Log In Sign Up

A study of the effect of JPG compression on adversarial images

Neural network image classifiers are known to be vulnerable to adversarial images, i.e., natural images which have been modified by an adversarial perturbation specifically designed to be imperceptible to humans yet fool the classifier. Not only can adversarial images be generated easily, but these images will often be adversarial for networks trained on disjoint subsets of data or with different architectures. Adversarial images represent a potential security risk as well as a serious machine learning challenge---it is clear that vulnerable neural networks perceive images very differently from humans. Noting that virtually every image classification data set is composed of JPG images, we evaluate the effect of JPG compression on the classification of adversarial images. For Fast-Gradient-Sign perturbations of small magnitude, we found that JPG compression often reverses the drop in classification accuracy to a large extent, but not always. As the magnitude of the perturbations increases, JPG recompression alone is insufficient to reverse the effect.


Universal adversarial perturbations

Given a state-of-the-art deep neural network classifier, we show the exi...

EdgeFool: An Adversarial Image Enhancement Filter

Adversarial examples are intentionally perturbed images that mislead cla...

Early Methods for Detecting Adversarial Images

Many machine learning classifiers are vulnerable to adversarial perturba...

Generate (non-software) Bugs to Fool Classifiers

In adversarial attacks intended to confound deep learning models, most s...

Just Noticeable Difference for Machines to Generate Adversarial Images

One way of designing a robust machine learning algorithm is to generate ...

Stereoscopic Universal Perturbations across Different Architectures and Datasets

We study the effect of adversarial perturbations of images on deep stere...

Code Repositories


A simple jpeg defense for the OpenAI attack

view repo