An Explainable Adversarial Attacks on Privacy-Preserving Image Classification

Adversarial attacks inject imperceptible perturbations to images, they have the advantage of defending against other attacks while have the disadvantage of deteriorating the performance of deep classifier. We proposed a Gray and block chaotic scrambling based scheme for image encryption (Gray + Block Chaotic Scrambling, GBCS), and apply it to privacy-preserve robust classification. Security evaluation has been made in terms of image histogram, information entropy, and robustness against various attacks. It is interesting to find that the bit-planes of combined GBCS and Hilbert scrambling give robustness to classifier against the FGSM, CW, JSMA and DEEP FOOL adversarial attacks. We also use Grad-CAM for interpretability analysis.