A Training-Free Defense Framework for Robust Learned Image Compression

TL;DR

This paper introduces a training-free, transform-based defense method to improve the robustness of learned image compression models against adversarial attacks without sacrificing performance on clean images.

Contribution

It proposes a simple, effective two-way compression algorithm with random transforms that enhances robustness without retraining or modifying existing models.

Findings

Improves robustness against adversarial attacks across multiple models

Maintains original rate-distortion performance on clean images

Requires no additional training or model modifications

Abstract

We study the robustness of learned image compression models against adversarial attacks and present a training-free defense technique based on simple image transform functions. Recent learned image compression models are vulnerable to adversarial attacks that result in poor compression rate, low reconstruction quality, or weird artifacts. To address the limitations, we propose a simple but effective two-way compression algorithm with random input transforms, which is conveniently applicable to existing image compression models. Unlike the na\"ive approaches, our approach preserves the original rate-distortion performance of the models on clean images. Moreover, the proposed algorithm requires no additional training or modification of existing models, making it more practical. We demonstrate the effectiveness of the proposed techniques through extensive experiments under multiple compression models, evaluation metrics, and attack scenarios.