Deep neural network based image compression has been extensively studied. Model robustness is largely overlooked, though it is crucial to service enabling. We perform the adversarial attack by injecting a small amount of noise perturbation to original source images, and then encode these adversarial examples using prevailing learnt image compression models. Experiments report severe distortion in the reconstruction of adversarial examples, revealing the general vulnerability of existing methods, regardless of the settings used in underlying compression model (e.g., network architecture, loss function, quality scale) and optimization strategy used for injecting perturbation (e.g., noise threshold, signal distance measurement). Later, we apply the iterative adversarial finetuning to refine pretrained models. In each iteration, random source images and adversarial examples are mixed to update underlying model. Results show the effectiveness of the proposed finetuning strategy by substantially improving the compression model robustness. Overall, our methodology is simple, effective, and generalizable, making it attractive for developing robust learnt image compression solution. All materials have been made publicly accessible at https://njuvision.github.io/RobustNIC for reproducible research.

翻译：基于深度神经网络的图像压缩已被广泛研究。模型鲁棒性在很大程度上被忽视，尽管它对服务启用至关重要。我们通过向原始源图像注入少量噪声扰动来执行对抗攻击，然后使用当前主流的可学习图像压缩模型对这些对抗样本进行编码。实验报告了对抗样本重构中的严重失真，揭示了现有方法的普遍脆弱性，无论底层压缩模型使用的设置（例如，网络架构、损失函数、质量尺度）以及注入扰动所用的优化策略（例如，噪声阈值、信号距离测量）如何。随后，我们应用迭代对抗微调来优化预训练模型。在每个迭代中，随机源图像和对抗样本混合以更新底层模型。结果表明，所提出的微调策略通过显著提高压缩模型的鲁棒性而具有有效性。总体而言，我们的方法简单、有效且具有泛化性，使其对于开发鲁棒的可学习图像压缩解决方案具有吸引力。所有材料已在https://njuvision.github.io/RobustNIC公开，以支持可重复研究。