Attack as the Best Defense: Nullifying Image-to-image Translation GANs via Limit-aware Adversarial Attack

Chin Yuan Yeh, Hsi Wen Chen, Hong Han Shuai, De Nian Yang, Ming Syan Chen

研究成果: Conference contribution同行評審

13 引文 斯高帕斯(Scopus)

摘要

Due to the great success of image-to-image (Img2Img) translation GANs, many applications with ethics issues arise, e.g., DeepFake and DeepNude, presenting a challenging problem to prevent the misuse of these techniques. In this work, we tackle the problem by a new adversarial attack scheme, namely the Nullifying Attack, which cancels the image translation process and proposes a corresponding framework, the Limit-Aware Self-Guiding Gradient Sliding Attack (LaS-GSA) under a black-box setting. In other words, by processing the image with the proposed LaS-GSA before publishing, any image translation functions can be nullified, which prevents the images from malicious manipulations. First, we introduce the limit-aware RGF and the gradient sliding mechanism to estimate the gradient that adheres to the adversarial limit, i.e., the pixel value limitations of the adversarial example. We theoretically prove that our model is able to avoid the error caused by the projection in both the direction and the length. Then, an effective self-guiding prior is extracted solely from the threat model and the target image to efficiently leverage the prior information and guide the gradient estimation process. Extensive experiments demonstrate that LaS-GSA requires fewer queries to nullify the image translation process with higher success rates than 4 state-of-the-art methods.

原文English
主出版物標題Proceedings - 2021 IEEE/CVF International Conference on Computer Vision, ICCV 2021
發行者Institute of Electrical and Electronics Engineers Inc.
頁面16168-16177
頁數10
ISBN(電子)9781665428125
DOIs
出版狀態Published - 2021
事件18th IEEE/CVF International Conference on Computer Vision, ICCV 2021 - Virtual, Online, 加拿大
持續時間: 11 10月 202117 10月 2021

出版系列

名字Proceedings of the IEEE International Conference on Computer Vision
ISSN(列印)1550-5499

Conference

Conference18th IEEE/CVF International Conference on Computer Vision, ICCV 2021
國家/地區加拿大
城市Virtual, Online
期間11/10/2117/10/21

指紋

深入研究「Attack as the Best Defense: Nullifying Image-to-image Translation GANs via Limit-aware Adversarial Attack」主題。共同形成了獨特的指紋。

引用此