Deep neural network-based image compression has been extensively studied. However, the model robustness which is crucial to practical application is largely overlooked. We propose to examine the robustness of prevailing learned image compression models by injecting negligible adversarial perturbation into the original source image. Severe distortion in decoded reconstruction reveals the general vulnerability in existing methods regardless of their settings (e.g., network architecture, loss function, quality scale). A variety of defense strategies including geometric self-ensemble based pre-processing, and adversarial training, are investigated against the adversarial attack to improve the model's robustness. Later the defense efficiency is further exemplified in real-life image recompression case studies. Overall, our methodology is simple, effective, and generalizable, making it attractive for developing robust learned image compression solutions. All materials are made publicly accessible at https://njuvision.github.io/RobustNIC for reproducible research.

翻译：基于深度神经网络的图像压缩已得到广泛研究。然而，对实际应用至关重要的模型鲁棒性却很大程度上被忽视。我们提出通过向原始源图像注入微小的对抗性扰动，来检验当前主流学习型图像压缩模型的鲁棒性。解码重建中的严重失真揭示了现有方法普遍存在的脆弱性，无论其设置（如网络架构、损失函数、质量尺度）如何。我们研究了多种防御策略，包括基于几何自集成的预处理和对抗训练，以抵御对抗性攻击并提升模型鲁棒性。随后，通过现实图像再压缩案例进一步论证了防御效率。总体而言，我们的方法简单、有效且具有泛化性，为开发鲁棒的学习型图像压缩方案提供了有吸引力的思路。所有材料已在 https://njuvision.github.io/RobustNIC 公开发布，以支持可重复研究。