Robust Steganography from Large Language Models

• URL: http://arxiv.org/abs/2504.08977v1
• Date: Fri, 11 Apr 2025 21:06:36 GMT
• Title: Robust Steganography from Large Language Models
• Authors: Neil Perry, Sanket Gupte, Nishant Pitta, Lior Rotem,
• Abstract summary: We study the problem of robust steganography.<n>We design and implement our steganographic schemes that embed arbitrary secret messages into natural language text.
• Score: 1.5749416770494704
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Recent steganographic schemes, starting with Meteor (CCS'21), rely on leveraging large language models (LLMs) to resolve a historically-challenging task of disguising covert communication as ``innocent-looking'' natural-language communication. However, existing methods are vulnerable to ``re-randomization attacks,'' where slight changes to the communicated text, that might go unnoticed, completely destroy any hidden message. This is also a vulnerability in more traditional encryption-based stegosystems, where adversaries can modify the randomness of an encryption scheme to destroy the hidden message while preserving an acceptable covertext to ordinary users. In this work, we study the problem of robust steganography. We introduce formal definitions of weak and strong robust LLM-based steganography, corresponding to two threat models in which natural language serves as a covertext channel resistant to realistic re-randomization attacks. We then propose two constructions satisfying these notions. We design and implement our steganographic schemes that embed arbitrary secret messages into natural language text generated by LLMs, ensuring recoverability even under adversarial paraphrasing and rewording attacks. To support further research and real-world deployment, we release our implementation and datasets for public use.

Related papers

• Semantic Steganography: A Framework for Robust and High-Capacity Information Hiding using Large Language Models [25.52890764952079]
  generative linguistic steganography has become a prevalent technique for hiding information within model-generated texts.<n>We propose a semantic steganography framework based on Large Language Models (LLMs)<n>This framework offers robustness and reliability for transmission in complex channels, as well as resistance to text rendering and word blocking.
  arXiv  Detail & Related papers  (2024-12-15T04:04:23Z)
• DiffuseDef: Improved Robustness to Adversarial Attacks [38.34642687239535]
  adversarial attacks pose a critical challenge to system built using pretrained language models. We propose DiffuseDef, which incorporates a diffusion layer as a denoiser between the encoder and the classifier. During inference, the adversarial hidden state is first combined with sampled noise, then denoised iteratively and finally ensembled to produce a robust text representation.
  arXiv  Detail & Related papers  (2024-06-28T22:36:17Z)
• Provably Secure Disambiguating Neural Linguistic Steganography [66.30965740387047]
  The segmentation ambiguity problem, which arises when using language models based on subwords, leads to occasional decoding failures.<n>We propose a novel secure disambiguation method named SyncPool, which effectively addresses the segmentation ambiguity problem.<n> SyncPool does not change the size of the candidate pool or the distribution of tokens and thus is applicable to provably secure language steganography methods.
  arXiv  Detail & Related papers  (2024-03-26T09:25:57Z)
• AdaShield: Safeguarding Multimodal Large Language Models from Structure-based Attack via Adaptive Shield Prompting [54.931241667414184]
  We propose textbfAdaptive textbfShield Prompting, which prepends inputs with defense prompts to defend MLLMs against structure-based jailbreak attacks. Our methods can consistently improve MLLMs' robustness against structure-based jailbreak attacks.
  arXiv  Detail & Related papers  (2024-03-14T15:57:13Z)
• Reverse-Engineering Decoding Strategies Given Blackbox Access to a Language Generation System [73.52878118434147]
  We present methods to reverse-engineer the decoding method used to generate text. Our ability to discover which decoding strategy was used has implications for detecting generated text.
  arXiv  Detail & Related papers  (2023-09-09T18:19:47Z)
• Red Teaming Language Model Detectors with Language Models [114.36392560711022]
  Large language models (LLMs) present significant safety and ethical risks if exploited by malicious users. Recent works have proposed algorithms to detect LLM-generated text and protect LLMs. We study two types of attack strategies: 1) replacing certain words in an LLM's output with their synonyms given the context; 2) automatically searching for an instructional prompt to alter the writing style of the generation.
  arXiv  Detail & Related papers  (2023-05-31T10:08:37Z)
• Autoregressive Linguistic Steganography Based on BERT and Consistency Coding [17.881686153284267]
  Linguistic steganography (LS) conceals the presence of communication by embedding secret information into a text. Recent algorithms use a language model (LM) to generate the steganographic text, which provides a higher payload compared with many previous arts. We propose a novel autoregressive LS algorithm based on BERT and consistency coding, which achieves a better trade-off between embedding payload and system security.
  arXiv  Detail & Related papers  (2022-03-26T02:36:55Z)
• Leveraging Generative Models for Covert Messaging: Challenges and Tradeoffs for "Dead-Drop" Deployments [10.423657458233713]
  generative models of natural language text encode message-carrying bits into a sequence of samples from the model, ultimately yielding a plausible natural language covertext. We make these challenges concrete, by considering the natural application of such a pipeline: namely, "dead-drop" covert messaging over large, public internet platforms. We implement a system around this model-based format-transforming encryption pipeline, and give an empirical analysis of its performance and (heuristic) security.
  arXiv  Detail & Related papers  (2021-10-13T20:05:26Z)
• Provably Secure Generative Linguistic Steganography [29.919406917681282]
  We present a novel provably secure generative linguistic steganographic method ADG. ADG embeds secret information by Adaptive Dynamic Grouping of tokens according to their probability given by an off-the-shelf language model.
  arXiv  Detail & Related papers  (2021-06-03T17:27:10Z)
• Near-imperceptible Neural Linguistic Steganography via Self-Adjusting Arithmetic Coding [88.31226340759892]
  We present a new linguistic steganography method which encodes secret messages using self-adjusting arithmetic coding based on a neural language model. Human evaluations show that 51% of generated cover texts can indeed fool eavesdroppers.
  arXiv  Detail & Related papers  (2020-10-01T20:40:23Z)
• Contextualized Perturbation for Textual Adversarial Attack [56.370304308573274]
  Adversarial examples expose the vulnerabilities of natural language processing (NLP) models. This paper presents CLARE, a ContextuaLized AdversaRial Example generation model that produces fluent and grammatical outputs.
  arXiv  Detail & Related papers  (2020-09-16T06:53:15Z)
• Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding [80.3811072650087]
  We study natural language watermarking as a defense to help better mark and trace the provenance of text. We introduce the Adversarial Watermarking Transformer (AWT) with a jointly trained encoder-decoder and adversarial training. AWT is the first end-to-end model to hide data in text by automatically learning -- without ground truth -- word substitutions along with their locations.
  arXiv  Detail & Related papers  (2020-09-07T11:01:24Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.