Despite demonstrating superior rate-distortion (RD) performance, learning-based image compression (LIC) algorithms have been found to be vulnerable malicious perturbations in recent studies. Adversarial samples these studies are designed attack only one dimension of either bitrate or distortion, targeting a submodel with specific ratio. However, adversaries real-world scenarios neither confined singular dimensional attacks nor always control over ratios. This variability highlights the inadequacy existing research comprehensively assessing adversarial robustness LIC practical applications. To tackle this issue, paper presents two joint paradigms at both and algorithm levels, i.e., Specific-ratio Rate-Distortion Attack (SRDA) Agnostic-ratio (ARDA). Additionally, suite multi-granularity assessment tools is introduced evaluate results from various perspectives. On basis, extensive experiments on eight prominent conducted offer thorough analysis their inherent vulnerabilities. Furthermore, we explore efficacy defense techniques improving performance under attacks. The findings can provide valuable reference for development enhanced robustness.

Load

Load