Transferable Learned Image Compression-Resistant Adversarial Perturbations


Yang Sui (Rice University), Zhuohang Li (Vanderbilt University), Ding Ding (Tencent Media Lab), Xiang Pan (Tencent), Xiaozhong Xu (Tencent Media Lab), Shan Liu (Tencent Media Lab), Zhenzhong Chen (Wuhan University)
The 35th British Machine Vision Conference
PDFPosterVideo (Right click to download)

Abstract

Adversarial attacks can readily disrupt the image classification system, revealing the vulnerability of DNN-based recognition tasks. While existing adversarial perturbations are primarily applied to uncompressed images or compressed images by the traditional image compression method, i.e., JPEG, limited studies have investigated the robustness of models for image classification in the context of DNN-based image compression. With the rapid evolution of advanced image compression, DNN-based learned image compression has emerged as the promising approach for transmitting images in many security-critical applications, such as cloud-based face recognition and autonomous driving, due to its superior performance over traditional compression. Therefore, there is a pressing need to fully investigate the robustness of a classification system post-processed by learned image compression. To bridge this research gap, we explore the adversarial attack on a new pipeline that targets image classification models that utilize learned image compressors as pre-processing modules. Furthermore, to enhance the transferability of perturbations across various quality levels and architectures of learned image compression models, we introduce a saliency score-based sampling method to enable the fast generation of transferable perturbation. Extensive experiments with popular attack methods demonstrate the enhanced transferability of our proposed method when attacking images that have been post-processed with different learned image compression models.

Citation

@inproceedings{Sui_2024_BMVC,
author    = {Yang Sui and Zhuohang Li and Ding Ding and Xiang Pan and Xiaozhong Xu and Shan Liu and Zhenzhong Chen},
title     = {Transferable Learned Image Compression-Resistant Adversarial Perturbations},
booktitle = {35th British Machine Vision Conference 2024, {BMVC} 2024, Glasgow, UK, November 25-28, 2024},
publisher = {BMVA},
year      = {2024},
url       = {https://papers.bmvc2024.org/0249.pdf}
}


Copyright © 2024 The British Machine Vision Association and Society for Pattern Recognition
The British Machine Vision Conference is organised by The British Machine Vision Association and Society for Pattern Recognition. The Association is a Company limited by guarantee, No.2543446, and a non-profit-making body, registered in England and Wales as Charity No.1002307 (Registered Office: Dept. of Computer Science, Durham University, South Road, Durham, DH1 3LE, UK).

Imprint | Data Protection