Targeted Attack for Deep Hashing based Retrieval
This addresses a security vulnerability in widely used large-scale image and video retrieval systems, representing an incremental advancement in adversarial attack research.
The paper tackles the security of deep hashing based retrieval by proposing a targeted attack method called DHTA, which formulates the attack as a point-to-set optimization and uses a component-voting scheme to generate adversarial examples, with experiments showing it effectively attacks image and video retrieval systems.
The deep hashing based retrieval method is widely adopted in large-scale image and video retrieval. However, there is little investigation on its security. In this paper, we propose a novel method, dubbed deep hashing targeted attack (DHTA), to study the targeted attack on such retrieval. Specifically, we first formulate the targeted attack as a point-to-set optimization, which minimizes the average distance between the hash code of an adversarial example and those of a set of objects with the target label. Then we design a novel component-voting scheme to obtain an anchor code as the representative of the set of hash codes of objects with the target label, whose optimality guarantee is also theoretically derived. To balance the performance and perceptibility, we propose to minimize the Hamming distance between the hash code of the adversarial example and the anchor code under the $\ell^\infty$ restriction on the perturbation. Extensive experiments verify that DHTA is effective in attacking both deep hashing based image retrieval and video retrieval.