Search papers, labs, and topics across Lattice.
This paper investigates adversarial attacks applied directly in compressed image representations, revealing that compression acts as an adversarial amplifier. By attacking in the compressed domain, perturbations become substantially more effective than pixel-space attacks under the same budget. The authors attribute this amplification to decision space reduction caused by the non-invertible, information-losing nature of compression, which contracts classification margins.
Image compression, a seemingly benign process, can drastically amplify the power of adversarial attacks, making your image classifiers far more vulnerable than you thought.
Image compression is a ubiquitous component of modern visual pipelines, routinely applied by social media platforms and resource-constrained systems prior to inference. Despite its prevalence, the impact of compression on adversarial robustness remains poorly understood. We study a previously unexplored adversarial setting in which attacks are applied directly in compressed representations, and show that compression can act as an adversarial amplifier for deep image classifiers. Under identical nominal perturbation budgets, compression-aware attacks are substantially more effective than their pixel-space counterparts. We attribute this effect to decision space reduction, whereby compression induces a non-invertible, information-losing transformation that contracts classification margins and increases sensitivity to perturbations. Extensive experiments across standard benchmarks and architectures support our analysis and reveal a critical vulnerability in compression-in-the-loop deployment settings. Code will be released.
