Adversarial Attack on Semantic Segmentation Preprocessed with Super Resolution

Gyeongsup Lim, Minjae Kim, Junbeom Hur

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Computer vision tasks, such as image classification, semantic segmentation, and super resolution, are broadly utilized in many applications. Recent studies revealed that machine learning-based models for the computer vision tasks are vulnerable to adversarial attacks. Since the adversarial attack can disturb the computer vision models in real-world systems, many countermeasures have been proposed against the adversarial attacks, such as denoising, resizing, and machine learning-based super resolution model as a preprocessing. Recently, a prior work demonstrated that the super resolution model as a preprocessing can be vulnerable to the adversarial attack targeted to the preprocessing itself, only when the perturbation is inactive before the preprocessing. However, we also found that the perturbation before the preprocessing can be another serious threat if the super resolution model is used for a mitigation of adversarial attacks. In this paper, we propose Layered Adversary Generation (LAG) that generates the adversarial example by recursively injecting noises to clean image in white-box environment. We then show that LAG is effective to attack a semantic segmentation model even if the super resolution models with/without two countermeasures as auxiliary methods such as resizing and denoising are adopted to mitigate the adversarial attacks. Furthermore, we demonstrate that LAG is transferable across other super resolution models. Lastly, we discuss our attack method in gray-box and black-box environments, and suggests a mitigation for robust preprocessing.

Original languageEnglish
Title of host publication2022 26th International Conference on Pattern Recognition, ICPR 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages484-490
Number of pages7
ISBN (Electronic)9781665490627
DOIs
Publication statusPublished - 2022
Event26th International Conference on Pattern Recognition, ICPR 2022 - Montreal, Canada
Duration: 2022 Aug 212022 Aug 25

Publication series

NameProceedings - International Conference on Pattern Recognition
Volume2022-August
ISSN (Print)1051-4651

Conference

Conference26th International Conference on Pattern Recognition, ICPR 2022
Country/TerritoryCanada
CityMontreal
Period22/8/2122/8/25

Bibliographical note

Funding Information:
This work was supported by IITP grant funded by the MSIT, Korea (No.2019-0-01697, IITP-2022-2020-0-01819, IITP-2021-0-01810) and Basic Science Research Program through the National Research Foundation funded by the Ministry of Education, Korea(NRF-2021R1A6A1A13044830).

Publisher Copyright:
© 2022 IEEE.

ASJC Scopus subject areas

  • Computer Vision and Pattern Recognition

Fingerprint

Dive into the research topics of 'Adversarial Attack on Semantic Segmentation Preprocessed with Super Resolution'. Together they form a unique fingerprint.

Cite this