A Training-Free Defense Framework for Robust Learned Image Compression

• URL: http://arxiv.org/abs/2401.11902v1
• Date: Mon, 22 Jan 2024 12:50:21 GMT
• Title: A Training-Free Defense Framework for Robust Learned Image Compression
• Authors: Myungseo Song, Jinyoung Choi, Bohyung Han
• Abstract summary: We study the robustness of learned image compression models against adversarial attacks. We present a training-free defense technique based on simple image transform functions.
• Score: 48.41990144764295
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: We study the robustness of learned image compression models against adversarial attacks and present a training-free defense technique based on simple image transform functions. Recent learned image compression models are vulnerable to adversarial attacks that result in poor compression rate, low reconstruction quality, or weird artifacts. To address the limitations, we propose a simple but effective two-way compression algorithm with random input transforms, which is conveniently applicable to existing image compression models. Unlike the na\"ive approaches, our approach preserves the original rate-distortion performance of the models on clean images. Moreover, the proposed algorithm requires no additional training or modification of existing models, making it more practical. We demonstrate the effectiveness of the proposed techniques through extensive experiments under multiple compression models, evaluation metrics, and attack scenarios.

Related papers

• Zero-Shot Image Compression with Diffusion-Based Posterior Sampling [34.50287066865267]
  This work addresses the gap by harnessing the image prior learned by existing pre-trained diffusion models for solving the task of lossy image compression. Our method, PSC (Posterior Sampling-based Compression), utilizes zero-shot diffusion-based posterior samplers. PSC achieves competitive results compared to established methods, paving the way for further exploration of pre-trained diffusion models and posterior samplers for image compression.
  arXiv  Detail & Related papers  (2024-07-13T14:24:22Z)
• Transferable Learned Image Compression-Resistant Adversarial Perturbations [66.46470251521947]
  Adversarial attacks can readily disrupt the image classification system, revealing the vulnerability of DNN-based recognition tasks. We introduce a new pipeline that targets image classification models that utilize learned image compressors as pre-processing modules.
  arXiv  Detail & Related papers  (2024-01-06T03:03:28Z)
• Backdoor Attacks Against Deep Image Compression via Adaptive Frequency Trigger [106.10954454667757]
  We present a novel backdoor attack with multiple triggers against learned image compression models. Motivated by the widely used discrete cosine transform (DCT) in existing compression systems and standards, we propose a frequency-based trigger injection model.
  arXiv  Detail & Related papers  (2023-02-28T15:39:31Z)
• Estimating the Resize Parameter in End-to-end Learned Image Compression [50.20567320015102]
  We describe a search-free resizing framework that can further improve the rate-distortion tradeoff of recent learned image compression models. Our results show that our new resizing parameter estimation framework can provide Bjontegaard-Delta rate (BD-rate) improvement of about 10% against leading perceptual quality engines.
  arXiv  Detail & Related papers  (2022-04-26T01:35:02Z)
• Post-Training Quantization for Cross-Platform Learned Image Compression [15.67527732099067]
  It has been witnessed that learned image compression has outperformed conventional image coding techniques. One of the most critical issues that need to be considered is the non-deterministic calculation. We propose to solve this problem by introducing well-developed post-training quantization.
  arXiv  Detail & Related papers  (2022-02-15T15:41:12Z)
• Towards Robust Neural Image Compression: Adversarial Attack and Model Finetuning [30.36695754075178]
  Deep neural network-based image compression has been extensively studied. We propose to examine the robustness of prevailing learned image compression models by injecting negligible adversarial perturbation into the original source image. A variety of defense strategies including geometric self-ensemble based pre-processing, and adversarial training, are investigated against the adversarial attack to improve the model's robustness.
  arXiv  Detail & Related papers  (2021-12-16T08:28:26Z)
• Variable-Rate Deep Image Compression through Spatially-Adaptive Feature Transform [58.60004238261117]
  We propose a versatile deep image compression network based on Spatial Feature Transform (SFT arXiv:1804.02815) Our model covers a wide range of compression rates using a single model, which is controlled by arbitrary pixel-wise quality maps. The proposed framework allows us to perform task-aware image compressions for various tasks.
  arXiv  Detail & Related papers  (2021-08-21T17:30:06Z)
• Countering Adversarial Examples: Combining Input Transformation and Noisy Training [15.561916630351947]
  adversarial examples pose a threat to security-sensitive image recognition task. Traditional JPEG compression is insufficient to defend those attacks but can cause an abrupt accuracy decline to benign images. We make modifications to traditional JPEG compression algorithm which becomes more favorable for NN.
  arXiv  Detail & Related papers  (2021-06-25T02:46:52Z)
• Quantization Guided JPEG Artifact Correction [69.04777875711646]
  We develop a novel architecture for artifact correction using the JPEG files quantization matrix. This allows our single model to achieve state-of-the-art performance over models trained for specific quality settings.
  arXiv  Detail & Related papers  (2020-04-17T00:10:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.