Exploring adversarial robustness of JPEG AI: methodology, comparison and new methods

TL;DR

This paper introduces a new methodology to evaluate the adversarial robustness of JPEG AI, the first standard for neural image compression, comparing its resilience against attacks with other NIC models.

Contribution

It presents the first large-scale evaluation of JPEG AI's robustness to adversarial attacks and provides a comparative analysis with other neural image compression models.

Findings

JPEG AI's robustness varies across different attack types.

Compared to open-source codecs, JPEG AI shows unique vulnerabilities.

The evaluation framework is publicly available for further research.

Abstract

Adversarial robustness of neural networks is an increasingly important area of research, combining studies on computer vision models, large language models (LLMs), and others. With the release of JPEG AI - the first standard for end-to-end neural image compression (NIC) methods - the question of its robustness has become critically significant. JPEG AI is among the first international, real-world applications of neural-network-based models to be embedded in consumer devices. However, research on NIC robustness has been limited to open-source codecs and a narrow range of attacks. This paper proposes a new methodology for measuring NIC robustness to adversarial attacks. We present the first large-scale evaluation of JPEG AI's robustness, comparing it with other NIC models. Our evaluation results and code are publicly available online (link is hidden for a blind review).