Qixue Xiao, Department of Computer Science and Technology, Tsinghua University and 360 Security Research Labs; Yufei Chen, School of Electronic and Information Engineering, Xi’an Jiaotong University and 360 Security Research Labs; Chao Shen, School of Electronic and Information Engineering, Xi’an Jiaotong University; Yu Chen, Department of Computer Science and Technology, Tsinghua University and Peng Cheng Laboratory; Kang Li, Department of Computer Science, University of Georgia
Image scaling algorithms are intended to preserve the visual features before and after scaling, which is commonly used in numerous visual and image processing applications. In this paper, we demonstrate an automated attack against common scaling algorithms, i.e. to automatically generate camouflage images whose visual semantics change dramatically after scaling. To illustrate the threats from such camouflage attacks, we choose several computer vision applications as targeted victims, including multiple image classification applications based on popular deep learning frameworks, as well as main-stream web browsers. Our experimental results show that such attacks can cause different visual results after scaling and thus create evasion or data poisoning effect to these victim applications. We also present an algorithm that can successfully enable attacks against famous cloud-based image services (such as those from Microsoft Azure, Aliyun, Baidu, and Tencent) and cause obvious misclassification effects, even when the details of image processing (such as the exact scaling algorithm and scale dimension parameters) are hidden in the cloud. To defend against such attacks, this paper suggests a few potential countermeasures from attack prevention to detection.
USENIX Security '19 Open Access Videos Sponsored by
King Abdullah University of Science and Technology (KAUST)
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Qixue Xiao and Yufei Chen and Chao Shen and Yu Chen and Kang Li},
title = {Seeing is Not Believing: Camouflage Attacks on Image Scaling Algorithms},
booktitle = {28th USENIX Security Symposium (USENIX Security 19)},
year = {2019},
isbn = {978-1-939133-06-9},
address = {Santa Clara, CA},
pages = {443--460},
url = {https://www.usenix.org/conference/usenixsecurity19/presentation/xiao},
publisher = {USENIX Association},
month = aug
}