Downscaling Attack and Defense: Turning What You See Back Into What You Get
Andrew J. Lohn
TL;DR
This paper explores how image resizing in computer vision can be exploited through attacks and demonstrates simple defenses, emphasizing the importance of input sanitization for secure machine learning systems.
Contribution
It introduces the concept of downscaling attacks and shows that effective defenses are straightforward if the threat is recognized.
Findings
Resizing can be exploited to alter image perception at machine-vision scales.
Simple input sanitization can defend against downscaling attacks.
Awareness of the threat is crucial for implementing effective defenses.
Abstract
The resizing of images, which is typically a required part of preprocessing for computer vision systems, is vulnerable to attack. Images can be created such that the image is completely different at machine-vision scales than at other scales and the default settings for some common computer vision and machine learning systems are vulnerable. We show that defenses exist and are trivial to administer provided that defenders are aware of the threat. These attacks and defenses help to establish the role of input sanitization in machine learning.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Digital Media Forensic Detection · Advanced Malware Detection Techniques