It is significant to evaluate the security of existing digital image tampering localization algorithms in real-world applications. In this paper, we propose an adversarial attack scheme to reveal the reliability of such tampering localizers, which would be fooled and fail to predict altered regions correctly. Specifically, the adversarial examples based on optimization and gradient are implemented for white/black-box attacks. Correspondingly, the adversarial example is optimized via reverse gradient propagation, and the perturbation is added adaptively in the direction of gradient rising. The black-box attack is achieved by relying on the transferability of such adversarial examples to different localizers. Extensive evaluations verify that the proposed attack sharply reduces the localization accuracy while preserving high visual quality of the attacked images.

翻译：在真实世界应用中，评估现有数字图像篡改定位算法的安全性具有重要意义。本文提出一种对抗攻击方案，以揭示此类篡改定位器的可靠性——这些定位器将被欺骗，从而无法正确预测被篡改区域。具体而言，我们实现了基于优化和梯度的对抗样本生成方法，用于白盒/黑盒攻击。相应地，通过反向梯度传播优化对抗样本，并沿梯度上升方向自适应添加扰动。通过利用此类对抗样本对不同定位器的可迁移性，实现了黑盒攻击。大量评估验证表明，所提攻击在保持攻击图像高视觉质量的同时，显著降低了定位精度。