Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks

TL;DR

This paper introduces a novel preemptive image robustification method using bi-level optimization to defend against Man-in-the-Middle adversarial attacks on online images, enhancing neural network security.

Contribution

It proposes a new bi-level optimization algorithm to find robust image points, improving defense against real-world adversarial threats in online image uploads.

Findings

Effective robustification on CIFAR-10 and ImageNet

Improves robustness when combined with randomized smoothing

Addresses ethical concerns of malicious image interception

Abstract

Deep neural networks have become the driving force of modern image recognition systems. However, the vulnerability of neural networks against adversarial attacks poses a serious threat to the people affected by these systems. In this paper, we focus on a real-world threat model where a Man-in-the-Middle adversary maliciously intercepts and perturbs images web users upload online. This type of attack can raise severe ethical concerns on top of simple performance degradation. To prevent this attack, we devise a novel bi-level optimization algorithm that finds points in the vicinity of natural images that are robust to adversarial perturbations. Experiments on CIFAR-10 and ImageNet show our method can effectively robustify natural images within the given modification budget. We also show the proposed method can improve robustness when jointly used with randomized smoothing.