Image scaling is an integral part of machine learning and computer vision systems. Unfortunately, this preprocessing step is vulnerable to so-called image-scaling attacks where an attacker makes unnoticeable changes to an image so that it becomes a new image after scaling. This opens up new ways for attackers to control the prediction or to improve poisoning and backdoor attacks. While effective techniques exist to prevent scaling attacks, their detection has not been rigorously studied yet. Consequently, it is currently not possible to reliably spot these attacks in practice. This paper presents the first in-depth systematization and analysis of detection methods for image-scaling attacks. We identify two general detection paradigms and derive novel methods from them that are simple in design yet significantly outperform previous work. We demonstrate the efficacy of these methods in a comprehensive evaluation with all major learning platforms and scaling algorithms. First, we show that image-scaling attacks modifying the entire scaled image can be reliably detected even under an adaptive adversary. Second, we find that our methods provide strong detection performance even if only minor parts of the image are manipulated. As a result, we can introduce a novel protection layer against image-scaling attacks.

翻译：图像缩放是机器学习与计算机视觉系统中不可或缺的组成部分。然而，这一预处理环节容易遭受所谓的图像缩放攻击——攻击者通过实施人眼难以察觉的像素修改，使得原始图像在缩放后呈现出截然不同的视觉内容。这种攻击方式为攻击者操控模型预测、增强投毒攻击与后门攻击提供了新的途径。尽管现有技术能有效防范缩放攻击，但其检测方法尚未经过系统严谨的研究。因此，当前实践中尚无法可靠地识别此类攻击。本文首次对图像缩放攻击的检测方法进行了深度系统化梳理与分析。我们归纳出两种通用检测范式，并基于此推导出设计简洁但性能显著超越前人工作的新型方法。通过在主流学习平台和缩放算法上的全面评估，我们验证了这些方法的有效性。首先，研究表明：即使面对自适应攻击者，针对全图修改型图像缩放攻击仍能被可靠检测。其次，我们发现在仅篡改图像局部区域时，所提方法仍能保持优异的检测性能。基于此，我们成功构建了针对图像缩放攻击的全新防护层。