Go to DBLP homepageGenerating Image Adversarial Example by Modifying JPEG Stream
Abstract: Research on adversarial attacks mainly focuses on reducing the amplitude of disturbances, increasing the success rate of attacks, and improving attack efficiency. However, the adversarial examples are all in the form of raw (float matrix or lossless compressed pictures). Due to the difficulty of storage and transmission caused by a large amount of redundant information, raw pictures rarely exist in the real world. In this work, a convolution operation is used to simulate the JPEG decompression process, forming a decompression module independent of the classification model to obtain the gradient information about the JPEG stream. We establish a process for generating JPEG adversarial examples. To improve the decoded image’s visual quality and reduce the perturbation amplitude, we select the complex texture area according to the human visual model and select only the most effective points in each DCT block to embed adversarial noise. A large number of tests on the ImageNet dataset show the effectiveness of the proposed method.
Loading