Towards JPEG-Compression Invariance for Adversarial Optimization

Amon Soares de Souza; Andreas Meißner; Michaela Geierhos

doi:10.5220/0013300200003912

Towards JPEG-Compression Invariance for Adversarial Optimization

Amon Soares de Souza, Andreas Meißner, Michaela Geierhos

2025

Abstract

Adversarial image processing attacks aim to strike a fine balance between pattern visibility and target model error. This balance ideally results in a sample that maintains high visual fidelity to the original image, but forces the model to output the target of the attack, and is therefore particularly susceptible to transformations by post-processing such as compression. JPEG compression, which is inherently non-differentiable and an integral part of almost every web application, therefore severely limits the set of possible use cases for attacks. Although differentiable JPEG approximations have been proposed, they (1) have not been extended to the stronger and less perceptible optimization-based attacks, and (2) have been insufficiently evaluated. Constrained adversarial optimization allows for a strong combination of success rate and high visual fidelity to the original sample. We present a novel robust attack based on constrained optimization and an adaptive compression search. We show that our attack outperforms current robust methods for gradient projection attacks for the same amount of applied perturbation, suggesting a more effective trade-off between perturbation and attack success rate. The code is available here: https://github.com/amonsoes/frcw.

Download

Paper Citation

in Harvard Style

Soares de Souza A., Meißner A. and Geierhos M. (2025). Towards JPEG-Compression Invariance for Adversarial Optimization. In Proceedings of the 20th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: VISAPP; ISBN 978-989-758-728-3, SciTePress, pages 166-177. DOI: 10.5220/0013300200003912

in Bibtex Style

@conference{visapp25,
author={Amon Soares de Souza and Andreas Meißner and Michaela Geierhos},
title={Towards JPEG-Compression Invariance for Adversarial Optimization},
booktitle={Proceedings of the 20th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: VISAPP},
year={2025},
pages={166-177},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013300200003912},
isbn={978-989-758-728-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: VISAPP
TI - Towards JPEG-Compression Invariance for Adversarial Optimization
SN - 978-989-758-728-3
AU - Soares de Souza A.
AU - Meißner A.
AU - Geierhos M.
PY - 2025
SP - 166
EP - 177
DO - 10.5220/0013300200003912
PB - SciTePress