Adversarial Attack on Semantic Segmentation Preprocessed with Super Resolution

Gyeongsup Lim, Minjae Kim, Junbeom Hur

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    1 Citation (Scopus)

    Abstract

    Computer vision tasks, such as image classification, semantic segmentation, and super resolution, are broadly utilized in many applications. Recent studies revealed that machine learning-based models for the computer vision tasks are vulnerable to adversarial attacks. Since the adversarial attack can disturb the computer vision models in real-world systems, many countermeasures have been proposed against the adversarial attacks, such as denoising, resizing, and machine learning-based super resolution model as a preprocessing. Recently, a prior work demonstrated that the super resolution model as a preprocessing can be vulnerable to the adversarial attack targeted to the preprocessing itself, only when the perturbation is inactive before the preprocessing. However, we also found that the perturbation before the preprocessing can be another serious threat if the super resolution model is used for a mitigation of adversarial attacks. In this paper, we propose Layered Adversary Generation (LAG) that generates the adversarial example by recursively injecting noises to clean image in white-box environment. We then show that LAG is effective to attack a semantic segmentation model even if the super resolution models with/without two countermeasures as auxiliary methods such as resizing and denoising are adopted to mitigate the adversarial attacks. Furthermore, we demonstrate that LAG is transferable across other super resolution models. Lastly, we discuss our attack method in gray-box and black-box environments, and suggests a mitigation for robust preprocessing.

    Original languageEnglish
    Title of host publication2022 26th International Conference on Pattern Recognition, ICPR 2022
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages484-490
    Number of pages7
    ISBN (Electronic)9781665490627
    DOIs
    Publication statusPublished - 2022
    Event26th International Conference on Pattern Recognition, ICPR 2022 - Montreal, Canada
    Duration: 2022 Aug 212022 Aug 25

    Publication series

    NameProceedings - International Conference on Pattern Recognition
    Volume2022-August
    ISSN (Print)1051-4651

    Conference

    Conference26th International Conference on Pattern Recognition, ICPR 2022
    Country/TerritoryCanada
    CityMontreal
    Period22/8/2122/8/25

    Bibliographical note

    Publisher Copyright:
    © 2022 IEEE.

    ASJC Scopus subject areas

    • Computer Vision and Pattern Recognition

    Fingerprint

    Dive into the research topics of 'Adversarial Attack on Semantic Segmentation Preprocessed with Super Resolution'. Together they form a unique fingerprint.

    Cite this