Computer vision tasks, such as image classification, semantic segmentation, and super resolution, are broadly utilized in many applications. Recent studies revealed that machine learning-based models for the computer vision tasks are vulnerable to adversarial attacks. Since the adversarial attack can disturb the computer vision models in real-world systems, many countermeasures have been proposed against the adversarial attacks, such as denoising, resizing, and machine learning-based super resolution model as a preprocessing. Recently, a prior work demonstrated that the super resolution model as a preprocessing can be vulnerable to the adversarial attack targeted to the preprocessing itself, only when the perturbation is inactive before the preprocessing. However, we also found that the perturbation before the preprocessing can be another serious threat if the super resolution model is used for a mitigation of adversarial attacks. In this paper, we propose Layered Adversary Generation (LAG) that generates the adversarial example by recursively injecting noises to clean image in white-box environment. We then show that LAG is effective to attack a semantic segmentation model even if the super resolution models with/without two countermeasures as auxiliary methods such as resizing and denoising are adopted to mitigate the adversarial attacks. Furthermore, we demonstrate that LAG is transferable across other super resolution models. Lastly, we discuss our attack method in gray-box and black-box environments, and suggests a mitigation for robust preprocessing.
|Title of host publication
|2022 26th International Conference on Pattern Recognition, ICPR 2022
|Institute of Electrical and Electronics Engineers Inc.
|Number of pages
|Published - 2022
|26th International Conference on Pattern Recognition, ICPR 2022 - Montreal, Canada
Duration: 2022 Aug 21 → 2022 Aug 25
|Proceedings - International Conference on Pattern Recognition
|26th International Conference on Pattern Recognition, ICPR 2022
|22/8/21 → 22/8/25
Bibliographical noteFunding Information:
This work was supported by IITP grant funded by the MSIT, Korea (No.2019-0-01697, IITP-2022-2020-0-01819, IITP-2021-0-01810) and Basic Science Research Program through the National Research Foundation funded by the Ministry of Education, Korea(NRF-2021R1A6A1A13044830).
© 2022 IEEE.
ASJC Scopus subject areas
- Computer Vision and Pattern Recognition