Go to DBLP homepageGenerative Adversarial Network Based Image-Scaling Attack and Defense Modeling
Abstract: Deep learning has achieved remarkable performance in computer vision applications, and gradually becomes one of the mainstream technologies. Image scaling, as an indispensable data pre-processing procedure for most of the computer vision applications, is implemented to resize the unmatched data to fit the input sizes of deep learning models. However, such kind of data pre-processing is vulnerable to be exploited to launch an attack called image-scaling attack, which can generate attack images presenting entirely different appearances after scaling. In this paper, we develop the attack model based on generative adversarial network (GAN) to fuse the source and target images, called Attack-GAN, which guarantees the generated attack images are imperceptible as well as being scaled to the target images. Experiments show that the superiority of Attack-GAN over the optimization method is that it can generate attack images with better camouflage and achieve higher attack success rates as well as accelerate the generation of attack images. Furthermore, we propose the Defense-GAN to learn and approximate the distribution of unperturbed images from attack images, which aims to eliminate and compensate the adversarial pixels. Based on different capabilities, customized defense strategies for different defenders are developed to resist the image-scaling attack. Experimental results manifest the proposed defense strategies are effective against the image-scaling attack, i.e., the generator of Defense-GAN can recover the attack images and retain the original ‘semantics’.
External IDs:dblp:journals/tetci/LiCLZWWX25
Loading