Browsing by Author "Basaer, Mehmethan"

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • Thumbnail Image
    ItemOpen Access
    Attacking perceptual hashes
    (2024) Basaer, Mehmethan
    Perceptual hashing algorithms are widely employed for detecting non-compliant content, such as Child Sexual Abuse Material (CSAM), as well as for verifying gaze data quality by generating hash values that remain consistent despite minor image modifications. However, recent studies have revealed vulnerabilities in these algorithms, particularly in Apple’s NeuralHash, which adversaries could exploit to evade detection or create malicious collisions. This thesis investigates the robustness of NeuralHash against a range of adversarial attacks. We first modify and evaluate existing gradient-based collision and evasion attacks, incorporating alternative visual similarity metrics-using LPIPS for collision attacks and LPIPS, MSE for evasion attacks-instead of the traditional SSIM. Our experiments show that LPIPS improves efficiency in collision attacks, requiring fewer optimization steps and introducing less perceptual distortion. In evasion attacks, MSE, SSIM, and LPIPS all achieved a 100% success rate across varying Hamming distances, with SSIM proving the most efficient. We then analyze collage attacks by constructing image collages in different grid configurations, revealing that duplicating the same image or combining different images can substantially alter NeuralHash outputs, enabling evading detection. Furthermore, we develop a image editing attack framework utilizing Breadth-First Search (BFS) and hill-climbing strategies. This framework systematically applies sequences of simple image transformations, such as rotation and colour inversion, to evade NeuralHash detection effectively. Our findings highlight critical vulnerabilities in NeuralHash, showing that adversaries with even minimal technical expertise can exploit these weaknesses. The implications are significant, as they undermine the efficacy of perceptual hashing algorithms in combating non-compliant content. This thesis concludes by stressing the need for more robust perceptual hashing methods and suggests future research directions to enhance the security and reliability of these systems.