Protecting JPEG Images Against Adversarial Attacks
This addresses security vulnerabilities in critical systems using DNNs, but it is incremental as it builds on existing JPEG compression for defense.
The paper tackles the problem of adversarial attacks on deep neural network classifiers by developing an adaptive JPEG encoder that defends against state-of-the-art attacks, resulting in high visual quality images with greatly reduced attack potency and only a modest increase in encoding time.
As deep neural networks (DNNs) have been integrated into critical systems, several methods to attack these systems have been developed. These adversarial attacks make imperceptible modifications to an image that fool DNN classifiers. We present an adaptive JPEG encoder which defends against many of these attacks. Experimentally, we show that our method produces images with high visual quality while greatly reducing the potency of state-of-the-art attacks. Our algorithm requires only a modest increase in encoding time, produces a compressed image which can be decompressed by an off-the-shelf JPEG decoder, and classified by an unmodified classifier