Defense Against Adversarial Attacks on No-Reference Image Quality Models with Gradient Norm Regularization
CVPR 2024(2024)
摘要
The task of No-Reference Image Quality Assessment (NR-IQA) is to estimate the
quality score of an input image without additional information. NR-IQA models
play a crucial role in the media industry, aiding in performance evaluation and
optimization guidance. However, these models are found to be vulnerable to
adversarial attacks, which introduce imperceptible perturbations to input
images, resulting in significant changes in predicted scores. In this paper, we
propose a defense method to improve the stability in predicted scores when
attacked by small perturbations, thus enhancing the adversarial robustness of
NR-IQA models. To be specific, we present theoretical evidence showing that the
magnitude of score changes is related to the ℓ_1 norm of the model's
gradient with respect to the input image. Building upon this theoretical
foundation, we propose a norm regularization training strategy aimed at
reducing the ℓ_1 norm of the gradient, thereby boosting the robustness of
NR-IQA models. Experiments conducted on four NR-IQA baseline models demonstrate
the effectiveness of our strategy in reducing score changes in the presence of
adversarial attacks. To the best of our knowledge, this work marks the first
attempt to defend against adversarial attacks on NR-IQA models. Our study
offers valuable insights into the adversarial robustness of NR-IQA models and
provides a foundation for future research in this area.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要