NetFlick: Adversarial Flickering Attacks on Deep Learning Based Video Compression
This work addresses a security problem for IoT and edge devices using video compression, showing that adversarial attacks can break compression efficiency, which is incremental as it extends known digital attacks to physical scenarios.
The paper tackles the vulnerability of deep learning-based video compression to adversarial attacks by introducing NetFlick, a physically realizable LED attack that injects flickering perturbations to degrade spatio-temporal correlations between frames, resulting in successful performance deterioration in both digital and physical settings.
Video compression plays a significant role in IoT devices for the efficient transport of visual data while satisfying all underlying bandwidth constraints. Deep learning-based video compression methods are rapidly replacing traditional algorithms and providing state-of-the-art results on edge devices. However, recently developed adversarial attacks demonstrate that digitally crafted perturbations can break the Rate-Distortion relationship of video compression. In this work, we present a real-world LED attack to target video compression frameworks. Our physically realizable attack, dubbed NetFlick, can degrade the spatio-temporal correlation between successive frames by injecting flickering temporal perturbations. In addition, we propose universal perturbations that can downgrade performance of incoming video without prior knowledge of the contents. Experimental results demonstrate that NetFlick can successfully deteriorate the performance of video compression frameworks in both digital- and physical-settings and can be further extended to attack downstream video classification networks.