We study the robustness of learned image compression models against adversarial attacks and present a training-free defense technique based on simple image transform functions. Recent learned image compression models are vulnerable to adversarial attacks that result in poor compression rate, low reconstruction quality, or weird artifacts. To address the limitations, we propose a simple but effective two-way compression algorithm with random input transforms, which is conveniently applicable to existing image compression models. Unlike the na\"ive approaches, our approach preserves the original rate-distortion performance of the models on clean images. Moreover, the proposed algorithm requires no additional training or modification of existing models, making it more practical. We demonstrate the effectiveness of the proposed techniques through extensive experiments under multiple compression models, evaluation metrics, and attack scenarios.

翻译：我们研究了学习型图像压缩模型对抗攻击的鲁棒性，并提出了一种基于简单图像变换函数的免训练防御技术。近年来的学习型图像压缩模型容易受到对抗攻击的影响，导致压缩率下降、重建质量降低或产生怪异伪影。为解决这些局限，我们提出一种简单而有效的双向压缩算法，该算法采用随机输入变换，可便捷地应用于现有图像压缩模型。与朴素方法不同，我们的方法保留了模型在干净图像上的原始率失真性能。此外，所提算法无需对现有模型进行额外训练或修改，更具实用性。我们通过多个压缩模型、评估指标和攻击场景下的广泛实验，证明了所提技术的有效性。