The paper introduces a new framework of correlation-error-based attacks on NR-IQA models. Current adversarial attacks on NR-IQA models focus on perturbing the predicted scores of individual images, but neglect the crucial aspect of inter-score correlation relationships within an entire image set.
The authors propose a two-stage SROCC-MSE Attack (SMA) method to address this gap. In Stage One, the objective is to identify optimal target scores that significantly reduce the Spearman's Rank-Order Correlation Coefficient (SROCC) and increase the Mean Squared Error (MSE) between the predicted scores of attacked and clean images. In Stage Two, adversarial examples are generated to make their predicted scores as close as possible to the target scores identified in Stage One.
Extensive experiments on four widely-used NR-IQA models (DBCNN, HyperIQA, MANIQA, and LIQE) demonstrate that SMA not only significantly disrupts the SROCC to negative values but also maintains a considerable change in the scores of individual images. It outperforms four existing attack methods across various evaluation metrics, including error-based, correlation-based, and others. The findings underscore the vulnerability of NR-IQA models in maintaining both individual scores and correlations, paving the way for further research on developing more secure and robust NR-IQA models.
To Another Language
from source content
arxiv.org
Key Insights Distilled From
by Chenxi Yang,... at arxiv.org 04-23-2024
https://arxiv.org/pdf/2404.13277.pdfDeeper Inquiries