Abstract
Deep hashing has been extensively applied to massive image retrieval due to its efficiency and effectiveness. Recently, several adversarial attacks have been presented to reveal the vulnerability of deep hashing models against adversarial examples. However, existing attack methods suffer from degraded performance or inefficiency because they underutilize the semantic relations between original samples or spend a lot of time learning these relations with a deep neural network. In this paper, we propose a novel Pharos-guided Attack, dubbed PgA, to evaluate the adversarial robustness of deep hashing networks reliably and efficiently. Specifically, we design pharos code to represent the semantics of the benign image, which preserves the similarity to semantically relevant samples and dissimilarity to irrelevant ones. It is proven that we can quickly calculate the pharos code via a simple math formula. Accordingly, PgA can directly conduct a reliable and efficient attack on deep hashing-based retrieval by maximizing the similarity between the hash code of the adversarial example and the pharos code. Extensive experiments on the benchmark datasets verify that the proposed algorithm outperforms the prior state-of-the-arts in both attack strength and speed.
Abstract (translated)
深度学习Hashing技术因其效率和有效性而被广泛应用到大规模图像检索中。最近, several adversarial attacks 出现了,以揭示深度学习Hashing模型对对抗样本的脆弱性。然而,现有的攻击方法却导致性能或效率下降,因为它们未能充分利用原始样本之间的语义关系,或者花费大量时间与深度神经网络学习这些关系。在本文中,我们提出了一种新颖的 Pharos-引导攻击,并将其称为 PgA,以评估深度学习Hashing网络的抗对抗性可靠性和高效性。具体而言,我们设计了 Pharos 代码来代表良性图像的语义,该代码保持了与语义相关的样本之间的相似性和与无关样本之间的不同性。已证明,通过简单的数学公式,我们可以快速计算 Pharos 代码。因此,PgA 可以直接对基于深度学习Hashing的图像检索进行可靠和高效的攻击,通过最大化对抗样本的哈希代码与 Pharos 代码之间的相似性。在基准数据集上进行广泛的实验验证,提出的算法在攻击强度和速度方面都优于先前的最佳方法。
URL
https://arxiv.org/abs/2303.12658
