Morié Attack (MA): A New Potential Risk of Screen Photos
Authors: Dantong Niu, Ruohao Guo, Yisen Wang
NeurIPS 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments demonstrate that our proposed digital Moiré Attack (MA) is a perfect camouflage for attackers to tamper with DNNs with a high success rate (100.0% for untargeted and 97.0% for targeted attack with the noise budget ϵ = 4), high transferability rate across different models, and high robustness under various defenses. |
| Researcher Affiliation | Academia | Dantong Niu1 Ruohao Guo2 Yisen Wang3,4 1Department of EECS, University of California, Berkeley 2College of Information and Electrical Engineering, China Agricultural University 3Key Lab. of Machine Perception, School of Artificial Intelligence, Peking University 4Institute for Artificial Intelligence, Peking University |
| Pseudocode | Yes | The complete pseudo-code for Morié Attack is shown in Appendix A. |
| Open Source Code | Yes | Our code is available at https://github.com/Dantong88/Moire_Attack. |
| Open Datasets | Yes | Since Image Net is a large and comprehensive dataset, we conduct experiment on Image Net [9] validation dataset and randomly select 5000 images which can be correctly classified by the victim model as the clean examples. |
| Dataset Splits | Yes | Since Image Net is a large and comprehensive dataset, we conduct experiment on Image Net [9] validation dataset and randomly select 5000 images which can be correctly classified by the victim model as the clean examples. |
| Hardware Specification | Yes | The proposed Moiré Attack is implemented by Pytorch on the NVIDIA Tesla V100 GPU. |
| Software Dependencies | No | The paper mentions "Pytorch" but does not specify its version number or any other software dependencies with their versions, which are required for full reproducibility. |
| Experiment Setup | Yes | In our Moiré Attack, we strictly follow the process of the image display on a LCD and the pipeline of optical image capture and digital processing of the camera or smart phone. The pipeline is similar to [27, 44] and can be summarized in the following steps. The complete pseudo-code for Morié Attack is shown in Appendix A. 1) Resize the image to the size of the LCD monitor... 2) Resample the input RGB image into a mosaic RGB subpixels... 3) Apply random projective transformation on the image... 4) Resample the image using bayer CFA to simulate the raw reading of the camera sensor... 5) Add the perturbation to simulate the senor noise... 6) Apply demosaicing and denoising. To reconstruct the image from the data collected by the CFA, we use bilinear interpolation in this work. Finally, we denoise the image with the standard denoising function provided by Open CV. Until now, an image with the moiré pattern is generated. |