Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks
This addresses a real-world security threat for users of online image recognition systems, though it is incremental as it builds on existing adversarial defense methods.
The paper tackles the problem of protecting users from Man-in-the-Middle adversarial attacks on images uploaded online by developing a bi-level optimization algorithm to robustify natural images, with experiments on CIFAR-10 and ImageNet showing effective robustification within a modification budget and improved robustness when combined with randomized smoothing.
Deep neural networks have become the driving force of modern image recognition systems. However, the vulnerability of neural networks against adversarial attacks poses a serious threat to the people affected by these systems. In this paper, we focus on a real-world threat model where a Man-in-the-Middle adversary maliciously intercepts and perturbs images web users upload online. This type of attack can raise severe ethical concerns on top of simple performance degradation. To prevent this attack, we devise a novel bi-level optimization algorithm that finds points in the vicinity of natural images that are robust to adversarial perturbations. Experiments on CIFAR-10 and ImageNet show our method can effectively robustify natural images within the given modification budget. We also show the proposed method can improve robustness when jointly used with randomized smoothing.