Toward Robust Neural Image Compression: Adversarial Attack and Model Finetuning
Deep neural network-based image compression has been extensively studied. However, the model robustness which is crucial to practical application is largely overlooked. We propose to examine the robustness of prevailing learned image compression models by injecting negligible adversarial perturbatio...
Saved in:
| Published in | IEEE transactions on circuits and systems for video technology Vol. 33; no. 12; pp. 7842 - 7856 |
|---|---|
| Main Authors | , |
| Format | Journal Article |
| Language | English |
| Published |
New York
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
01.12.2023
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 1051-8215 1558-2205 |
| DOI | 10.1109/TCSVT.2023.3276442 |
Cover
Loading…
| Abstract | Deep neural network-based image compression has been extensively studied. However, the model robustness which is crucial to practical application is largely overlooked. We propose to examine the robustness of prevailing learned image compression models by injecting negligible adversarial perturbation into the original source image. Severe distortion in decoded reconstruction reveals the general vulnerability in existing methods regardless of their settings (e.g., network architecture, loss function, quality scale). A variety of defense strategies including geometric self-ensemble based pre-processing, and adversarial training, are investigated against the adversarial attack to improve the model’s robustness. Later the defense efficiency is further exemplified in real-life image recompression case studies. Overall, our methodology is simple, effective, and generalizable, making it attractive for developing robust learned image compression solutions. All materials are made publicly accessible at https://njuvision.github.io/RobustNIC for reproducible research. |
|---|---|
| AbstractList | Deep neural network-based image compression has been extensively studied. However, the model robustness which is crucial to practical application is largely overlooked. We propose to examine the robustness of prevailing learned image compression models by injecting negligible adversarial perturbation into the original source image. Severe distortion in decoded reconstruction reveals the general vulnerability in existing methods regardless of their settings (e.g., network architecture, loss function, quality scale). A variety of defense strategies including geometric self-ensemble based pre-processing, and adversarial training, are investigated against the adversarial attack to improve the model’s robustness. Later the defense efficiency is further exemplified in real-life image recompression case studies. Overall, our methodology is simple, effective, and generalizable, making it attractive for developing robust learned image compression solutions. All materials are made publicly accessible at https://njuvision.github.io/RobustNIC for reproducible research. |
| Author | Ma, Zhan Chen, Tong |
| Author_xml | – sequence: 1 givenname: Tong orcidid: 0000-0001-5020-6099 surname: Chen fullname: Chen, Tong organization: School of Electronic Science and Engineering, Nanjing University, Nanjing, China – sequence: 2 givenname: Zhan orcidid: 0000-0003-3686-4057 surname: Ma fullname: Ma, Zhan organization: School of Electronic Science and Engineering, Nanjing University, Nanjing, China |
| BookMark | eNp9kEFLwzAUx4NMcJt-AU8Fz51JmraJt1GcDqYDrV7Da5OOzi6ZSar47e2cJw-e3h_e__ce_CZoZKzRCF0SPCMEi-uyeH4tZxTTZJbQPGOMnqAxSVMeU4rT0ZBxSmJOSXqGJt5vMSaMs3yM1qX9BKeiJ1v1PkSPunfQRcsdbHRU2N3eae9ba26iufrQzoNrh_U8BKjfIjAqerBKd9GiNTr0pjWbc3TaQOf1xe-copfFbVncx6v13bKYr-Ka5mmINW1yLjAQllU1ANcaJ4LmTHPADFQCuqlJw6tK5bwhjKo8ZRoIECFEnlUqmaKr4929s--99kFube_M8FJSLgTLMiHw0KLHVu2s9043cu_aHbgvSbA8iJM_4uRBnPwVN0D8D1S3AcJgIThou__Qb0EwdWY |
| CitedBy_id | crossref_primary_10_1007_s11042_023_17494_0 crossref_primary_10_1109_TAI_2023_3340982 crossref_primary_10_1109_TCSVT_2024_3403166 crossref_primary_10_1109_TCSVT_2024_3432932 crossref_primary_10_1109_TCSVT_2024_3455799 crossref_primary_10_1109_TCSVT_2024_3487761 crossref_primary_10_1016_j_sigpro_2024_109741 crossref_primary_10_1109_JETCAS_2024_3403524 crossref_primary_10_1016_j_engappai_2024_109014 crossref_primary_10_54392_irjmt2526 crossref_primary_10_3390_bdcc9010014 |
| Cites_doi | 10.1109/CVPRW.2017.151 10.1109/ICCV.2019.00816 10.1145/3240508.3240603 10.1109/CVPRW53098.2021.00216 10.1109/CVPR.2016.282 10.1109/SPW.2018.00014 10.24963/ijcai.2019/134 10.1109/TCSVT.2020.3040367 10.1109/TCSVT.2015.2478706 10.1145/103085.103089 10.1109/CVPR42600.2020.00796 10.1109/T-C.1974.223784 10.1109/ICME.2014.6890314 10.1109/JSTSP.2011.2135332 10.1109/JPROC.2004.839613 10.1109/CVPR42600.2020.00072 10.1109/IEEECONF51394.2020.9443315 10.1109/ICCV.2019.00039 10.1109/CVPR.2018.00957 10.1109/TIP.2021.3058615 10.1145/3394171.3413680 10.1109/TCSVT.2019.2910119 10.1007/s11263-018-01144-2 10.1007/978-3-030-01249-6_14 10.1109/DCC52660.2022.00080 10.1007/978-3-030-58565-5_19 10.1109/CVPR.2018.00339 10.1145/3474085.3475213 10.1109/CVPR.2016.90 10.1109/TCSVT.2021.3101953 10.1609/aaai.v36i2.20023 10.1109/CVPR.2018.00068 10.1109/ICCV.2019.00249 10.1109/TCSVT.2005.858610 10.1609/aaai.v32i1.11828 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023 |
| DBID | AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| DOI | 10.1109/TCSVT.2023.3276442 |
| DatabaseName | CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Technology Research Database |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 1558-2205 |
| EndPage | 7856 |
| ExternalDocumentID | 10_1109_TCSVT_2023_3276442 |
| GroupedDBID | -~X 0R~ 29I 4.4 5GY 5VS 6IK 97E AAJGR AARMG AASAJ AAWTH AAYXX ABAZT ABQJQ ABVLG ACGFO ACGFS ACIWK AENEX AETIX AGQYO AGSQL AHBIQ AI. AIBXA AKJIK AKQYR ALLEH ALMA_UNASSIGNED_HOLDINGS ASUFR ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CITATION CS3 DU5 EBS EJD HZ~ H~9 ICLAB IFIPE IFJZH IPLJI JAVBF LAI M43 O9- OCL P2P RIA RIE RIG RNS RXW TAE TN5 VH1 7SC 7SP 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c275t-e2f7890a146bcaa8ee039274e8a04ad3aefc1f8bbd78f142d754ea1a199976bd3 |
| ISSN | 1051-8215 |
| IngestDate | Mon Jun 30 03:40:11 EDT 2025 Thu Apr 24 23:02:35 EDT 2025 Tue Jul 01 00:41:21 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 12 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html https://doi.org/10.15223/policy-029 https://doi.org/10.15223/policy-037 |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c275t-e2f7890a146bcaa8ee039274e8a04ad3aefc1f8bbd78f142d754ea1a199976bd3 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0001-5020-6099 0000-0003-3686-4057 |
| PQID | 2899466990 |
| PQPubID | 85433 |
| PageCount | 15 |
| ParticipantIDs | proquest_journals_2899466990 crossref_primary_10_1109_TCSVT_2023_3276442 crossref_citationtrail_10_1109_TCSVT_2023_3276442 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2023-12-01 |
| PublicationDateYYYYMMDD | 2023-12-01 |
| PublicationDate_xml | – month: 12 year: 2023 text: 2023-12-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationPlace | New York |
| PublicationPlace_xml | – name: New York |
| PublicationTitle | IEEE transactions on circuits and systems for video technology |
| PublicationYear | 2023 |
| Publisher | The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref13 ref12 ref14 ref58 ref11 ref55 ref10 ref17 ref16 ref19 lee (ref36) 2018 bégaint (ref59) 2020 ref18 goodfellow (ref20) 2015 huang (ref52) 2015 ref50 hu (ref8) 2022; 44 helminger (ref37) 2021 ref45 ref41 ref44 ballé (ref1) 2016 ballé (ref30) 2015 madry (ref43) 2017 xu (ref49) 2017 ref7 ref9 li (ref61) 2019; 32 ref3 ref6 minnen (ref4) 2018 ref40 nair (ref31) 2010 ref35 bai (ref68) 2021 ref34 ref33 ref32 netzer (ref57) 2011 ref39 ref38 yang (ref64) 2020; 33 nguyen (ref21) 2015 kodak (ref60) 2022 mentzer (ref5) 2020 ballé (ref2) 2018 larsen (ref56) 2016; 48 ref24 ref23 ref67 ref25 dziugaite (ref47) 2016 ref63 choi (ref26) 2021 ref22 ref66 wang (ref15) 2004 carlini (ref27) 2016 kurakin (ref28) 2016 szegedy (ref42) 2013 ref29 kurakin (ref53) 2018 duy thang (ref65) 2019 xie (ref48) 2017 szegedy (ref51) 2014 tabacof (ref54) 2016 ref62 kingma (ref46) 2014 |
| References_xml | – ident: ref50 doi: 10.1109/CVPRW.2017.151 – ident: ref44 doi: 10.1109/ICCV.2019.00816 – ident: ref24 doi: 10.1145/3240508.3240603 – ident: ref16 doi: 10.1109/CVPRW53098.2021.00216 – year: 2015 ident: ref30 article-title: Density modeling of images using a generalized normalization transformation publication-title: arXiv 1511 06281 – ident: ref39 doi: 10.1109/CVPR.2016.282 – ident: ref55 doi: 10.1109/SPW.2018.00014 – volume: 32 start-page: 1 year: 2019 ident: ref61 article-title: Cross-modal learning with adversarial samples publication-title: Proc Adv Neural Inf Process Syst – year: 2016 ident: ref54 article-title: Adversarial images for variational autoencoders publication-title: arXiv 1612 00155 – year: 2016 ident: ref28 article-title: Adversarial examples in the physical world publication-title: arXiv 1607 02533 – start-page: 10794 year: 2018 ident: ref4 article-title: Joint autoregressive and hierarchical priors for learned image compression publication-title: Proc Adv Neural Inf Process Syst – year: 2018 ident: ref53 publication-title: Ensemble adversarial training Attacks and defenses – ident: ref23 doi: 10.24963/ijcai.2019/134 – ident: ref41 doi: 10.1109/TCSVT.2020.3040367 – ident: ref17 doi: 10.1109/TCSVT.2015.2478706 – start-page: 1398 year: 2004 ident: ref15 article-title: Multiscale structural similarity for image quality assessment publication-title: Proc 27th Asilomar Conf Signals Syst Comput – ident: ref11 doi: 10.1145/103085.103089 – ident: ref6 doi: 10.1109/CVPR42600.2020.00796 – volume: 33 start-page: 9098 year: 2020 ident: ref64 article-title: Adversarial learning for robust deep clustering publication-title: Proc NeurIPS – ident: ref32 doi: 10.1109/T-C.1974.223784 – year: 2021 ident: ref68 article-title: Improving adversarial robustness via channel-wise activation suppressing publication-title: arXiv 2103 08307 – ident: ref35 doi: 10.1109/ICME.2014.6890314 – ident: ref34 doi: 10.1109/JSTSP.2011.2135332 – year: 2018 ident: ref2 article-title: Variational image compression with a scale hyperprior publication-title: arXiv 1802 01436 – start-page: 1 year: 2011 ident: ref57 article-title: Reading digits in natural images with unsupervised feature learning publication-title: Proc NIPS Workshop Deep Learn Unsupervised Feature Learn – ident: ref12 doi: 10.1109/JPROC.2004.839613 – ident: ref62 doi: 10.1109/CVPR42600.2020.00072 – ident: ref14 doi: 10.1109/IEEECONF51394.2020.9443315 – ident: ref58 doi: 10.1109/ICCV.2019.00039 – year: 2016 ident: ref27 article-title: Towards evaluating the robustness of neural networks publication-title: arXiv 1608 04644 – year: 2020 ident: ref5 article-title: High-fidelity generative image compression publication-title: arXiv 2006 09965 – start-page: 1 year: 2015 ident: ref20 article-title: Explaining and harnessing adversarial examples publication-title: Proc 3rd Int Conf Learn Represent (ICLR) – ident: ref45 doi: 10.1109/CVPR.2018.00957 – ident: ref7 doi: 10.1109/TIP.2021.3058615 – ident: ref18 doi: 10.1145/3394171.3413680 – start-page: 807 year: 2010 ident: ref31 article-title: Rectified linear units improve restricted Boltzmann machines publication-title: Proc ICML – volume: 48 start-page: 1558 year: 2016 ident: ref56 article-title: Autoencoding beyond pixels using a learned similarity metric publication-title: Proc 33rd Int Conf Mach Learn – ident: ref10 doi: 10.1109/TCSVT.2019.2910119 – year: 2016 ident: ref1 article-title: End-to-end optimized image compression publication-title: arXiv 1611 01704 – ident: ref67 doi: 10.1007/s11263-018-01144-2 – year: 2015 ident: ref52 article-title: Learning with a strong adversary publication-title: arXiv 1511 03034 – ident: ref22 doi: 10.1007/978-3-030-01249-6_14 – ident: ref9 doi: 10.1109/DCC52660.2022.00080 – ident: ref19 doi: 10.1007/978-3-030-58565-5_19 – year: 2017 ident: ref43 article-title: Towards deep learning models resistant to adversarial attacks publication-title: arXiv 1706 06083 – ident: ref3 doi: 10.1109/CVPR.2018.00339 – year: 2021 ident: ref26 article-title: Deep image destruction: Vulnerability of deep image-to-image models against adversarial attacks publication-title: arXiv 2104 15022 – ident: ref38 doi: 10.1145/3474085.3475213 – year: 2016 ident: ref47 article-title: A study of the effect of JPG compression on adversarial images publication-title: arXiv 1608 00853 – year: 2019 ident: ref65 article-title: Image transformation can make neural networks more robust against adversarial examples publication-title: arXiv 1901 03037 – ident: ref29 doi: 10.1109/CVPR.2016.90 – ident: ref13 doi: 10.1109/TCSVT.2021.3101953 – start-page: 1 year: 2021 ident: ref37 article-title: Lossy image compression with normalizing flows publication-title: Proc Neural Compress Inf Theory Appl Workshop (ICLR) – ident: ref63 doi: 10.1609/aaai.v36i2.20023 – year: 2017 ident: ref49 article-title: Feature squeezing: Detecting adversarial examples in deep neural networks publication-title: arXiv 1704 01155 – ident: ref40 doi: 10.1109/CVPR.2018.00068 – start-page: 1 year: 2014 ident: ref51 article-title: Intriguing properties of neural networks publication-title: Proc Int Conf Learn Represent – ident: ref25 doi: 10.1109/ICCV.2019.00249 – volume: 44 start-page: 4194 year: 2022 ident: ref8 article-title: Learning end-to-end lossy image compression: A benchmark publication-title: IEEE Trans Pattern Anal Mach Intell – ident: ref33 doi: 10.1109/TCSVT.2005.858610 – year: 2018 ident: ref36 article-title: Context-adaptive entropy model for end-to-end optimized image compression publication-title: arXiv 1809 10452 – ident: ref66 doi: 10.1609/aaai.v32i1.11828 – year: 2017 ident: ref48 article-title: Mitigating adversarial effects through randomization publication-title: arXiv 1711 01991 – year: 2013 ident: ref42 article-title: Intriguing properties of neural networks publication-title: arXiv 1312 6199 – year: 2014 ident: ref46 article-title: Adam: A method for stochastic optimization publication-title: arXiv 1412 6980 – year: 2020 ident: ref59 article-title: CompressAI: A PyTorch library and evaluation platform for end-to-end compression research publication-title: arXiv 2011 03029 – start-page: 427 year: 2015 ident: ref21 article-title: Deep neural networks are easily fooled: High confidence predictions for unrecognizable images publication-title: Proc IEEE Conf Comput Vis Pattern Recognit (CVPR) – year: 2022 ident: ref60 publication-title: Kodak lossless true color image suite (PhotoCD PCD0992) |
| SSID | ssj0014847 |
| Score | 2.4975412 |
| Snippet | Deep neural network-based image compression has been extensively studied. However, the model robustness which is crucial to practical application is largely... |
| SourceID | proquest crossref |
| SourceType | Aggregation Database Enrichment Source Index Database |
| StartPage | 7842 |
| SubjectTerms | Artificial neural networks Compressing Image compression Robustness |
| Title | Toward Robust Neural Image Compression: Adversarial Attack and Model Finetuning |
| URI | https://www.proquest.com/docview/2899466990 |
| Volume | 33 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1Lj9MwELbKcoED4ikWFuQDtyoldew44baqUi1o2ZUgRb1FtuOIFdBF2-TCv-AfMx47aZaiFXCJqrRJE89nz3ge3xDyiola61QnUQLKM-JqriJt8iZqdJ4onjJQUW6j-P4sPVnxd2uxnkx-jrKWulbPzI8_1pX8j1ThHMjVVcn-g2SHm8IJ-AzyhSNIGI5_J2PMeXXZ0d22nTqeDcec8c2l4bh57lNcMXUD-y5vFbboOG5bZb74DAvXB2e6BEuz7Ta9EgumqtsGug4SfTtxjCuYiyvTuVgD-ts92zlmKrpyPrBi9xz1i1D9UV6Gu6P3G0MinwMwg8-BJb_lb5SY1znKZSiwZc9Ab1AMHXy2A63isOah5Qxv0Hs6_LoLa0OUMV_ZObNhLRYgbhaL8WLtWTN6ULLR0iszT9O1rxOQUrVcfPxUztzLzBImwQpkOw3YR_3Pzqvl6vS0Kot1eYvcZlJi5P_D22IITPEMe9YNz9vXYcX56_1_uG7rXFf1aL-U98m9sPGgxx5FD8jEbh6SuyM6ykfk3OOJejxRjyeKeKIjPL2hIzRRjyYKAqGIJrpD02OyWhbl4iQKDTciw6RoI8saVxetQHtqo1RmbQzms-Q2UzFXdaJsY-ZNpnUts2bOWS0FtzC9HZWFTHWdPCEHm8uNfUpoIsH0M3CBMJwLI7K8gamfCgUWMRdWHpJ5PzSVCWz0rinK1wp3pXFe4XBWbjirMJyHZDpc891zsdz466N-xKswZ7eVcy_AY4AJ9uzmr5-TOzvgH5GD9qqzL8D8bPVLBMQvUXuE1A |
| linkProvider | IEEE |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Toward+Robust+Neural+Image+Compression%3A+Adversarial+Attack+and+Model+Finetuning&rft.jtitle=IEEE+transactions+on+circuits+and+systems+for+video+technology&rft.au=Chen%2C+Tong&rft.au=Ma%2C+Zhan&rft.date=2023-12-01&rft.pub=The+Institute+of+Electrical+and+Electronics+Engineers%2C+Inc.+%28IEEE%29&rft.issn=1051-8215&rft.eissn=1558-2205&rft.volume=33&rft.issue=12&rft.spage=7842&rft_id=info:doi/10.1109%2FTCSVT.2023.3276442&rft.externalDBID=NO_FULL_TEXT |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1051-8215&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1051-8215&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1051-8215&client=summon |