Deep Image Destruction: Vulnerability of Deep Image-to-Image Models against Adversarial Attacks

Jun Ho Choi, Huan Zhang, Jun Hyuk Kim, Cho Jui Hsieh, Jong Seok Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Recently, the vulnerability of deep image classification models to adversarial attacks has been investigated. However, such an issue has not been thoroughly studied for image-to-image tasks that take an input image and generate an output image (e.g., colorization, denoising, deblurring, etc.) This paper presents comprehensive investigations into the vulnerability of deep image-to-image models to adversarial attacks. For five popular image-to-image tasks, 16 deep models are analyzed from various standpoints such as output quality degradation due to attacks, transferability of adversarial examples across different tasks, and characteristics of perturbations. We show that unlike image classification tasks, the performance degradation on image-to-image tasks largely differs depending on various factors, e.g., attack methods and task objectives. In addition, we analyze the effectiveness of conventional defense methods used for classification models in improving the robustness of the image-to-image models.

Original languageEnglish (US)
Title of host publication2022 26th International Conference on Pattern Recognition, ICPR 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1287-1293
Number of pages7
ISBN (Electronic)9781665490627
DOIs
StatePublished - 2022
Externally publishedYes
Event26th International Conference on Pattern Recognition, ICPR 2022 - Montreal, Canada
Duration: Aug 21 2022Aug 25 2022

Publication series

NameProceedings - International Conference on Pattern Recognition
Volume2022-August
ISSN (Print)1051-4651

Conference

Conference26th International Conference on Pattern Recognition, ICPR 2022
Country/TerritoryCanada
CityMontreal
Period8/21/228/25/22

ASJC Scopus subject areas

  • Computer Vision and Pattern Recognition

Fingerprint

Dive into the research topics of 'Deep Image Destruction: Vulnerability of Deep Image-to-Image Models against Adversarial Attacks'. Together they form a unique fingerprint.

Cite this