Protecting JPEG Images Against Adversarial Attacks

Aaditya Prakash; Nick Moran; Solomon Garber; Antonella DiLillo; James; Storer

arXiv:1803.00940·cs.CV·March 5, 2018

Protecting JPEG Images Against Adversarial Attacks

Aaditya Prakash, Nick Moran, Solomon Garber, Antonella DiLillo, James, Storer

PDF

TL;DR

This paper introduces an adaptive JPEG encoding method that enhances image security against adversarial attacks on neural networks while maintaining high visual quality and compatibility with standard JPEG decoders.

Contribution

The paper proposes a novel adaptive JPEG encoder that defends against adversarial attacks without requiring changes to existing classifiers or decoders.

Findings

01

Significantly reduces attack success rates

02

Maintains high visual quality of images

03

Requires only modest increase in encoding time

Abstract

As deep neural networks (DNNs) have been integrated into critical systems, several methods to attack these systems have been developed. These adversarial attacks make imperceptible modifications to an image that fool DNN classifiers. We present an adaptive JPEG encoder which defends against many of these attacks. Experimentally, we show that our method produces images with high visual quality while greatly reducing the potency of state-of-the-art attacks. Our algorithm requires only a modest increase in encoding time, produces a compressed image which can be decompressed by an off-the-shelf JPEG decoder, and classified by an unmodified classifier

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.