RefSR-Adv: Adversarial Attack on Reference-based Image Super-Resolution Models

Single Image Super-Resolution (SISR) aims to recover high-resolution images from low-resolution inputs. Unlike SISR, Reference-based Super-Resolution (RefSR) leverages an additional high-resolution reference image to facilitate the recovery of high-frequency textures. However, existing research mainly focuses on backdoor attacks targeting RefSR, while the vulnerability of the adversarial attacks targeting RefSR has not been fully explored. To fill this research gap, we propose RefSR-Adv, an adversarial attack that degrades SR outputs by perturbing only the reference image. By maximizing the difference between adversarial and clean outputs, RefSR-Adv induces significant performance degradation and generates severe artifacts across CNN, Transformer, and Mamba architectures on the CUFED5, WR-SR, and DRefSR datasets. Importantly, experiments confirm a positive correlation between the similarity of the low-resolution input and the reference image and attack effectiveness, revealing that the model's over-reliance on reference features is a key security flaw. This study reveals a security vulnerability in RefSR systems, aiming to urge researchers to pay attention to the robustness of RefSR.

Key Contributions

• First adversarial attack targeting the reference image in RefSR systems, bypassing LR-input integrity checks (hash/signature verification) while achieving output degradation
• Demonstrates universal vulnerability across CNN, Transformer, and Mamba RefSR architectures on CUFED5, WR-SR, and DRefSR datasets
• Reveals a positive correlation between LR-Ref image similarity and attack effectiveness, identifying over-reliance on reference features as a key architectural security flaw

🛡️ Threat Analysis

Details

Similar Papers