Towards Robust Neural Image Compression: Adversarial Attack and Model Finetuning

TL;DR

This paper investigates the vulnerability of neural image compression models to adversarial attacks and proposes defense strategies like adversarial training and pre-processing to enhance robustness, demonstrated through real-life case studies.

Contribution

It introduces the first systematic analysis of adversarial robustness in neural image compression and proposes effective defense methods to improve model resilience.

Findings

Existing models are vulnerable to adversarial perturbations.

Defense strategies significantly improve robustness in experiments.

Methodology is simple, effective, and applicable to real-world scenarios.

Abstract

Deep neural network-based image compression has been extensively studied. However, the model robustness which is crucial to practical application is largely overlooked. We propose to examine the robustness of prevailing learned image compression models by injecting negligible adversarial perturbation into the original source image. Severe distortion in decoded reconstruction reveals the general vulnerability in existing methods regardless of their settings (e.g., network architecture, loss function, quality scale). A variety of defense strategies including geometric self-ensemble based pre-processing, and adversarial training, are investigated against the adversarial attack to improve the model's robustness. Later the defense efficiency is further exemplified in real-life image recompression case studies. Overall, our methodology is simple, effective, and generalizable, making it attractive for developing robust learned image compression solutions. All materials are made publicly accessible at https://njuvision.github.io/RobustNIC for reproducible research.