T-MLA: A targeted multiscale log-exponential attack framework for neural image compression

Neural image compression (NIC) has become the state-of-the-art for rate-distortion performance, yet its security vulnerabilities remain significantly less understood than those of classifiers. Existing adversarial attacks on NICs are often naive adaptations of pixel-space methods, overlooking the unique, structured nature of the compression pipeline. In this work, we propose a more advanced class of vulnerabilities by introducing T-MLA, the first targeted multiscale log-exponential attack framework. We introduce adversarial perturbations in the wavelet domain that concentrate on less perceptually salient coefficients, improving the stealth of the attack. Extensive evaluation across multiple state-of-the-art NIC architectures on standard image compression benchmarks reveals a large drop in reconstruction quality while the perturbations remain visually imperceptible. On standard NIC benchmarks, T-MLA achieves targeted degradation of reconstruction quality while improving perturbation imperceptibility (higher PSNR/VIF of the perturbed inputs) compared to PGD-style baselines at comparable attack success, as summarized in our main results. Our findings reveal a critical security flaw at the core of generative and content delivery pipelines.

Key Contributions

• T-MLA: first targeted multiscale log-exponential adversarial attack framework specifically designed for neural image compression pipelines
• Wavelet-domain perturbation strategy that concentrates adversarial energy in perceptually less salient frequency coefficients, improving stealth over pixel-space PGD baselines
• Empirical demonstration of a critical, previously underexplored security vulnerability in state-of-the-art NIC architectures across Kodak, CLIC-pro, and DIV2K benchmarks

🛡️ Threat Analysis

Details

Similar Papers