ON GENERATING JPEG ADVERSARIAL IMAGES

Mengte Shi; Sheng Li; Zhaoxia Yin; Xinpeng Zhang; Zhenxing Qian

doi:10.1109/ICME51207.2021.9428243

ON GENERATING JPEG ADVERSARIAL IMAGES

Mengte Shi, Sheng Li, Zhaoxia Yin, Xinpeng Zhang^*, Zhenxing Qian

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

10 Scopus citations

Abstract

Adversarial attacks slightly perturb the original image to fool deep neural networks (DNN). Various schemes have been proposed to generate uncompressed adversarial images, which are usually ineffective after being compressed during the transmission. In this paper, we propose to generate JPEG adversarial images directly from the DNN. Two adversarial rounding schemes, including fast rounding and iterative rounding, are proposed to produce quantized DCT coefficients of JPEG adversarial images. Both schemes use the gradients of adversarial images in the DCT domain to guide the rounding. In fast rounding, we propose a novel indicator to evaluate the importance of the DCT coefficients for adversarial attacks, where only those with high importance are adversarially rounded to reduce the distortion. In iterative rounding, we additionally incorporate a loss function to measure the distortion caused by adversarial rounding. The experiments show that our schemes can obtain effective JPEG adversarial images with low distortion.

Original language	English
Title of host publication	2021 IEEE International Conference on Multimedia and Expo, ICME 2021
Publisher	IEEE Computer Society
ISBN (Electronic)	9781665438643
DOIs	https://doi.org/10.1109/ICME51207.2021.9428243
State	Published - 2021
Externally published	Yes
Event	2021 IEEE International Conference on Multimedia and Expo, ICME 2021 - Shenzhen, China Duration: 5 Jul 2021 → 9 Jul 2021

Publication series

Name	Proceedings - IEEE International Conference on Multimedia and Expo
ISSN (Print)	1945-7871
ISSN (Electronic)	1945-788X

Conference

Conference	2021 IEEE International Conference on Multimedia and Expo, ICME 2021
Country/Territory	China
City	Shenzhen
Period	5/07/21 → 9/07/21

Keywords

Deep neural networks
JPEG compression
adversarial examples

Access to Document

10.1109/ICME51207.2021.9428243

Cite this

@inproceedings{92118452dcc944d6930df1aa43de615d,

title = "ON GENERATING JPEG ADVERSARIAL IMAGES",

abstract = "Adversarial attacks slightly perturb the original image to fool deep neural networks (DNN). Various schemes have been proposed to generate uncompressed adversarial images, which are usually ineffective after being compressed during the transmission. In this paper, we propose to generate JPEG adversarial images directly from the DNN. Two adversarial rounding schemes, including fast rounding and iterative rounding, are proposed to produce quantized DCT coefficients of JPEG adversarial images. Both schemes use the gradients of adversarial images in the DCT domain to guide the rounding. In fast rounding, we propose a novel indicator to evaluate the importance of the DCT coefficients for adversarial attacks, where only those with high importance are adversarially rounded to reduce the distortion. In iterative rounding, we additionally incorporate a loss function to measure the distortion caused by adversarial rounding. The experiments show that our schemes can obtain effective JPEG adversarial images with low distortion.",

keywords = "Deep neural networks, JPEG compression, adversarial examples",

author = "Mengte Shi and Sheng Li and Zhaoxia Yin and Xinpeng Zhang and Zhenxing Qian",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE; 2021 IEEE International Conference on Multimedia and Expo, ICME 2021 ; Conference date: 05-07-2021 Through 09-07-2021",

year = "2021",

doi = "10.1109/ICME51207.2021.9428243",

language = "英语",

series = "Proceedings - IEEE International Conference on Multimedia and Expo",

publisher = "IEEE Computer Society",

booktitle = "2021 IEEE International Conference on Multimedia and Expo, ICME 2021",

address = "美国",

}

Shi, M, Li, S, Yin, Z, Zhang, X & Qian, Z 2021, ON GENERATING JPEG ADVERSARIAL IMAGES. in 2021 IEEE International Conference on Multimedia and Expo, ICME 2021. Proceedings - IEEE International Conference on Multimedia and Expo, IEEE Computer Society, 2021 IEEE International Conference on Multimedia and Expo, ICME 2021, Shenzhen, China, 5/07/21. https://doi.org/10.1109/ICME51207.2021.9428243

TY - GEN

T1 - ON GENERATING JPEG ADVERSARIAL IMAGES

AU - Shi, Mengte

AU - Li, Sheng

AU - Yin, Zhaoxia

AU - Zhang, Xinpeng

AU - Qian, Zhenxing

PY - 2021

Y1 - 2021

N2 - Adversarial attacks slightly perturb the original image to fool deep neural networks (DNN). Various schemes have been proposed to generate uncompressed adversarial images, which are usually ineffective after being compressed during the transmission. In this paper, we propose to generate JPEG adversarial images directly from the DNN. Two adversarial rounding schemes, including fast rounding and iterative rounding, are proposed to produce quantized DCT coefficients of JPEG adversarial images. Both schemes use the gradients of adversarial images in the DCT domain to guide the rounding. In fast rounding, we propose a novel indicator to evaluate the importance of the DCT coefficients for adversarial attacks, where only those with high importance are adversarially rounded to reduce the distortion. In iterative rounding, we additionally incorporate a loss function to measure the distortion caused by adversarial rounding. The experiments show that our schemes can obtain effective JPEG adversarial images with low distortion.

AB - Adversarial attacks slightly perturb the original image to fool deep neural networks (DNN). Various schemes have been proposed to generate uncompressed adversarial images, which are usually ineffective after being compressed during the transmission. In this paper, we propose to generate JPEG adversarial images directly from the DNN. Two adversarial rounding schemes, including fast rounding and iterative rounding, are proposed to produce quantized DCT coefficients of JPEG adversarial images. Both schemes use the gradients of adversarial images in the DCT domain to guide the rounding. In fast rounding, we propose a novel indicator to evaluate the importance of the DCT coefficients for adversarial attacks, where only those with high importance are adversarially rounded to reduce the distortion. In iterative rounding, we additionally incorporate a loss function to measure the distortion caused by adversarial rounding. The experiments show that our schemes can obtain effective JPEG adversarial images with low distortion.

KW - Deep neural networks

KW - JPEG compression

KW - adversarial examples

UR - https://www.scopus.com/pages/publications/85122054766

U2 - 10.1109/ICME51207.2021.9428243

DO - 10.1109/ICME51207.2021.9428243

M3 - 会议稿件

AN - SCOPUS:85122054766

T3 - Proceedings - IEEE International Conference on Multimedia and Expo

BT - 2021 IEEE International Conference on Multimedia and Expo, ICME 2021

PB - IEEE Computer Society

T2 - 2021 IEEE International Conference on Multimedia and Expo, ICME 2021

Y2 - 5 July 2021 through 9 July 2021

ER -

ON GENERATING JPEG ADVERSARIAL IMAGES

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this