TY - GEN
T1 - Defense for adversarial videos by self-adaptive JPEG compression and optical texture
AU - Cheng, Yupeng
AU - Wei, Xingxing
AU - Fu, Huazhu
AU - Lin, Shang Wei
AU - Lin, Weisi
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/3/7
Y1 - 2021/3/7
N2 - Despite demonstrated outstanding effectiveness in various computer vision tasks, Deep Neural Networks (DNNs) are known to be vulnerable to adversarial examples. Nowadays, adversarial attacks as well as their defenses w.r.t. DNNs in image domain have been intensively studied, and there are some recent works starting to explore adversarial attacks w.r.t. DNNs in video domain. However, the corresponding defense is rarely studied. In this paper, we propose a new two-stage framework for defending video adversarial attack. It contains two main components, namely self-adaptive Joint Photographic Experts Group (JPEG) compression defense and optical texture based defense (OTD). In self-adaptive JPEG compression defense, we propose to adaptively choose an appropriate JPEG quality based on an estimation of moving foreground object, such that the JPEG compression could depress most impact of adversarial noise without losing too much video quality. In OTD, we generate "optical texture"containing high-frequency information based on the optical flow map, and use it to edit Y channel (in YCrCb color space) of input frames, thus further reducing the influence of adversarial perturbation. Experimental results on a benchmark dataset demonstrate the effectiveness of our framework in recovering the classification performance on perturbed videos.
AB - Despite demonstrated outstanding effectiveness in various computer vision tasks, Deep Neural Networks (DNNs) are known to be vulnerable to adversarial examples. Nowadays, adversarial attacks as well as their defenses w.r.t. DNNs in image domain have been intensively studied, and there are some recent works starting to explore adversarial attacks w.r.t. DNNs in video domain. However, the corresponding defense is rarely studied. In this paper, we propose a new two-stage framework for defending video adversarial attack. It contains two main components, namely self-adaptive Joint Photographic Experts Group (JPEG) compression defense and optical texture based defense (OTD). In self-adaptive JPEG compression defense, we propose to adaptively choose an appropriate JPEG quality based on an estimation of moving foreground object, such that the JPEG compression could depress most impact of adversarial noise without losing too much video quality. In OTD, we generate "optical texture"containing high-frequency information based on the optical flow map, and use it to edit Y channel (in YCrCb color space) of input frames, thus further reducing the influence of adversarial perturbation. Experimental results on a benchmark dataset demonstrate the effectiveness of our framework in recovering the classification performance on perturbed videos.
KW - JPEG defense
KW - adversarial videos
KW - deep learning
KW - optical flow
KW - optical texture defense
UR - https://www.scopus.com/pages/publications/85105892009
U2 - 10.1145/3444685.3446308
DO - 10.1145/3444685.3446308
M3 - 会议稿件
AN - SCOPUS:85105892009
T3 - Proceedings of the 2nd ACM International Conference on Multimedia in Asia, MMAsia 2020
BT - Proceedings of the 2nd ACM International Conference on Multimedia in Asia, MMAsia 2020
PB - Association for Computing Machinery, Inc
T2 - 2nd ACM International Conference on Multimedia in Asia, MMAsia 2020
Y2 - 7 March 2021
ER -