Transferable Learned Image Compression-Resistant Adversarial Perturbations

Yang SUI; Zhuohang LI; Ding DING; Xiang PAN; Xiaozhong XU; Shan LIU; Zhenzhong CHEN

doi:10.1109/DCC58796.2024.00099

Transferable Learned Image Compression-Resistant Adversarial Perturbations

Yang SUI
, Zhuohang LI
, Ding DING
, Xiang PAN
, Xiaozhong XU
, Shan LIU
, Zhenzhong CHEN^*

^*Corresponding author for this work

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

Abstract

With the rapid evolution of advanced image compression, DNN-based learned image compression has emerged as the promising approach for transmitting images in many security-critical applications, such as cloud-based face recognition and autonomous driving, due to its superior performance over traditional compression. There is a pressing need to fully investigate the robustness of a classification system post-processed by learned image compression. To bridge this research gap, we explore the adversarial attack on Learned Image Compression Classification System (LICCS) that targets image classification models that utilize learned image compressors as preprocessing modules. To perform an adversarial attack on an image within the LICCS, the goal is to introduce the adversarial perturbation δ to the source image X that causes the reconstructed adversarial examples gs(Q(ga(X+δ))) to be misclassified by the classification model, which can be formulated as follows:
argmax_i f(g_s(Q(g_a(X+δ))))_i≠y, s.t.∥δ∥_p≤ε. (1)

Original language	English
Title of host publication	2024 Data Compression Conference, DCC 2024: Proceedings
Editors	Ali BILGIN, James E. FOWLER, Joan SERRA-SAGRISTA, Yan YE, James A. STORER
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	582
Number of pages	1
ISBN (Electronic)	9798350385878
DOIs	https://doi.org/10.1109/DCC58796.2024.00099
Publication status	Published - 2024
Externally published	Yes
Event	2024 Data Compression Conference - Snowbird, United States Duration: 19 Mar 2024 → 22 Mar 2024

Publication series

Name	Data Compression Conference: Proceedings
Publisher	IEEE
ISSN (Print)	1068-0314
ISSN (Electronic)	2375-0359

Conference

Conference	2024 Data Compression Conference
Abbreviated title	DCC 2024
Country/Territory	United States
City	Snowbird
Period	19/03/24 → 22/03/24

Bibliographical note

Publisher Copyright:
© 2024 IEEE.

Keywords

Adversarial attack
Image compression
Learned image compression
Learned image compression classification system
Robustness
Transferability

Access to Document

10.1109/DCC58796.2024.00099

Cite this

SUI, Y., LI, Z., DING, D., PAN, X., XU, X., LIU, S., & CHEN, Z. (2024). Transferable Learned Image Compression-Resistant Adversarial Perturbations. In A. BILGIN, J. E. FOWLER, J. SERRA-SAGRISTA, Y. YE, & J. A. STORER (Eds.), 2024 Data Compression Conference, DCC 2024: Proceedings (pp. 582). (Data Compression Conference: Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DCC58796.2024.00099

SUI, Yang ; LI, Zhuohang ; DING, Ding et al. / Transferable Learned Image Compression-Resistant Adversarial Perturbations. 2024 Data Compression Conference, DCC 2024: Proceedings. editor / Ali BILGIN ; James E. FOWLER ; Joan SERRA-SAGRISTA ; Yan YE ; James A. STORER. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 582 (Data Compression Conference: Proceedings).

@inproceedings{44b63958a2b0444e88ba6a5bdc39a79e,

title = "Transferable Learned Image Compression-Resistant Adversarial Perturbations",

abstract = "With the rapid evolution of advanced image compression, DNN-based learned image compression has emerged as the promising approach for transmitting images in many security-critical applications, such as cloud-based face recognition and autonomous driving, due to its superior performance over traditional compression. There is a pressing need to fully investigate the robustness of a classification system post-processed by learned image compression. To bridge this research gap, we explore the adversarial attack on Learned Image Compression Classification System (LICCS) that targets image classification models that utilize learned image compressors as preprocessing modules. To perform an adversarial attack on an image within the LICCS, the goal is to introduce the adversarial perturbation δ to the source image X that causes the reconstructed adversarial examples gs(Q(ga(X+δ))) to be misclassified by the classification model, which can be formulated as follows: argmaxi f(gs(Q(ga(X+δ))))i≠y, s.t.∥δ∥p≤ε. (1)",

keywords = "Adversarial attack, Image compression, Learned image compression, Learned image compression classification system, Robustness, Transferability",

author = "Yang SUI and Zhuohang LI and Ding DING and Xiang PAN and Xiaozhong XU and Shan LIU and Zhenzhong CHEN",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 2024 Data Compression Conference, DCC 2024 ; Conference date: 19-03-2024 Through 22-03-2024",

year = "2024",

doi = "10.1109/DCC58796.2024.00099",

language = "English",

series = "Data Compression Conference: Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "582",

editor = "Ali BILGIN and FOWLER, \{James E.\} and Joan SERRA-SAGRISTA and Yan YE and STORER, \{James A.\}",

booktitle = "2024 Data Compression Conference, DCC 2024: Proceedings",

address = "United States",

}

SUI, Y, LI, Z, DING, D, PAN, X, XU, X, LIU, S & CHEN, Z 2024, Transferable Learned Image Compression-Resistant Adversarial Perturbations. in A BILGIN, JE FOWLER, J SERRA-SAGRISTA, Y YE & JA STORER (eds), 2024 Data Compression Conference, DCC 2024: Proceedings. Data Compression Conference: Proceedings, Institute of Electrical and Electronics Engineers Inc., pp. 582, 2024 Data Compression Conference, Snowbird, Utah, United States, 19/03/24. https://doi.org/10.1109/DCC58796.2024.00099

Transferable Learned Image Compression-Resistant Adversarial Perturbations. / SUI, Yang; LI, Zhuohang; DING, Ding et al.
2024 Data Compression Conference, DCC 2024: Proceedings. ed. / Ali BILGIN; James E. FOWLER; Joan SERRA-SAGRISTA; Yan YE; James A. STORER. Institute of Electrical and Electronics Engineers Inc., 2024. p. 582 (Data Compression Conference: Proceedings).

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

TY - GEN

T1 - Transferable Learned Image Compression-Resistant Adversarial Perturbations

AU - SUI, Yang

AU - LI, Zhuohang

AU - DING, Ding

AU - PAN, Xiang

AU - XU, Xiaozhong

AU - LIU, Shan

AU - CHEN, Zhenzhong

PY - 2024

Y1 - 2024

N2 - With the rapid evolution of advanced image compression, DNN-based learned image compression has emerged as the promising approach for transmitting images in many security-critical applications, such as cloud-based face recognition and autonomous driving, due to its superior performance over traditional compression. There is a pressing need to fully investigate the robustness of a classification system post-processed by learned image compression. To bridge this research gap, we explore the adversarial attack on Learned Image Compression Classification System (LICCS) that targets image classification models that utilize learned image compressors as preprocessing modules. To perform an adversarial attack on an image within the LICCS, the goal is to introduce the adversarial perturbation δ to the source image X that causes the reconstructed adversarial examples gs(Q(ga(X+δ))) to be misclassified by the classification model, which can be formulated as follows: argmaxi f(gs(Q(ga(X+δ))))i≠y, s.t.∥δ∥p≤ε. (1)

AB - With the rapid evolution of advanced image compression, DNN-based learned image compression has emerged as the promising approach for transmitting images in many security-critical applications, such as cloud-based face recognition and autonomous driving, due to its superior performance over traditional compression. There is a pressing need to fully investigate the robustness of a classification system post-processed by learned image compression. To bridge this research gap, we explore the adversarial attack on Learned Image Compression Classification System (LICCS) that targets image classification models that utilize learned image compressors as preprocessing modules. To perform an adversarial attack on an image within the LICCS, the goal is to introduce the adversarial perturbation δ to the source image X that causes the reconstructed adversarial examples gs(Q(ga(X+δ))) to be misclassified by the classification model, which can be formulated as follows: argmaxi f(gs(Q(ga(X+δ))))i≠y, s.t.∥δ∥p≤ε. (1)

KW - Adversarial attack

KW - Image compression

KW - Learned image compression

KW - Learned image compression classification system

KW - Robustness

KW - Transferability

UR - https://www.scopus.com/pages/publications/85194819354

U2 - 10.1109/DCC58796.2024.00099

DO - 10.1109/DCC58796.2024.00099

M3 - Conference paper (refereed)

AN - SCOPUS:85194819354

T3 - Data Compression Conference: Proceedings

SP - 582

BT - 2024 Data Compression Conference, DCC 2024: Proceedings

A2 - BILGIN, Ali

A2 - FOWLER, James E.

A2 - SERRA-SAGRISTA, Joan

A2 - YE, Yan

A2 - STORER, James A.

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2024 Data Compression Conference

Y2 - 19 March 2024 through 22 March 2024

ER -

SUI Y, LI Z, DING D, PAN X, XU X, LIU S et al. Transferable Learned Image Compression-Resistant Adversarial Perturbations. In BILGIN A, FOWLER JE, SERRA-SAGRISTA J, YE Y, STORER JA, editors, 2024 Data Compression Conference, DCC 2024: Proceedings. Institute of Electrical and Electronics Engineers Inc. 2024. p. 582. (Data Compression Conference: Proceedings). Epub 2024 May 21. doi: 10.1109/DCC58796.2024.00099

Transferable Learned Image Compression-Resistant Adversarial Perturbations

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this