Abstract
Machine learning models in computer vision raise trustworthiness concerns as they become more integrated into critical aspects of human life. Key challenges include adversarial attacks causing misclassifications and misuse of generative models like deepfakes. This research explores adversarial techniques both for assessing system robustness and protecting against unethical applications.In the first part of this thesis, This thesis focus on adversarial attacks on biometric systems, specifically handwritten signature verification models. Current false positive (FP) attack methods show limited success, creating a illusory sense of security. I propose a style transfer-based FP attack that significantly improves success rates while maintaining visual plausibility. Results reveal critical vulnerabilities in existing systems, emphasizing the need for enhanced biometric security measures.
After examining adversarial attacks as security threats, I explore their beneficial applications for digital content protection. The second part introduces the Locally Adaptive Adversarial Color Attack (LAACA), a method protecting digital art from copyright theft via neural style transfer. LAACA uses frequency-adaptive perturbations to disrupt color and texture in style-transferred images while preserving visual integrity of originals. Results show LAACA effectively degrades unauthorized style transfers, providing artists a tool to protect intellectual property against AI manipulation.
Finally, We present the Posterior Collapse Attack (PCA), a grey-box attack method targeting Latent Diffusion Models by exploiting Variational Autoencoders (VAEs) vulnerabilities. Operating under near black-box conditions with only 3.39% of model parameters, PCA induces significant semantic collapse in generated images, outperforming existing methods across multiple quality metrics. This makes it effective for preventing generative AI misuse in various image applications.
| Date of Award | 2 Dec 2025 |
|---|---|
| Original language | English |
| Awarding Institution |
|
| Supervisor | Oggie Arandelovic (Supervisor) & Lei Fang (Supervisor) |
Keywords
- Adversarial attack
- AI robustness
- Trustworthy AI
- Computer vision
Access Status
- Full text open