Adversarial Attacks For Multi Target Image Translation Networks

Although image translation algorithms such as StarGAN, STGAN, StarGAN-v2, etc. based on the generative adversarial networks, bring enormous convenience to people's work and life, they also have greater security risks in terms of privacy and security ethics. We tackle this problem of generating adversarial attacks against image translation models, which disrupt the resulting output image. The existing adversarial technology can only generate adversarial samples for a single image translation model, but in actual applications, it is unknown to the user which model an attacker will use. The paper draws on the idea of multi-task learning and proposes a multi-objective adversarial sample generation algorithm to generate images that can simultaneously defend against tampering with multiple state- of-the-art image translation models. The simulation result shows that compared with the original images, adversarial images have no heavy visual distortion with PSNR of 27.17dB and SSIM of 0.70 which means that normal usages of images, such as showing something interesting, amazing, funny, cool or etc., are not affected. The adversarial samples generated by our proposed algorithm reduce the risk of malicious tampering and abuse of images. For the mainstream image translation models StarGAN, STGAN and StarGAN-v2, the attack success rates of the adversarial images generated by the algorithm are 100%, 66.67%, and 73.33%, respectively. It can be seen that the algorithm in this paper has obvious effects on protecting the reasonable and safe use of multimedia resources on social platforms.