Haiju Fan
One-Index Vector Quantization Based Adversarial Attack on Image Classification
Fan, Haiju; Qin, Xiaona; Chen, Shuang; Shum, Hubert P. H.; Li, Ming
Authors
Xiaona Qin
Chris Chen shuang.chen@durham.ac.uk
Research Assistant
Professor Hubert Shum hubert.shum@durham.ac.uk
Professor
Ming Li
Abstract
To improve storage and transmission, images are generally compressed. Vector quantization (VQ) is a popular compression method as it has a high compression ratio that suppresses other compression techniques. Despite this, existing adversarial attack methods on image classification are mostly performed in the pixel domain with few exceptions in the compressed domain, making them less applicable in real-world scenarios. In this paper, we propose a novel one-index attack method in the VQ domain to generate adversarial images by a differential evolution algorithm, successfully resulting in image misclassification in victim models. The one-index attack method modifies a single index in the compressed data stream so that the decompressed image is misclassified. It only needs to modify a single VQ index to realize an attack, which limits the number of perturbed indexes. The proposed method belongs to a semi-black-box attack, which is more in line with the actual attack scenario. We apply our method to attack three popular image classification models, i.e., Resnet, NIN, and VGG16. On average, 55.9% and 77.4% of the images in CIFAR-10 and Fashion MNIST, respectively, are successfully attacked, with a high level of misclassification confidence and a low level of image perturbation.
Citation
Fan, H., Qin, X., Chen, S., Shum, H. P. H., & Li, M. (2024). One-Index Vector Quantization Based Adversarial Attack on Image Classification. Pattern Recognition Letters, 186, 47-56. https://doi.org/10.1016/j.patrec.2024.09.001
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Sep 1, 2024 |
| Online Publication Date | Sep 6, 2024 |
| Publication Date | 2024-10 |
| Deposit Date | Sep 3, 2024 |
| Publicly Available Date | Sep 13, 2024 |
| Journal | Pattern Recognition Letters |
| Print ISSN | 0167-8655 |
| Electronic ISSN | 1872-7344 |
| Publisher | Elsevier |
| Peer Reviewed | Peer Reviewed |
| Volume | 186 |
| Pages | 47-56 |
| DOI | https://doi.org/10.1016/j.patrec.2024.09.001 |
| Public URL | https://durham-repository.worktribe.com/output/2783616 |
| Publisher URL | https://www.sciencedirect.com/journal/pattern-recognition-letters |
Files
Accepted Journal Article
(949 Kb)
PDF
Published Journal Article
(3.3 Mb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by/4.0/
You might also like
MxT: Mamba x Transformer for Image Inpainting
(2024)
Presentation / Conference Contribution
Depth-Aware Endoscopic Video Inpainting
(2024)
Presentation / Conference Contribution
HINT: High-quality INpainting Transformer with Mask-Aware Encoding and Enhanced Attention
(2024)
Journal Article
INCLG: Inpainting for Non-Cleft Lip Generation with a Multi-Task Image Processing Network
(2023)
Journal Article
A Feasibility Study on Image Inpainting for Non-cleft Lip Generation from Patients with Cleft Lip
(2022)
Presentation / Conference Contribution
Downloadable Citations
About Durham Research Online (DRO)
Administrator e-mail: dro.admin@durham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search