On the Detection of Image-Scaling Attacks in Machine Learning
This addresses a security gap for machine learning and computer vision practitioners by providing the first rigorous detection framework for image-scaling attacks, though it is incremental as it builds on existing prevention techniques.
The paper tackles the problem of detecting image-scaling attacks in machine learning systems, which are vulnerabilities where unnoticeable image changes alter predictions after scaling, and it presents novel detection methods that reliably identify these attacks, even under adaptive adversaries or with minor manipulations, outperforming previous work.
Image scaling is an integral part of machine learning and computer vision systems. Unfortunately, this preprocessing step is vulnerable to so-called image-scaling attacks where an attacker makes unnoticeable changes to an image so that it becomes a new image after scaling. This opens up new ways for attackers to control the prediction or to improve poisoning and backdoor attacks. While effective techniques exist to prevent scaling attacks, their detection has not been rigorously studied yet. Consequently, it is currently not possible to reliably spot these attacks in practice. This paper presents the first in-depth systematization and analysis of detection methods for image-scaling attacks. We identify two general detection paradigms and derive novel methods from them that are simple in design yet significantly outperform previous work. We demonstrate the efficacy of these methods in a comprehensive evaluation with all major learning platforms and scaling algorithms. First, we show that image-scaling attacks modifying the entire scaled image can be reliably detected even under an adaptive adversary. Second, we find that our methods provide strong detection performance even if only minor parts of the image are manipulated. As a result, we can introduce a novel protection layer against image-scaling attacks.