Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Enhancing Adversarial Training with Prior Knowledge Distillation for Robust Image Compression (2403.06700v2)

Published 11 Mar 2024 in eess.IV

Abstract: Deep neural network-based image compression (NIC) has achieved excellent performance, but NIC method models have been shown to be susceptible to backdoor attacks. Adversarial training has been validated in image compression models as a common method to enhance model robustness. However, the improvement effect of adversarial training on model robustness is limited. In this paper, we propose a prior knowledge-guided adversarial training framework for image compression models. Specifically, first, we propose a gradient regularization constraint for training robust teacher models. Subsequently, we design a knowledge distillation based strategy to generate a priori knowledge from the teacher model to the student model for guiding adversarial training. Experimental results show that our method improves the reconstruction quality by about 9dB when the Kodak dataset is elected as the backdoor attack object for psnr attack. Compared with Ma2023, our method has a 5dB higher PSNR output at high bitrate points.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (19)
  1. T. Chen and Z. Ma, “Towards robust neural image compression: Adversarial attack and model finetuning,” IEEE Transactions on Circuits and Systems for Video Technology, 2023.
  2. J. Ballé, V. Laparra, and E. P. Simoncelli, “End-to-end optimized image compression,” arXiv preprint arXiv:1611.01704, 2016.
  3. J. Ballé, D. Minnen, S. Singh, S. J. Hwang, and N. Johnston, “Variational image compression with a scale hyperprior,” arXiv preprint arXiv:1802.01436, 2018.
  4. D. Minnen, J. Ballé, and G. D. Toderici, “Joint autoregressive and hierarchical priors for learned image compression,” Advances in neural information processing systems, vol. 31, 2018.
  5. D. Minnen and S. Singh, “Channel-wise autoregressive entropy models for learned image compression,” in 2020 IEEE International Conference on Image Processing (ICIP), pp. 3339–3343, IEEE, 2020.
  6. Z. Cheng, H. Sun, M. Takeuchi, and J. Katto, “Learned image compression with discretized gaussian mixture likelihoods and attention modules,” in Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pp. 7939–7948, 2020.
  7. Y. Bao, F. Meng, C. Li, S. Ma, Y. Tian, and Y. Liang, “Nonlinear transforms in learned image compression from a communication perspective,” IEEE Transactions on Circuits and Systems for Video Technology, vol. 33, no. 4, pp. 1922–1936, 2023.
  8. G. K. Wallace, “The jpeg still picture compression standard,” Communications of the ACM, vol. 34, no. 4, pp. 30–44, 1991.
  9. M. Rabbani and R. Joshi, “An overview of the jpeg 2000 still image compression standard,” Signal processing: Image communication, vol. 17, no. 1, pp. 3–48, 2002.
  10. D. Yee, S. Soltaninejad, D. Hazarika, G. Mbuyi, R. Barnwal, and A. Basu, “Medical image compression based on region of interest using better portable graphics (bpg),” in 2017 IEEE international conference on systems, man, and cybernetics (SMC), pp. 216–221, IEEE, 2017.
  11. B. Bross, J. Chen, J.-R. Ohm, G. J. Sullivan, and Y.-K. Wang, “Developments in international video coding standardization after avc, with an overview of versatile video coding (vvc),” Proceedings of the IEEE, vol. 109, no. 9, pp. 1463–1493, 2021.
  12. C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, and R. Fergus, “Intriguing properties of neural networks,” arXiv preprint arXiv:1312.6199, 2013.
  13. I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,” arXiv preprint arXiv:1412.6572, 2014.
  14. A. Kurakin, I. J. Goodfellow, and S. Bengio, “Adversarial examples in the physical world,” in Artificial intelligence safety and security, pp. 99–112, Chapman and Hall/CRC, 2018.
  15. A. Madry, A. Makelov, L. Schmidt, D. Tsipras, and A. Vladu, “Towards deep learning models resistant to adversarial attacks,” arXiv preprint arXiv:1706.06083, 2017.
  16. K. Liu, D. Wu, Y. Wang, D. Feng, B. Tan, and S. Garg, “Denial-of-service attacks on learned image compression,” arXiv preprint arXiv:2205.13253, 2022.
  17. N. Papernot, P. McDaniel, X. Wu, S. Jha, and A. Swami, “Distillation as a defense to adversarial perturbations against deep neural networks,” in 2016 IEEE symposium on security and privacy (SP), pp. 582–597, IEEE, 2016.
  18. H. Drucker and Y. Le Cun, “Improving generalization performance using double backpropagation,” IEEE transactions on neural networks, vol. 3, no. 6, pp. 991–997, 1992.
  19. C. Finlay and A. M. Oberman, “Scaleable input gradient regularization for adversarial robustness,” Machine Learning with Applications, vol. 3, p. 100017, 2021.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (7)
  1. Zhi Cao (10 papers)
  2. Youneng Bao (7 papers)
  3. Fanyang Meng (14 papers)
  4. Chao Li (430 papers)
  5. Wen Tan (8 papers)
  6. Genhong Wang (1 paper)
  7. Yongsheng Liang (28 papers)
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now