Transferable Learned Image Compression-Resistant Adversarial Perturbations
CoRR(2024)
Abstract
Adversarial attacks can readily disrupt the image classification system,
revealing the vulnerability of DNN-based recognition tasks. While existing
adversarial perturbations are primarily applied to uncompressed images or
compressed images by the traditional image compression method, i.e., JPEG,
limited studies have investigated the robustness of models for image
classification in the context of DNN-based image compression. With the rapid
evolution of advanced image compression, DNN-based learned image compression
has emerged as the promising approach for transmitting images in many
security-critical applications, such as cloud-based face recognition and
autonomous driving, due to its superior performance over traditional
compression. Therefore, there is a pressing need to fully investigate the
robustness of a classification system post-processed by learned image
compression. To bridge this research gap, we explore the adversarial attack on
a new pipeline that targets image classification models that utilize learned
image compressors as pre-processing modules. Furthermore, to enhance the
transferability of perturbations across various quality levels and
architectures of learned image compression models, we introduce a saliency
score-based sampling method to enable the fast generation of transferable
perturbation. Extensive experiments with popular attack methods demonstrate the
enhanced transferability of our proposed method when attacking images that have
been post-processed with different learned image compression models.
MoreTranslated text
Key words
Adversarial attack,Transferability,Learned image compression,Image compression,Robustness,Learned image compression classification system
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined