<i>Pasadena:</i> Perceptually Aware and Stealthy Adversarial Denoise Attack

Image denoising can remove natural noise that widely exists in images captured by multimedia devices due to low-quality imaging sensors, unstable image transmission processes, or low light conditions. Recent works also find benefits the high-level vision tasks, e.g., classification. In this work, we try challenge common sense and explore a totally new problem, i.e., whether be given capability of fooling state-of-the-art deep neural networks (DNNs) while enhancing quality. To end, initiate very first attempt study problem from perspective adversarial attack propose adversarial denoise attack. More specifically, our main contributions are three-fold: First, identify task stealthily embeds attacks inside module deployed as an post-processing operation simultaneously enhance visual quality fool DNNs. Second, formulate kernel prediction for filtering adversarial-denoising prediction produce adversarial-noiseless kernels effective attacking simultaneously. Third, implement adaptive perceptual region localization semantic-related vulnerability regions with which more not doing too much harm denoising. We name proposed method Pasadena (Perceptually Aware Stealthy Adversarial DENoise Attack) validate on NeurIPS&#x2019;17 competition dataset, CVPR2021-AIC-VI: unrestricted ImageNet, Tiny-ImageNet-C dataset. The comprehensive evaluation analysis demonstrate only realizes but achieves significantly higher success rate transferability over attacks.