14,028 research outputs found
Towards Robust Neural Image Compression: Adversarial Attack and Model Finetuning
Deep neural network based image compression has been extensively studied.
Model robustness is largely overlooked, though it is crucial to service
enabling. We perform the adversarial attack by injecting a small amount of
noise perturbation to original source images, and then encode these adversarial
examples using prevailing learnt image compression models. Experiments report
severe distortion in the reconstruction of adversarial examples, revealing the
general vulnerability of existing methods, regardless of the settings used in
underlying compression model (e.g., network architecture, loss function,
quality scale) and optimization strategy used for injecting perturbation (e.g.,
noise threshold, signal distance measurement). Later, we apply the iterative
adversarial finetuning to refine pretrained models. In each iteration, random
source images and adversarial examples are mixed to update underlying model.
Results show the effectiveness of the proposed finetuning strategy by
substantially improving the compression model robustness. Overall, our
methodology is simple, effective, and generalizable, making it attractive for
developing robust learnt image compression solution. All materials have been
made publicly accessible at https://njuvision.github.io/RobustNIC for
reproducible research.Comment: This paper has been completely rewritte
Understanding Compressive Adversarial Privacy
Designing a data sharing mechanism without sacrificing too much privacy can
be considered as a game between data holders and malicious attackers. This
paper describes a compressive adversarial privacy framework that captures the
trade-off between the data privacy and utility. We characterize the optimal
data releasing mechanism through convex optimization when assuming that both
the data holder and attacker can only modify the data using linear
transformations. We then build a more realistic data releasing mechanism that
can rely on a nonlinear compression model while the attacker uses a neural
network. We demonstrate in a series of empirical applications that this
framework, consisting of compressive adversarial privacy, can preserve
sensitive information
Relationship between Model Compression and Adversarial Robustness: A Review of Current Evidence
Increasing the model capacity is a known approach to enhance the adversarial
robustness of deep learning networks. On the other hand, various model
compression techniques, including pruning and quantization, can reduce the size
of the network while preserving its accuracy. Several recent studies have
addressed the relationship between model compression and adversarial
robustness, while some experiments have reported contradictory results. This
work summarizes available evidence and discusses possible explanations for the
observed effects.Comment: Accepted for publication at SSCI 202
- …