The Effects of JPEG and JPEG2000 Compression on Attacks using Adversarial Examples
share
Adversarial examples are known to have a negative effect on the performance of classifiers which have otherwise good performance on undisturbed images. These examples are generated by adding non-random noise to the testing samples in order to make classifier misclassify the given data. Adversarial attacks use these intentionally generated examples and they pose a security risk to the machine learning based systems. To be immune to such attacks, it is desirable to have a pre-processing mechanism which removes these effects causing misclassification while keeping the content of the image. JPEG and JPEG2000 image compression techniques suppress the high-frequency content taking the human visual system into account. In this paper, to reduce adversarial noise, JPEG and JPEG2000 compressions are applied to adversarial examples and their classification performance was measured.
READ FULL TEXT