Targeted Universal Adversarial Attack on Deep Hash Networks
Pages 165 - 174
Abstract
Deep hash networks have garnered significant attention due to their efficiency and ability to learn discriminative embeddings for approximate nearest neighbor search. However, it is observed that deep hash networks are vulnerable to adversarial interference, which is an important security problem. Despite the growing interest in targeted attack on deep hash networks, it suffers from a scarcity of research on generating universal adversarial perturbations which are unrelated to the specific images. In this paper, we introduce a novel <u>T</u>argeted <u>U</u>niversal adversarial <u>A</u>ttack (TUA) on deep hash networks. Our framework consists of two key components: a ReferenceNet and a universal generative adversarial network. Specifically, ReferenceNet is designed to generate category-level representative reference codes for the target labels by introducing a cosine similarity based reference loss. Additionally, we feed the fixed random noise and target labels into the generator to learn universal adversarial perturbations. Particularly, the reference codes are used to optimize the generator by minimizing the Hamming distances between the hash codes of the adversarial examples and the reference codes. Extensive experiments on three common datasets validate the superior targeted attack performance, transferability, and universality of our method compared with state-of-the-art targeted attack methods on deep hash networks.
References
[1]
Jiawang Bai, Bin Chen, Yiming Li, Dongxian Wu, Weiwei Guo, Shu-Tao Xia, and En-Hui Yang. 2020. Targeted Attack for Deep Hashing Based Retrieval. In Proceedings of the European Conference on Computer Vision. 618--634.
[2]
Zhangjie Cao, Mingsheng Long, Jianmin Wang, and Philip S. Yu. 2017. HashNet: Deep Learning to Hash by Continuation. In Proceedings of the IEEE/CVF International Conference on Computer Vision. 5609--5618.
[3]
Bin Chen, Yan Feng, Tao Dai, Jiawang Bai, Yong Jiang, Shu-Tao Xia, and Xuan Wang. 2023. Adversarial Examples Generation for Deep Product Quantization Networks on Image Retrieval. IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 45, 2 (2023), 1388--1404. https://doi.org/10.1109/TPAMI.2022.3165024
[4]
Pin-Yu Chen, Huan Zhang, Yash Sharma, Jinfeng Yi, and Cho-Jui Hsieh. 2017. ZOO: Zeroth Order Optimization Based Black-box Attacks to Deep Neural Networks without Training Substitute Models. In Proceedings of the ACM Workshop on Artificial Intelligence and Security. 15--26. https://doi.org/10.1145/3128572.3140448
[5]
Yunjey Choi, Minje Choi, Munyoung Kim, Jung-Woo Ha, Sunghun Kim, and Jaegul Choo. 2018. StarGAN: Unified Generative Adversarial Networks for Multi-domain Image-to-Image Translation. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 8789--8797. https://doi.org/10.1109/CVPR.2018.00916
[6]
Tat-Seng Chua, Jinhui Tang, Richang Hong, Haojie Li, Zhiping Luo, and Yantao Zheng. 2009. NUS-WIDE: a real-world web image database from National University of Singapore. In Proceedings of the ACM International Conference on Image and Video Retrieval. 1--9. https://doi.org/10.1145/1646396.1646452
[7]
Kamran Ghasedi Dizaji, Feng Zheng, Najmeh Sadoughi Nourabadi, Yanhua Yang, Cheng Deng, and Heng Huang. 2018. Unsupervised Deep Generative Adversarial Hashing Network. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 3664--3673.
[8]
Jidong Ge, Yuxiang Liu, Jie Gui, Lanting Fang, Ming Lin, James Tin-Yau Kwok, LiGuo Huang, and Bin Luo. 2023. Learning the Relation between Similarity Loss and Clustering Loss in Self-Supervised Learning. IEEE Transactions on Image Processing (2023).
[9]
Ian Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In Proceedings of the International Conference on Learning Representations. http://arxiv.org/abs/1412.6572
[10]
Ian J. Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative adversarial nets. In Proceedings of the International Conference on Neural Information Processing Systems. 2672--2680.
[11]
Jie Gui, Yuan Cao, Heng Qi, Keqiu Li, Jieping Ye, Chao Liu, and Xiaowei Xu. 2021a. Fast kNN search in weighted Hamming space with multiple tables. IEEE Transactions on Image Processing, Vol. 30 (2021), 3985--3994.
[12]
Jie Gui, Xiaofeng Cong, Yuan Cao, Wenqi Ren, Jun Zhang, Jing Zhang, and Dacheng Tao. 2021b. A comprehensive survey on image dehazing based on deep learning. In Proceedings of the International Joint Conference on Artificial Intelligence. International Joint Conferences on Artificial Intelligence Organization.
[13]
Jie Gui and Ping Li. 2018. $R^2$SDH: Robust rotated supervised discrete hashing. In Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 1485--1493.
[14]
Jie Gui, Tongliang Liu, Zhenan Sun, Dacheng Tao, and Tieniu Tan. 2018a. Fast supervised discrete hashing. IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 40, 2 (2018), 490--496.
[15]
Jie Gui, Tongliang Liu, Zhenan Sun, Dacheng Tao, and Tieniu Tan. 2018b. Supervised Discrete Hashing with Relaxation. IEEE Transactions on Neural Networks and Learning Systems, Vol. 29, 3 (2018), 608--617.
[16]
Jie Gui, Zhenan Sun, Yonggang Wen, Dacheng Tao, and Jieping Ye. 2023. A Review on Generative Adversarial Networks: Algorithms, Theory, and Applications. IEEE Transactions on Knowledge and Data Engineering (2023).
[17]
Chuan Guo, Jacob Gardner, Yurong You, Andrew Gordon Wilson, and Kilian Weinberger. 2019. Simple Black-box Adversarial Attacks. In Proceedings of the International Conference on Machine Learning. 2484--2493. https://proceedings.mlr.press/v97/guo19a.html
[18]
Kiana Hajebi, Yasin Abbasi-Yadkori, Hossein Shahbazi, and Hong Zhang. 2011. Fast approximate nearest-neighbor search with k-nearest neighbor graph. In Proceedings of the International Joint Conference on Artificial Intelligence. 1312--1317.
[19]
Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 770--778. https://doi.org/10.1109/CVPR.2016.90
[20]
Jiun Tian Hoe, Kam Woh Ng, Tianyu Zhang, Chee Seng Chan, Yi-Zhe Song, and Tao Xiang. 2021. One Loss for All: Deep Hashing with a Single Cosine Similarity based Learning Objective. In Advances in Neural Information Processing Systems. 24286--24298. https://proceedings.neurips.cc/paper_files/paper/2021/file/cbcb58ac2e496207586df2854b17995f-Paper.pdf
[21]
Shengshan Hu, Yechao Zhang, Xiaogeng Liu, Leo Yu Zhang, Minghui Li, and Hai Jin. 2021. AdvHash: Set-to-set Targeted Attack on Deep Hashing with One Single Adversarial Patch. In Proceedings of the ACM International Conference on Multimedia. 2335--2343. https://doi.org/10.1145/3474085.3475396
[22]
Shengshan Hu, Ziqi Zhou, Yechao Zhang, Leo Yu Zhang, Yifeng Zheng, Yuanyuan He, and Hai Jin. 2022. BadHash: Invisible Backdoor Attacks against Deep Hashing with Clean Label. In Proceedings of the ACM International Conference on Multimedia. 678--686. https://doi.org/10.1145/3503161.3548272
[23]
Mark J. Huiskes and Michael S. Lew. 2008. The MIR flickr retrieval evaluation. In Proceedings of the ACM International Conference on Multimedia Information Retrieval. 39--43. https://doi.org/10.1145/1460096.1460104
[24]
Piotr Indyk and Rajeev Motwani. 1998. Approximate nearest neighbors: towards removing the curse of dimensionality. In Proceedings of the Annual ACM Symposium on Theory of Computing. 604--613. https://doi.org/10.1145/276698.276876
[25]
Nathan Inkawhich, Wei Wen, Hai (Helen) Li, and Yiran Chen. 2019. Feature Space Perturbations Yield More Transferable Adversarial Examples. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 7059--7067.
[26]
Qing-Yuan Jiang and Wu-Jun Li. 2017. Deep Cross-Modal Hashing. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 3270--3278.
[27]
Jeff Johnson, Matthijs Douze, and Hervé Jégou. 2021. Billion-Scale Similarity Search with GPUs. IEEE Transactions on Big Data, Vol. 7, 3 (2021), 535--547. https://doi.org/10.1109/TBDATA.2019.2921572
[28]
Alex Krizhevsky, Ilya Sutskever, and Geoffrey E. Hinton. 2017. ImageNet classification with deep convolutional neural networks. Commun. ACM, Vol. 60, 6 (may 2017), 84--90. https://doi.org/10.1145/3065386
[29]
Alexey Kurakin, Ian J. Goodfellow, and Samy Bengio. 2017. Adversarial Machine Learning at Scale. In Proceedings of the International Conference on Learning Representations. https://arxiv.org/abs/1611.01236
[30]
Jie Li, Rongrong Ji, Hong Liu, Xiaopeng Hong, Yue Gao, and Qi Tian. 2019. Universal Perturbation Attack Against Image Retrieval. In Proceedings of the IEEE/CVF International Conference on Computer Vision. 4898--4907.
[31]
Mingyong Li and Hongya Wang. 2021. Unsupervised Deep Cross-Modal Hashing by Knowledge Distillation for Large-scale Cross-modal Retrieval. In Proceedings of the International Conference on Multimedia Retrieval. 183--191. https://doi.org/10.1145/3460426.3463626
[32]
Wu-Jun Li, Sheng Wang, and Wang-Cheng Kang. 2016. Feature learning based deep supervised hashing with pairwise labels. In Proceedings of the International Joint Conference on Artificial Intelligence. 1711--1717.
[33]
Kevin Lin, Jiwen Lu, Chu-Song Chen, and Jie Zhou. 2016. Learning Compact Binary Descriptors with Unsupervised Deep Neural Networks. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 1183--1192.
[34]
Tsung-Yi Lin, Michael Maire, Serge Belongie, James Hays, Pietro Perona, Deva Ramanan, Piotr Dollár, and C. Lawrence Zitnick. 2014. Microsoft COCO: Common Objects in Context. In Proceedings of the European Conference on Computer Vision. 740--755. https://www.microsoft.com/en-us/research/publication/microsoft-coco-common-objects-in-context/
[35]
Xiaoqing Liu, Huanqiang Zeng, Yifan Shi, Jianqing Zhu, Chih-Hsien Hsia, and Kai-Kuang Ma. 2023 b. Deep Cross-Modal Hashing Based on Semantic Consistent Ranking. IEEE Transactions on Multimedia, Vol. 25 (2023), 9530--9542. https://doi.org/10.1109/TMM.2023.3254199
[36]
Zhengqi Liu, Jie Gui, and Hao Luo. 2023 a. Good helper is around you: Attention-driven Masked Image Modeling. In Proceedings of the AAAI Conference on Artificial Intelligence. 1799--1807.
[37]
Junda Lu, Mingyang Chen, Yifang Sun, Wei Wang, Yi Wang, and Xiaochun Yang. 2021. A Smart Adversarial Attack on Deep Hashing Based Image Retrieval. In Proceedings of the International Conference on Multimedia Retrieval. 227--235. https://doi.org/10.1145/3460426.3463640
[38]
Xiao Luo, Zeyu Ma, Wei Cheng, and Minghua Deng. 2022. Improve Deep Unsupervised Hashing via Structural and Intrinsic Similarity Learning. IEEE Signal Processing Letters, Vol. 29 (2022), 602--606. https://doi.org/10.1109/LSP.2022.3148674
[39]
Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In Proceedings of the International Conference on Learning Representations. https://openreview.net/forum?id=rJzIBfZAb
[40]
Georgii Mikriukov, Mahdyar Ravanbakhsh, and Begüm Demir. 2022. Unsupervised Contrastive Hashing for Cross-Modal Retrieval in Remote Sensing. In Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing. 4463--4467.
[41]
Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. 2017. Universal Adversarial Perturbations. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 86--94.
[42]
Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, and Pascal Frossard. 2016. DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2574--2582.
[43]
Marius Muja and David G. Lowe. 2014. Scalable Nearest Neighbor Algorithms for High Dimensional Data. IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 36, 11 (2014), 2227--2240. https://doi.org/10.1109/TPAMI.2014.2321376
[44]
Ivan Oseledets and Valentin Khrulkov. 2018. Art of Singular Vectors and Universal Adversarial Perturbations. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 8562--8570.
[45]
Omid Poursaeed, Isay Katsman, Bicheng Gao, and Serge Belongie. 2018. Generative adversarial perturbations. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 4422--4431.
[46]
Alec Radford, Luke Metz, and Soumith Chintala. 2016. Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks. In Proceedings of the International Conference on Learning Representations. http://arxiv.org/abs/1511.06434
[47]
Karen Simonyan and Andrew Zisserman. 2015. Very Deep Convolutional Networks for Large-Scale Image Recognition. In Proceedings of the International Conference on Learning Representations. http://arxiv.org/abs/1409.1556
[48]
Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In Proceedings of the International Conference on Learning Representations. http://arxiv.org/abs/1312.6199
[49]
Giorgos Tolias, Filip Radenovic, and Ondrej Chum. 2019. Targeted Mismatch Adversarial Attack: Query With a Flower to Retrieve the Tower. In Proceedings of the IEEE/CVF International Conference on Computer Vision. 5036--5045.
[50]
Xunguang Wang, Yiqun Lin, and Xiaomeng Li. 2023. CgAT: Center-Guided Adversarial Training for Deep Hashing-Based Retrieval. In Proceedings of the ACM Web Conference. 3268--3277. https://doi.org/10.1145/3543507.3583369
[51]
Xunguang Wang, Zheng Zhang, Guangming Lu, and Yong Xu. 2021a. Targeted Attack and Defense for Deep Hashing. In Proceedings of the International ACM SIGIR Conference on Research and Development in Information Retrieval. 2298--2302. https://doi.org/10.1145/3404835.3463233
[52]
Xunguang Wang, Zheng Zhang, Baoyuan Wu, Fumin Shen, and Guangming Lu. 2021b. Prototype-supervised adversarial network for targeted attack of deep hashing. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 16357--16366.
[53]
Zheng Wang, Yang Yang, Jingjing Li, and Xiaofeng Zhu. 2022. Universal adversarial perturbations generative network. World Wide Web, Vol. 25, 4 (2022), 1725--1746. https://doi.org/10.1007/s11280-022-01058--7
[54]
Huapeng Wu, Jie Gui, Jun Zhang, James T Kwok, and Zhihui Wei. 2023. Feedback pyramid attention networks for single image super-resolution. IEEE Transactions on Circuits and Systems for Video Technology (2023).
[55]
Yanru Xiao and Cong Wang. 2021. You see what I want you to see: Exploring targeted black-box transferability attack for hash-based image retrieval systems. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 1934--1943.
[56]
Erkun Yang, Cheng Deng, Tongliang Liu, Wei Liu, and Dacheng Tao. 2018. Semantic structure-based unsupervised deep hashing. In Proceedings of the International Joint Conference on Artificial Intelligence. 1064--1070.
[57]
Erkun Yang, Tongliang Liu, Cheng Deng, and Dacheng Tao. 2020. Adversarial Examples for Hamming Space Search. IEEE Transactions on Cybernetics, Vol. 50, 4 (2020), 1473--1484. https://doi.org/10.1109/TCYB.2018.2882908
[58]
Jiancheng YANG, Yangzhou Jiang, Xiaoyang Huang, Bingbing Ni, and Chenglong Zhao. 2020. Learning Black-Box Attackers with Transferable Priors and Query Feedback. In Advances in Neural Information Processing Systems. 12288--12299. https://proceedings.neurips.cc/paper_files/paper/2020/file/90599c8fdd2f6e7a03ad173e2f535751-Paper.pdf
[59]
Li Yuan, Tao Wang, Xiaopeng Zhang, Francis EH Tay, Zequn Jie, Wei Liu, and Jiashi Feng. 2020. Central similarity quantization for efficient image and video retrieval. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 3083--3092.
[60]
Chaoning Zhang, Philipp Benz, Tooba Imtiaz, and In-So Kweon. 2020a. CD-UAP: Class Discriminative Universal Adversarial Perturbation. Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 34, 04 (2020), 6754--6761. https://doi.org/10.1609/aaai.v34i04.6154
[61]
Chaoning Zhang, Philipp Benz, Tooba Imtiaz, and In So Kweon. 2020b. Understanding Adversarial Examples From the Mutual Influence of Images and Perturbations. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 14509--14518.
[62]
Jian Zhang, Yuxin Peng, and Mingkuan Yuan. 2018. Unsupervised Generative Adversarial Cross-Modal Hashing. Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 32, 1 (2018). https://doi.org/10.1609/aaai.v32i1.11263
[63]
Guoping Zhao, Mingyu Zhang, Jiajun Liu, and Ji-Rong Wen. 2019. Unsupervised Adversarial Attacks on Deep Feature-based Retrieval with GAN. arxiv: 1907.05793
[64]
Wenshuo Zhao, Jingkuan Song, Shengming Yuan, Lianli Gao, Yang Yang, and Hengtao Shen. 2023. Precise Target-Oriented Attack against Deep Hashing-based Retrieval. In Proceedings of the ACM International Conference on Multimedia. 6379--6389. https://doi.org/10.1145/3581783.3612364
Index Terms
- Targeted Universal Adversarial Attack on Deep Hash Networks
Recommendations
Targeted Attack and Defense for Deep Hashing
SIGIR '21: Proceedings of the 44th International ACM SIGIR Conference on Research and Development in Information RetrievalDeep hashing methods have been intensively studied and successfully applied in massive fast image retrieval. However, inherited from the deficiency of deep neural networks, deep hashing models can be easily fooled by adversarial examples, which brings a ...
A hybrid adversarial training for deep learning model and denoising network resistant to adversarial examples
AbstractDeep neural networks (DNNs) are vulnerable to adversarial attacks that generate adversarial examples by adding small perturbations to the clean images. To combat adversarial attacks, the two main defense methods used are denoising and adversarial ...
Targeted Transferable Attack against Deep Hashing Retrieval
MMAsia '23: Proceedings of the 5th ACM International Conference on Multimedia in AsiaWith the extensive utilization of deep hashing, there exists a surging interest in studying adversarial attacks against it. Previous methods have demonstrated the superior white-box attack performance against deep hashing. However, the more challenging ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2024
1379 pages
ISBN:9798400706196
DOI:10.1145/3652583
- General Chairs:
- Cathal Gurrin,
- Rachada Kongkachandra,
- Klaus Schoeffmann,
- Program Chairs:
- Duc-Tien Dang-Nguyen,
- Luca Rossetto,
- Shin'ichi Satoh,
- Liting Zhou
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 June 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
Acceptance Rates
Overall Acceptance Rate 254 of 830 submissions, 31%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 68Total Downloads
- Downloads (Last 12 months)68
- Downloads (Last 6 weeks)11
Reflects downloads up to 16 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in