The research on single image dehazing task has been widely explored. However, as far as we know, no comprehensive study has been conducted on the robustness of the well-trained dehazing models. Therefore, there is no evidence that the dehazing networks can resist malicious attacks. In this paper, we focus on designing a group of attack methods based on first order gradient to verify the robustness of the existing dehazing algorithms. By analyzing the general goal of image dehazing task, five attack methods are proposed, which are prediction, noise, mask, ground-truth and input attack. The corresponding experiments are conducted on six datasets with different scales. Further, the defense strategy based on adversarial training is adopted for reducing the negative effects caused by malicious attacks. In summary, this paper defines a new challenging problem for image dehazing area, which can be called as adversarial attack on dehazing networks (AADN). Code is available at https://github.com/guijiejie/AADN.

翻译：单图像去雾任务的研究已广泛展开。然而，据我们所知，目前尚无针对训练有素的去雾模型鲁棒性的全面研究。因此，缺乏证据表明去雾网络能够抵御恶意攻击。本文聚焦于基于一阶梯度的攻击方法设计，以验证现有去雾算法的鲁棒性。通过分析图像去雾任务的总体目标，提出了五种攻击方法：预测攻击、噪声攻击、掩码攻击、真实标签攻击与输入攻击。相应的实验在六个不同尺度的数据集上进行。进一步采用基于对抗训练的防御策略，以减轻恶意攻击带来的负面影响。综上，本文为图像去雾领域定义了一个新的具有挑战性的问题，可称为去雾网络对抗攻击（AADN）。代码见 https://github.com/guijiejie/AADN。