Reliable and Efficient Evaluation of Adversarial Robustness for Deep
Hashing-Based Retrieval
- URL: http://arxiv.org/abs/2303.12658v1
- Date: Wed, 22 Mar 2023 15:36:19 GMT
- Title: Reliable and Efficient Evaluation of Adversarial Robustness for Deep
Hashing-Based Retrieval
- Authors: Xunguang Wang, Jiawang Bai, Xinyue Xu, Xiaomeng Li
- Abstract summary: We propose a novel Pharos-guided Attack, dubbed PgA, to evaluate the adversarial robustness of deep hashing networks reliably and efficiently.
PgA can directly conduct a reliable and efficient attack on deep hashing-based retrieval by maximizing the similarity between the hash code of the adversarial example and the pharos code.
- Score: 20.3473596316839
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Deep hashing has been extensively applied to massive image retrieval due to
its efficiency and effectiveness. Recently, several adversarial attacks have
been presented to reveal the vulnerability of deep hashing models against
adversarial examples. However, existing attack methods suffer from degraded
performance or inefficiency because they underutilize the semantic relations
between original samples or spend a lot of time learning these relations with a
deep neural network. In this paper, we propose a novel Pharos-guided Attack,
dubbed PgA, to evaluate the adversarial robustness of deep hashing networks
reliably and efficiently. Specifically, we design pharos code to represent the
semantics of the benign image, which preserves the similarity to semantically
relevant samples and dissimilarity to irrelevant ones. It is proven that we can
quickly calculate the pharos code via a simple math formula. Accordingly, PgA
can directly conduct a reliable and efficient attack on deep hashing-based
retrieval by maximizing the similarity between the hash code of the adversarial
example and the pharos code. Extensive experiments on the benchmark datasets
verify that the proposed algorithm outperforms the prior state-of-the-arts in
both attack strength and speed.
Related papers
- Semantic-Aware Adversarial Training for Reliable Deep Hashing Retrieval [28.593939627045426]
Adversarial examples pose a security threat to deep hashing models.
Adversarial examples fabricated by maximizing the Hamming distance between the hash codes of adversarial samples and mainstay features.
For the first time, we formulate the formalized adversarial training of deep hashing into a unified minimax structure.
arXiv Detail & Related papers (2023-10-23T07:21:40Z) - A Geometrical Approach to Evaluate the Adversarial Robustness of Deep
Neural Networks [52.09243852066406]
Adversarial Converging Time Score (ACTS) measures the converging time as an adversarial robustness metric.
We validate the effectiveness and generalization of the proposed ACTS metric against different adversarial attacks on the large-scale ImageNet dataset.
arXiv Detail & Related papers (2023-10-10T09:39:38Z) - Doubly Robust Instance-Reweighted Adversarial Training [107.40683655362285]
We propose a novel doubly-robust instance reweighted adversarial framework.
Our importance weights are obtained by optimizing the KL-divergence regularized loss function.
Our proposed approach outperforms related state-of-the-art baseline methods in terms of average robust performance.
arXiv Detail & Related papers (2023-08-01T06:16:18Z) - BadHash: Invisible Backdoor Attacks against Deep Hashing with Clean
Label [20.236328601459203]
We propose BadHash, the first generative-based imperceptible backdoor attack against deep hashing.
We show that BadHash can generate imperceptible poisoned samples with strong attack ability and transferability over state-of-the-art deep hashing schemes.
arXiv Detail & Related papers (2022-07-01T09:10:25Z) - CgAT: Center-Guided Adversarial Training for Deep Hashing-Based
Retrieval [12.421908811085627]
We present a min-max based Center-guided Adversarial Training, namely CgAT, to improve the iteration of deep hashing networks.
CgAT learns to mitigate the effects of adversarial samples by minimizing the Hamming distance to the center codes.
Compared with the current state-of-the-art defense method, we significantly improve the defense performance by an average of 18.61%.
arXiv Detail & Related papers (2022-04-18T04:51:08Z) - Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial
Robustness [53.094682754683255]
We propose a Model-Agnostic Meta-Attack (MAMA) approach to discover stronger attack algorithms automatically.
Our method learns the in adversarial attacks parameterized by a recurrent neural network.
We develop a model-agnostic training algorithm to improve the ability of the learned when attacking unseen defenses.
arXiv Detail & Related papers (2021-10-13T13:54:24Z) - Prototype-supervised Adversarial Network for Targeted Attack of Deep
Hashing [65.32148145602865]
deep hashing networks are vulnerable to adversarial examples.
We propose a novel prototype-supervised adversarial network (ProS-GAN)
To the best of our knowledge, this is the first generation-based method to attack deep hashing networks.
arXiv Detail & Related papers (2021-05-17T00:31:37Z) - CIMON: Towards High-quality Hash Codes [63.37321228830102]
We propose a new method named textbfComprehensive stextbfImilarity textbfMining and ctextbfOnsistency leartextbfNing (CIMON)
First, we use global refinement and similarity statistical distribution to obtain reliable and smooth guidance. Second, both semantic and contrastive consistency learning are introduced to derive both disturb-invariant and discriminative hash codes.
arXiv Detail & Related papers (2020-10-15T14:47:14Z) - Targeted Attack for Deep Hashing based Retrieval [57.582221494035856]
We propose a novel method, dubbed deep hashing targeted attack (DHTA), to study the targeted attack on such retrieval.
We first formulate the targeted attack as a point-to-set optimization, which minimizes the average distance between the hash code of an adversarial example and those of a set of objects with the target label.
To balance the performance and perceptibility, we propose to minimize the Hamming distance between the hash code of the adversarial example and the anchor code under the $ellinfty$ restriction on the perturbation.
arXiv Detail & Related papers (2020-04-15T08:36:58Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.