Exploring adversarial robustness of JPEG AI: methodology, comparison and new methods

TL;DR

This paper presents the first large-scale evaluation of JPEG AI's robustness, comparing it with other NIC models, and proposes a new methodology for measuring NIC robustness to adversarial attacks.

Abstract

Adversarial robustness of neural networks is an increasingly important area of research, combining studies on computer vision models, large language models (LLMs), and others. With the release of JPEG AI - the first standard for end-to-end neural image compression (NIC) methods - the question of its robustness has become critically significant. JPEG AI is among the first international, real-world applications of neural-network-based models to be embedded in consumer devices. However, research on NIC robustness has been limited to open-source codecs and a narrow range of attacks. This paper proposes a new methodology for measuring NIC robustness to adversarial attacks. We present the first large-scale evaluation of JPEG AI's robustness, comparing it with other NIC models. Our evaluation results and code are publicly available online (link is hidden for a blind review).

Figures (9)

• Figure 1: Examples of adversarial attacks on neural image compression methods and comparison of JPEG AI versions under attack. The attack is constructed by the MADC method.
• Figure 2: $\Delta$-metrics depending on the loss functions in all attacks.
• Figure 3: $\Delta$VMAF for analyzed NIC models under adversarial attacks with different loss functions. Dark colors refer to higher robustness.
• Figure 4: Change in compressed image's size before and after an attack for different target bitrates.
• Figure 5: Spearman Correlation Coefficients between different quality scores. Calculated on a subset of $\sim$ 3000 images with compression artifacts found by Color or Texture metric.