ARIA: Adversarially Robust Image Attribution for Content Provenance
- URL: http://arxiv.org/abs/2202.12860v1
- Date: Fri, 25 Feb 2022 18:11:45 GMT
- Title: ARIA: Adversarially Robust Image Attribution for Content Provenance
- Authors: Maksym Andriushchenko, Xiaoyang Rebecca Li, Geoffrey Oxholm, Thomas
Gittings, Tu Bui, Nicolas Flammarion, John Collomosse
- Abstract summary: We show how to generate valid adversarial images that can easily cause incorrect image attribution.
We then describe an approach to prevent imperceptible adversarial attacks on deep visual fingerprinting models.
The resulting models are substantially more robust, are accurate even on unperturbed images, and perform well even over a database with millions of images.
- Score: 25.217001579437635
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Image attribution -- matching an image back to a trusted source -- is an
emerging tool in the fight against online misinformation. Deep visual
fingerprinting models have recently been explored for this purpose. However,
they are not robust to tiny input perturbations known as adversarial examples.
First we illustrate how to generate valid adversarial images that can easily
cause incorrect image attribution. Then we describe an approach to prevent
imperceptible adversarial attacks on deep visual fingerprinting models, via
robust contrastive learning. The proposed training procedure leverages training
on $\ell_\infty$-bounded adversarial examples, it is conceptually simple and
incurs only a small computational overhead. The resulting models are
substantially more robust, are accurate even on unperturbed images, and perform
well even over a database with millions of images. In particular, we achieve
91.6% standard and 85.1% adversarial recall under $\ell_\infty$-bounded
perturbations on manipulated images compared to 80.1% and 0.0% from prior work.
We also show that robustness generalizes to other types of imperceptible
perturbations unseen during training. Finally, we show how to train an
adversarially robust image comparator model for detecting editorial changes in
matched images.
Related papers
- Data Attribution for Text-to-Image Models by Unlearning Synthesized Images [71.23012718682634]
The goal of data attribution for text-to-image models is to identify the training images that most influence the generation of a new image.
We propose a new approach that efficiently identifies highly-influential images.
arXiv Detail & Related papers (2024-06-13T17:59:44Z) - Improving Adversarial Robustness of Masked Autoencoders via Test-time
Frequency-domain Prompting [133.55037976429088]
We investigate the adversarial robustness of vision transformers equipped with BERT pretraining (e.g., BEiT, MAE)
A surprising observation is that MAE has significantly worse adversarial robustness than other BERT pretraining methods.
We propose a simple yet effective way to boost the adversarial robustness of MAE.
arXiv Detail & Related papers (2023-08-20T16:27:17Z) - Adversarial Purification through Representation Disentanglement [21.862799765511976]
Deep learning models are vulnerable to adversarial examples and make incomprehensible mistakes.
Current defense methods, especially purification, tend to remove noise" by learning and recovering the natural images.
In this work, we propose a novel adversarial purification scheme by presenting disentanglement of natural images and adversarial perturbations as a preprocessing defense.
arXiv Detail & Related papers (2021-10-15T01:45:31Z) - With a Little Help from My Friends: Nearest-Neighbor Contrastive
Learning of Visual Representations [87.72779294717267]
Using the nearest-neighbor as positive in contrastive losses improves performance significantly on ImageNet classification.
We demonstrate empirically that our method is less reliant on complex data augmentations.
arXiv Detail & Related papers (2021-04-29T17:56:08Z) - Error Diffusion Halftoning Against Adversarial Examples [85.11649974840758]
Adversarial examples contain carefully crafted perturbations that can fool deep neural networks into making wrong predictions.
We propose a new image transformation defense based on error diffusion halftoning, and combine it with adversarial training to defend against adversarial examples.
arXiv Detail & Related papers (2021-01-23T07:55:02Z) - Stylized Adversarial Defense [105.88250594033053]
adversarial training creates perturbation patterns and includes them in the training set to robustify the model.
We propose to exploit additional information from the feature space to craft stronger adversaries.
Our adversarial training approach demonstrates strong robustness compared to state-of-the-art defenses.
arXiv Detail & Related papers (2020-07-29T08:38:10Z) - Robust Face Verification via Disentangled Representations [20.393894616979402]
We introduce a robust algorithm for face verification, deciding whether twoimages are of the same person or not.
We use the generativemodel during training as an online augmentation method instead of a test-timepurifier that removes adversarial noise.
We experimentally show that, when coupled with adversarial training, the proposed scheme converges with aweak inner solver and has a higher clean and robust accuracy than state-of-the-art-methods when evaluated against white-box physical attacks.
arXiv Detail & Related papers (2020-06-05T19:17:02Z) - Towards Achieving Adversarial Robustness by Enforcing Feature
Consistency Across Bit Planes [51.31334977346847]
We train networks to form coarse impressions based on the information in higher bit planes, and use the lower bit planes only to refine their prediction.
We demonstrate that, by imposing consistency on the representations learned across differently quantized images, the adversarial robustness of networks improves significantly.
arXiv Detail & Related papers (2020-04-01T09:31:10Z) - Applying Tensor Decomposition to image for Robustness against
Adversarial Attack [3.347059384111439]
It can easily fool the deep learning model by adding small perturbations.
In this paper, we suggest combining tensor decomposition for defending the model against adversarial example.
arXiv Detail & Related papers (2020-02-28T18:30:22Z) - AdvJND: Generating Adversarial Examples with Just Noticeable Difference [3.638233924421642]
Adding small perturbations on examples causes a good-performance model to misclassify the crafted examples.
Adversarial examples generated by our AdvJND algorithm yield distributions similar to those of the original inputs.
arXiv Detail & Related papers (2020-02-01T09:55:27Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.