oriented applications of signal processing have received increasing attention in the last years. Digital watermarking, steganography and steganalysis, multimedia forensics, biometric signal processing, video-surveillance, are just a few examples of such an interest. In many cases, though, researchers have failed to recognize the single most unique feature behind any security-oriented application, i.e. the presence of one or more adversaries aiming at making the system fail. One of the most evident consequences is that security requirements are misunderstood, e.g. quite often security is exchanged for robustness. This has long been the case, for instance, in digital watermarking, where it took several years to recognize that robustness and security are contrasting requirements calling for the adoption of different countermeasures. In a similar way, security issues in biometric research are often neglected, privileging pattern recognition issues more related to robustness than security. Similar concerns apply to multimedia forensics, network flow analysis, spam filtering etc. Even when the need to cope with the actions of a malevolent adversary is taken into account, the proposed solutions are often ad-hoc, failing to provide a unifying view of the challenges that such scenarios pose from a signal processing perspective. Times are ripe to go beyond this limited view and lay the basis for a general theory that takes into account the impact that the presence of an adversary has on the design of effective signal processing tools, i.e. a theory of adversarial signal processing.
It is the aim of this talk to: i) review the scattered works carried out so far in different disciplines including: watermarking security and data hiding, adversary-aware multimedia forensics, biometric spoofing, adversarial machine learning, network intrusion detection, traffic analysis, attacks against reputation systems and so on; ii) propose a unifying framework for adversarial signal processing; iii) present some recent work in this field; iv) highlight directions for future research