On the Robustness of Neural-Enhanced Video Streaming against Adversarial Attacks

Authors

  • Qihua Zhou The Hong Kong Polytechnic University, Hong Kong
  • Jingcai Guo The Hong Kong Polytechnic University, Hong Kong The Hong Kong Polytechnic University Shenzhen Research Institute, Shenzhen, China
  • Song Guo The Hong Kong University of Science and Technology, Hong Kong
  • Ruibin Li The Hong Kong Polytechnic University, Hong Kong
  • Jie Zhang The Hong Kong Polytechnic University, Hong Kong
  • Bingjie Wang The Hong Kong Polytechnic University, Hong Kong
  • Zhenda Xu Hong Kong Polytechnic University, Hong Kong

DOI:

https://doi.org/10.1609/aaai.v38i15.29657

Keywords:

General, ML: Applications, ML: Deep Learning Algorithms, ML: Evaluation and Analysis, ML: Feature Construction/Reformulation, ML: Adversarial Learning & Robustness

Abstract

The explosive growth of video traffic on today's Internet promotes the rise of Neural-enhanced Video Streaming (NeVS), which effectively improves the rate-distortion trade-off by employing a cheap neural super-resolution model for quality enhancement on the receiver side. Missing by existing work, we reveal that the NeVS pipeline may suffer from a practical threat, where the crucial codec component (i.e., encoder for compression and decoder for restoration) can trigger adversarial attacks in a man-in-the-middle manner to significantly destroy video recovery performance and finally incurs the malfunction of downstream video perception tasks. In this paper, we are the first attempt to inspect the vulnerability of NeVS and discover a novel adversarial attack, called codec hijacking, where the injected invisible perturbation conspires with the malicious encoding matrix by reorganizing the spatial-temporal bit allocation within the bitstream size budget. Such a zero-day vulnerability makes our attack hard to defend because there is no visual distortion on the recovered videos until the attack happens. More seriously, this attack can be extended to diverse enhancement models, thus exposing a wide range of video perception tasks under threat. Evaluation based on state-of-the-art video codec benchmark illustrates that our attack significantly degrades the recovery performance of NeVS over previous attack methods. The damaged video quality finally leads to obvious malfunction of downstream tasks with over 75% success rate. We hope to arouse public attention on codec hijacking and its defence.

Published

2024-03-24

How to Cite

Zhou, Q., Guo, J., Guo, S., Li, R., Zhang, J., Wang, B., & Xu, Z. (2024). On the Robustness of Neural-Enhanced Video Streaming against Adversarial Attacks. Proceedings of the AAAI Conference on Artificial Intelligence, 38(15), 17123-17131. https://doi.org/10.1609/aaai.v38i15.29657

Issue

Section

AAAI Technical Track on Machine Learning VI