Control Your View: High-Resolution Global Semantic Manipulation in Learned Image Compression

Researchers have developed PGD²-GSM, a novel adversarial attack method that successfully performs high-resolution global semantic manipulation on learned image compression systems for the first time. The breakthrough uses a Periodic Geometric Decay schedule to overcome limitations in existing attack methods, exposing a critical vulnerability in DNN-based compression systems that previous techniques could not achieve.

This research exposes a fundamental security gap in learned image compression systems, which have become increasingly prevalent as alternatives to traditional compression methods. The study demonstrates that while existing adversarial attack methods like PGD work effectively for classification and segmentation tasks, they fail catastrophically when targeting high-resolution semantic manipulation in compression systems. The researchers' key insight—that successful attacks must navigate distinct stages (Lazying-Oscillating-Refining) from Identity to Amplification regions—reveals why standard step-size schedules prove inadequate for this specific domain.

The vulnerability stems from deep neural networks' inherent susceptibility to adversarial perturbations, a well-documented but continuously evolving problem in AI security. As image compression increasingly relies on learned models rather than traditional codecs, understanding these attack vectors becomes critical for deployment in sensitive applications. The ability to manipulate compressed images at high resolution (768×512 pixels) without detection represents a significant escalation from previous low-resolution attacks, suggesting attackers could corrupt visual data in ways that remain imperceptible to standard quality metrics.

For the broader AI and cybersecurity industry, this work highlights the gap between theoretical understanding of neural network robustness and practical security in production systems. Developers deploying learned compression in medical imaging, satellite reconnaissance, or surveillance contexts face new threat models. The research also validates that security-critical applications requiring image integrity should incorporate additional verification mechanisms beyond compression algorithms themselves, potentially including adversarial training or detection methods.

• →PGD²-GSM achieves the first successful high-resolution global semantic manipulation attacks on learned image compression systems.
• →Existing attack methods fail because their step-size schedules cannot accommodate both oscillating and refining stages of adversarial perturbation.
• →The Periodic Geometric Decay schedule enables stable, high-resolution attacks that previous approaches could not accomplish.
• →This vulnerability exposes a critical security gap in DNN-based compression systems used across various visual data applications.
• →The attack success demonstrates that adversarial robustness in neural networks requires domain-specific threat modeling beyond generic classification tasks.