Image-Scaling Attack on Image Signal Processing Pipelines in Deep Neural Networks-Based Outdoor Vision Applications

Download PDF
Open Webpage

Junjian Li, Honglong Chen, Zhichen Ni, Yudong Gao, Weifeng Liu, Nan Jiang

Published: 2024, Last Modified: 08 Jan 2026IEEE Trans. Consumer Electron. 2024EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Adversarial attacks pose a potential threat to the deployment of deep neural networks (DNNs) on the consumer electronic (CE) devices for outdoor use (e.g., face recognition and fire monitoring). Generally, most of the DNN-based CE vision devices are equipped with image signal processing (ISP) pipelines to implement RAW-to-RGB transformations and embedded into data preprocessing modules for efficient image processing. However, none of the existing adversarial attacks takes into account the impacts of both ISP pipeline and data preprocessing. In this paper, we develop an image-scaling attack targeting on the ISP pipeline and preprocessing process, which are the indispensable components in the DNN-based CE vision applications. Specially, the crafted adversarial RAW can be transformed into the attack image that presents an entirely different appearance once being scaled to a specific-size image. Notably, the attack is driven by the gradient information from the ISP pipeline. Thus, we first consider the gradient-available ISP pipeline, i.e., the gradient information can be directly utilized in the generation process of adversarial RAW. Subsequently, the scope of the attack is then expanded to encompass the gradient-unavailable ISP pipelines, where the gradient information cannot be directly computed. To obtain the effective gradient information for attacking, we design a proxy model as the gradient oracles that can well learn the RAW-to-RGB transformations of the target gradient-unavailable ISP pipeline. Then the attack can be launched by utilizing the approximated gradient information from the proxy model. Extensive experiments show that the proposed adversarial attacks can craft adversarial RAW data against the target ISP pipelines in vision applications with high attack success rates. We investigate the potential vulnerabilities in the vision devices and emphasize the urgent requirement for robust security measures to ensure the dependable deployment of these devices in outdoor CE products.