Reversible Adversarial Example based on Reversible Image Transformation

Currently, Deep Neural Networks (DNNs) have made major breakthroughs in many fields, and are widely taken to automatically analyze and classify multimedia data. However, DNNs can also be used for certain malicious detection, especially for pictures from various social platforms, posing a serious threat to user privacy. The attack characteristics of adversarial examples can fool such artificial intelligence systems to achieve privacy protection and other purposes. The reversible adversarial example achieves the reversible cyber attacks on the artificial intelligence system, which not only disable the system's automatic classification and analysis functions, but also restores the original image error-free. Nevertheless, in the existing work of reversible adversarial examples, there are problems such as the difficulty of fully embedding the adversarial-perturbations information, resulting in the failure of the original image restoration, and the inability of the attack effect caused by the perturbation constraint to meet the privacy protection requirements. In this paper, we take advantage of Reversible Image Transformation (RIT) to realize direct conversion between the original image and its reversible adversarial example. Experimental results show that proposed scheme can not only successfully restore the original image without distortion, but also is not limited by the perturbation amplitude, can bring a higher attack success rate to reach desired privacy protection goal, while ensuring that the image distortion is imperceptible to the human eyes.