Reversible attack based on adversarial perturbation and reversible data hiding in YUV colorspace

Recent research on using adversarial perturbation to prevent malicious models from accessing image data has led to the corruption of image data, making images useless in other fields, especially in digital forensics. To prevent malicious models from retrieving images and ensure that authorized models can recover original image data without distortion, the reversible attack technique is rising. However, attack ability, reversibility, and image visual quality are three major challenges for existing reversible attack techniques. In this paper, a novel reversible attack method based on adversarial perturbation and reversible data hiding in YUV colorspace is proposed. We first add adversarial perturbation into the luminance channel. Then, the luminance channel distortion caused by adversarial perturbation is embedded into chrominance channels by reversible data hiding to achieve the reversible attack. In particular, the class activation mapping module is introduced to narrow the perturbation region to reduce the amount of embedded data. Experimental results on the ImageNet dataset demonstrated that the proposed method achieves better attack ability and image visual quality and ensures that original images can be recovered without distortion.