• English
    • français
  • Help
  •  | 
  • Contact
  •  | 
  • About
  •  | 
  • Login
  • HAL portal
  •  | 
  • Pages Pro
  • EN
  •  / 
  • FR
View Item 
  •   LillOA Home
  • Liste des unités
  • Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189
  • View Item
  •   LillOA Home
  • Liste des unités
  • Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Generating Adversarial Images in Quantized Domains
  • BibTeX
  • CSV
  • Excel
  • RIS

Document type :
Article dans une revue scientifique
DOI :
10.1109/TIFS.2021.3138616
Title :
Generating Adversarial Images in Quantized Domains
Author(s) :
Bonnet, Benoit [Auteur]
Institut de Recherche en Informatique et Systèmes Aléatoires [IRISA]
Furon, Teddy [Auteur]
Institut de Recherche en Informatique et Systèmes Aléatoires [IRISA]
Bas, Patrick [Auteur] refId
Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 [CRIStAL]
Journal title :
IEEE Transactions on Information Forensics and Security
Publisher :
Institute of Electrical and Electronics Engineers
Publication date :
2022
ISSN :
1556-6013
HAL domain(s) :
Sciences de l'ingénieur [physics]/Traitement du signal et de l'image [eess.SP]
English abstract : [en]
Many adversarial attacks produce floating-point tensors which are no longer adversarial when converted to raster or JPEG images due to rounding. This paper proposes a method dedicated to quantize adversarial perturbations. ...
Show more >
Many adversarial attacks produce floating-point tensors which are no longer adversarial when converted to raster or JPEG images due to rounding. This paper proposes a method dedicated to quantize adversarial perturbations. This "smart" quantization is conveniently implemented as versatile post-processing. It can be used on top of any white-box attack targeting any model. Its principle is tantamount to a constrained optimization problem aiming to minimize the quantization error while keeping the image adversarial after quantization. A Lagrangian formulation is proposed and an appropriate search of the Lagrangian multiplier enables to increase the success rate. We also add a control mechanism of the ∞-distortion. Our method operates in both spatial and JPEG domains with little complexity. This study shows that forging adversarial images is not a hard constraint: our quantization does not introduce any extra distortion. Moreover, adversarial images quantized as JPEG also challenge defenses relying on the robustness of neural networks against JPEG compression.Show less >
Language :
Anglais
Peer reviewed article :
Oui
Audience :
Internationale
Popular science :
Non
ANR Project :
Utilisation de grandes bases d'images hétérogènes en stéganalyse pour se rapprocher d'un contexte opérationnel
Outils pour la détection de manipulation d'images numériques.
Sécurité de l'Intelligence Artificielle pour des Applications Défense
Collections :
  • Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189
Source :
Harvested from HAL
Files
Thumbnail
  • https://hal.archives-ouvertes.fr/hal-03467692v2/document
  • Open access
  • Access the document
Thumbnail
  • https://hal.archives-ouvertes.fr/hal-03467692v2/document
  • Open access
  • Access the document
Thumbnail
  • https://hal.archives-ouvertes.fr/hal-03467692v2/document
  • Open access
  • Access the document
Thumbnail
  • https://hal.archives-ouvertes.fr/hal-03467692v2/document
  • Open access
  • Access the document
Université de Lille

Mentions légales
Université de Lille © 2017