Haiju Fan
One-Index Vector Quantization Based Adversarial Attack on Image Classification
Fan, Haiju; Qin, Xiaona; Chen, Shuang; Shum, Hubert P. H.; Li, Ming
Authors
Xiaona Qin
Chris Chen shuang.chen@durham.ac.uk
Post Doctoral Research Associate
Professor Hubert Shum hubert.shum@durham.ac.uk
Professor
Ming Li
Abstract
To improve storage and transmission, images are generally compressed. Vector quantization (VQ) is a popular compression method as it has a high compression ratio that suppresses other compression techniques. Despite this, existing adversarial attack methods on image classification are mostly performed in the pixel domain with few exceptions in the compressed domain, making them less applicable in real-world scenarios. In this paper, we propose a novel one-index attack method in the VQ domain to generate adversarial images by a differential evolution algorithm, successfully resulting in image misclassification in victim models. The one-index attack method modifies a single index in the compressed data stream so that the decompressed image is misclassified. It only needs to modify a single VQ index to realize an attack, which limits the number of perturbed indexes. The proposed method belongs to a semi-black-box attack, which is more in line with the actual attack scenario. We apply our method to attack three popular image classification models, i.e., Resnet, NIN, and VGG16. On average, 55.9% and 77.4% of the images in CIFAR-10 and Fashion MNIST, respectively, are successfully attacked, with a high level of misclassification confidence and a low level of image perturbation.
Citation
Fan, H., Qin, X., Chen, S., Shum, H. P. H., & Li, M. (2024). One-Index Vector Quantization Based Adversarial Attack on Image Classification. Pattern Recognition Letters, 186, 47-56. https://doi.org/10.1016/j.patrec.2024.09.001
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Sep 1, 2024 |
| Online Publication Date | Sep 6, 2024 |
| Publication Date | 2024-10 |
| Deposit Date | Sep 3, 2024 |
| Publicly Available Date | Sep 13, 2024 |
| Journal | Pattern Recognition Letters |
| Print ISSN | 0167-8655 |
| Electronic ISSN | 1872-7344 |
| Publisher | Elsevier |
| Peer Reviewed | Peer Reviewed |
| Volume | 186 |
| Pages | 47-56 |
| DOI | https://doi.org/10.1016/j.patrec.2024.09.001 |
| Public URL | https://durham-repository.worktribe.com/output/2783616 |
| Publisher URL | https://www.sciencedirect.com/journal/pattern-recognition-letters |
Files
Accepted Journal Article
(949 Kb)
PDF
Published Journal Article
(3.3 Mb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by/4.0/
You might also like
Chatbots and Art Critique: A Comparative Study of Chatbot and Human Experts in Traditional Chinese Painting Education
(2024)
Presentation / Conference Contribution
Repeat and Concatenate: 2D to 3D Image Translation with 3D to 3D Generative Modeling
(2024)
Presentation / Conference Contribution
Two-Person Interaction Augmentation with Skeleton Priors
(2024)
Presentation / Conference Contribution
Downloadable Citations
About Durham Research Online (DRO)
Administrator e-mail: dro.admin@durham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search