Bitstream Collisions in Neural Image Compression via Adversarial Perturbations
This reveals a security threat for NIC in critical applications, addressing a previously unexplored robustness issue.
The paper tackles the vulnerability of neural image compression (NIC) to bitstream collisions, where different images produce identical compressed bitstreams via adversarial perturbations, and demonstrates this with a novel attack algorithm while proposing a mitigation method.
Neural image compression (NIC) has emerged as a promising alternative to classical compression techniques, offering improved compression ratios. Despite its progress towards standardization and practical deployment, there has been minimal exploration into it's robustness and security. This study reveals an unexpected vulnerability in NIC - bitstream collisions - where semantically different images produce identical compressed bitstreams. Utilizing a novel whitebox adversarial attack algorithm, this paper demonstrates that adding carefully crafted perturbations to semantically different images can cause their compressed bitstreams to collide exactly. The collision vulnerability poses a threat to the practical usability of NIC, particularly in security-critical applications. The cause of the collision is analyzed, and a simple yet effective mitigation method is presented.