arXiv:2508.05489v3 Announce Type: replace-cross 
Abstract: Previous work has suggested that preprocessing images through lossy compression can defend against adversarial perturbations, but comprehensive attack evaluations have been lacking. In this paper, we construct strong white-box and adaptive attacks against various compression models and identify a critical challenge for attackers: high realism in reconstructed images significantly increases attack difficulty. Through rigorous evaluation across multiple attack scenarios, we demonstrate that compression models capable of producing realistic, high-fidelity reconstructions are substantially more resistant to our attacks. In contrast, low-realism compression models can be broken. Our analysis reveals that this is not due to gradient masking. Rather, realistic reconstructions maintaining distributional alignment with natural images seem to offer inherent robustness. This work highlights a significant obstacle for future adversarial attacks and suggests that developing more effective techniques to overcome realism represents an essential challenge for comprehensive security evaluation.

تناقش هذه المقالة التحديات التي تواجه استخدام طرق قائمة على الضغط للدفاع ضد الهجمات العدائية على الصور. تسلط الضوء على فعالية الهجمات القوية من نوع الصندوق الأبيض والتكيفية، كاشفة أن الواقعية العالية في الصور المعاد بناؤها تعقد عملية الهجوم. تؤكد النتائج على الحاجة إلى تقييمات أكثر شمولاً في هذا المجال.

Este artículo discute los desafíos que se enfrentan al utilizar métodos basados en compresión para defenderse contra ataques adversariales en imágenes. Destaca la efectividad de ataques fuertes de caja blanca y adaptativos, revelando que un alto realismo en las imágenes reconstruidas complica el proceso de ataque. Los hallazgos enfatizan la necesidad de evaluaciones más completas en esta área.

Cet article aborde les défis rencontrés dans l'utilisation de méthodes basées sur la compression pour défendre contre les attaques adversariales sur les images. Il met en lumière l'efficacité des attaques fortes en boîte blanche et adaptatives, révélant que le réalisme élevé des images reconstruites complique le processus d'attaque. Les résultats soulignent la nécessité d'évaluations plus complètes dans ce domaine.

This article discusses the challenges faced in using compression-based methods to defend against adversarial attacks on images. It highlights the effectiveness of strong white-box and adaptive attacks, revealing that high realism in reconstructed images complicates the attack process. The findings emphasize the need for more comprehensive evaluations in this area.

Keep It Real: Challenges in Attacking Compression-Based Adversarial Purification

Was this article worth reading? Share it

WasItAI

CompressX

Blunge

GPTHumanizer

FiltrixAI

ImgUpscaler AI

Ready to build your own newsroom?