Search

CN-122020688-A - Text steganography method based on retrieval enhancement large language model

CN122020688ACN 122020688 ACN122020688 ACN 122020688ACN-122020688-A

Abstract

The invention discloses a text steganography method based on a retrieval enhancement large language model, which comprises the steps that a carrier question set is preset by a sender and a receiver, the sender generates a target answer corresponding to secret information through a preset embedding sequence and a target answer mapping table according to secret information to be transmitted, a steganography text containing the target answer is generated based on the target answer and is injected into a corpus of a retrieval enhancement generation system, and the receiver generates a reply containing the target answer through inputting the carrier question and recovers the secret information through reverse mapping according to the reply containing the target answer. The invention realizes the hidden information transfer in the process of search enhancement generation through corpus injection.

Inventors

  • KE YAN
  • LIU WENCHAO
  • WEI RONG
  • SU TINGTING

Assignees

  • 中国人民武装警察部队工程大学

Dates

Publication Date
20260512
Application Date
20260130

Claims (10)

  1. 1. A text steganography method based on a search enhanced large language model, comprising: The sender and the receiver preset a carrier problem set; The sender generates a target answer corresponding to the secret information through a preset embedded sequence and a target answer mapping table according to the secret information to be transferred; generating a steganographic text containing a target answer based on the target answer, and injecting the steganographic text into a corpus of a retrieval enhancement generation system; and the receiver generates a reply containing the target answer by inputting the carrier question, and recovers the secret information through reverse mapping according to the reply containing the target answer.
  2. 2. The text steganography method based on the retrieval enhancement big language model according to claim 1, wherein the embedded sequence and the target answer mapping table construct a target answer set for each carrier question, and each target answer corresponds to a unique embedded sequence, so that bidirectional one-to-one mapping between secret information and target answers is realized; the expression form of the embedded sequence and target answer mapping table is as follows: ; In the formula, Mapping tables for embedding sequences and target answers; A secret information length transmittable for communication based on the carrier problem; Is a set of target answers, wherein each target answer ( )。
  3. 3. The text steganography method based on the retrieval enhancement big language model of claim 2, wherein each answer in the target answer set needs to satisfy semantic rationality, and any two answers have a distinction in terms of semantics or expression.
  4. 4. The method of text steganography based on a search enhanced big language model of claim 1, wherein generating steganographic text containing a target answer based on the target answer comprises: Generating an initial steganographic text related to the carrier question and containing a target answer through a large language model; Performing optimization processing on the initial steganographic text to obtain a steganographic text containing the target answer; wherein the optimization process includes: Iteratively optimizing the initial steganographic text by minimizing a joint loss function constructed by combining retrieval priority loss, answer similarity loss, text quality loss, and steganographic analysis loss; the retrieval priority loss is used for obtaining higher retrieval ranking by improving the semantic similarity between the steganographic text and the carrier problem; the answer similarity loss is used for guiding the output answer by improving the semantic similarity between the answer generated by the big language model based on the steganographic text and the target answer.
  5. 5. The method for text steganography based on a search enhancement big language model of claim 4, wherein the text quality penalty is used to control natural language quality variations of the optimized steganographic text relative to the original steganographic text; The steganalysis penalty is optimized based on a steganalysis model, and feature convergence of the steganographic text and the normal text is ensured by reducing the probability that the steganographic text is recognized as a steganographic carrier.
  6. 6. The text steganography method based on the retrieval enhancement big language model of claim 4, wherein calculating the answer similarity loss comprises: extracting candidate text fragments from replies generated by the large language model, and obtaining semantic vector similarity of each candidate fragment and the target answer; and selecting the highest semantic similarity as a matching score, and calculating the answer similarity loss based on the matching score.
  7. 7. The text steganography method based on the retrieval enhancement big language model according to claim 4, wherein the optimization processing is performed by a text countermeasure optimization algorithm based on HotFlip, and steganography text meeting an optimization target is obtained by performing iterative replacement on text lements.
  8. 8. The text steganography method based on the retrieval enhancement big language model of claim 1, wherein the receiving party generates a reply containing the target answer by inputting the carrier question, and recovers secret information through reverse mapping according to the reply containing the target answer, comprising: sequentially inputting the carrier problems to a retrieval enhancement generation system to obtain a corresponding large language model output text; for each output text, executing double-layer answer extraction processing, namely firstly, directly identifying a preset target answer from the output text through sub-string matching, and if the matching fails, extracting a candidate segment closest to the target answer from the output text through semantic similarity calculation to serve as an extraction answer; Matching the extracted answers with all candidate target answers in a pre-stored mapping table to determine final target answers; Reversely mapping the final target answer into a corresponding embedded sequence according to the mapping table; And splicing the embedded sequences corresponding to all the carrier problems in sequence to form a complete ciphertext sequence and decrypting to obtain the original secret information.
  9. 9. The text steganography method based on the retrieval enhancement big language model according to claim 8, wherein extracting a candidate segment closest to the target answer semantics from the output text as an extraction answer through semantic similarity calculation includes: Performing clause and entity recognition on the output text through a natural language processing tool to obtain a plurality of candidate text fragments; encoding each candidate text segment and the target answer into a semantic vector; And screening out a candidate text segment closest to the semantic vector of the target answer as the extracted answer by calculating cosine similarity.
  10. 10. The method of text steganography based on a search enhancement big language model of claim 8, wherein determining the final target answer comprises: If the extracted answer is obtained through sub-string matching, directly taking the corresponding extracted answer as the final target answer; If the extracted answer is obtained through semantic similarity calculation, determining the candidate target answer with the highest similarity as the final target answer through calculating the semantic similarity between the corresponding extracted answer and each candidate target answer in the mapping table.

Description

Text steganography method based on retrieval enhancement large language model Technical Field The invention relates to the technical field of computer security steganography based on artificial intelligence, in particular to a text steganography method based on a retrieval enhancement large language model. Background The core of the steganography technology is that secret information is embedded in daily-appearing content by means of common and common communication media as shielding, so that safe information transmission is realized. With the rapid development of digital media, steganographic carriers have gradually expanded from traditional text and images to multimedia data, including naturally acquired images and audio, and covering content generated by intelligent algorithms. In the process, the steganography technology needs to balance between the concealment, the embedding capacity and the robustness, wherein the concealment not only requires the carrier to keep natural in vision or hearing, but also needs to resist detection of a steganography analysis algorithm in statistical characteristics, and the robustness is not aimed at active attack, but is aimed at unavoidable recompression, format conversion and other lossy treatments in actual channels of social media and the like, so that the survivability of steganography information in the transmission process is ensured. However, existing steganographic algorithms still have limitations to varying degrees in terms of achieving high levels of concealment, large capacity embedding, and broad applicability at the same time. In recent years, artificial intelligence, particularly the rapid development of large language models (Large Language Models, LLMs), brings revolutionary changes to text generation and processing, and also provides new ideas for steganography. Some studies began to explore the direct use LLMs of text that contained confidential information. Although the method can generate a natural-looking text, the core mechanism of the method is to realize information coding by controlling the probability or sampling process generated in the model, and the generated text still has slight difference with human natural writing on statistical distribution and has the risk of being detected by a targeted analysis model. At the same time, such methods often lack a targeted robust design for the transmission and processing of the carrier text in the actual application scenario (e.g., through the interaction of a question-answering system). On the other hand, the search enhancement generation (RETRIEVAL-Augmented Generation, RAG) framework is widely used as an important framework for improving the accuracy and timeliness of large model knowledge. The framework directs the model to generate more reliable answers by retrieving relevant text segments from an external knowledge base and providing them as context to the large language model. However, the current research has focused on the security vulnerability of RAG systems, i.e. an attacker may "poison" the knowledge base by maliciously injecting misleading corpus, thereby affecting or manipulating the output of the model. These studies only consider "corpus injection" as a security threat that requires defense. In summary, the existing text steganography technology still has limitations in adapting to a new generation of intelligent interaction environment and realizing high-concealment and large-capacity communication, and meanwhile, for the characteristic of 'corpus injection' of a RAG system, the existing cognition only stays on the negative security influence. At present, no research or scheme for actively and systematically converting a core operation mechanism of the RAG system, particularly the dynamic injectability and retrieval-generation coupling characteristics of a corpus thereof, into a controllable, reliable and highly-concealed communication channel is seen. By utilizing the architecture characteristics, a novel steganography method which can be naturally integrated into daily question-answer interaction and can effectively resist statistical analysis detection and channel unintentional interference is designed, and the method becomes an important direction worthy of exploration. Disclosure of Invention In order to solve the technical problems in the prior art, the invention provides a text steganography method based on a retrieval enhancement large language model, which ensures the accuracy of information extraction. In order to achieve the above object, the present invention provides a text steganography method based on a search enhancement large language model, including: The sender and the receiver preset a carrier problem set; The sender generates a target answer corresponding to the secret information through a preset embedded sequence and a target answer mapping table according to the secret information to be transferred; generating a steganographic text containing a target answer b