Jung-Woo Chang (University of California San Diego), Mojan Javaheripi (University of California San Diego), Seira Hidano (KDDI Research, Inc.), Farinaz Koushanfar (University of California San Diego)

Video compression plays a crucial role in video streaming and classification systems by maximizing the end-user quality of experience (QoE) at a given bandwidth budget.

In this paper, we conduct the first systematic study for adversarial attacks on deep learning-based video compression and downstream classification systems. Our attack framework, dubbed RoVISQ, manipulates the Rate-Distortion (R-D) relationship of a video compression model to achieve one or both of the following goals: (1) increasing the network bandwidth, (2) degrading the video quality for end-users. We further devise new objectives for targeted and untargeted attacks to a downstream video classification service. Finally, we design an input-invariant perturbation that universally disrupts video compression and classification systems in real time. Unlike previously proposed attacks on video classification, our adversarial perturbations are the first to withstand compression.

We empirically show the resilience of RoVISQ attacks against various defenses, i.e., adversarial
training, video denoising, and JPEG compression. Our extensive experimental results on various video datasets show RoVISQ attacks deteriorate peak signal-to-noise ratio by up to 5.6dB and the bit-rate by up to ~ 2.4 times while achieving over 90% attack success rate on a downstream classifier. Our user study further demonstrates the effect of RoVISQ attacks on users’ QoE. We provide several example attacked videos used in our survey on https://sites.google.com/view/demo-of-rovisq/home.

View More Papers

“I didn't click”: What users say when reporting phishing

Nikolas Pilavakis, Adam Jenkins, Nadin Kokciyan, Kami Vaniea (University of Edinburgh)

Read More

Cryptographic Oracle-based Conditional Payments

Varun Madathil (North Carolina State University), Sri Aravinda Krishnan Thyagarajan (NTT Research), Dimitrios Vasilopoulos (IMDEA Software Institute), Lloyd Fournier (None), Giulio Malavolta (Max Planck Institute for Security and Privacy), Pedro Moreno-Sanchez (IMDEA Software Institute)

Read More

Unlocking the Potential of Domain Aware Binary Analysis in...

Dr. Zhiqiang Lin (Distinguished Professor of Engineering at The Ohio State University)

Read More

FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities

Samuel Groß (Google), Simon Koch (TU Braunschweig), Lukas Bernhard (Ruhr-University Bochum), Thorsten Holz (CISPA Helmholtz Center for Information Security), Martin Johns (TU Braunschweig)

Read More