用于攻击深度哈希图像检索模型的双分支自编码器网络

符思政; 曹春杰; 刘志远; 陶方舰; 孙敬张

doi:10.11959/j.issn.1000-0801.2023246

您当前的位置：

首页 >

文章列表页 >

用于攻击深度哈希图像检索模型的双分支自编码器网络

研究与开发 | 更新时间：2024-06-05

- 用于攻击深度哈希图像检索模型的双分支自编码器网络
- Dual-branch autoencoder network for attacking deep hashing image retrieval models
- 电信科学 2023年39卷第11期页码：96-106
- 作者机构：
- 作者简介：
  
  [ "符思政（1999- ），男，海南大学硕士生，主要研究方向为人工智能安全、对抗样本攻防、图像检索" ]
  [ "曹春杰（1977- ），男，博士，海南大学博士生导师，主要研究方向为认知无线网络安全、区块链、人工智能安全等" ]
  [ "刘志远（1999- ），男，海南大学硕士生，主要研究方向为对抗样本攻防、异常检测、图对比学习" ]
  [ "陶方舰（1991- ），男，海南大学博士生，主要研究方向为人工智能安全、对抗样本攻防" ]
  [ "孙敬张（1993- ），男，博士，海南大学硕士生导师，主要研究方向为无线安全、深度学习、图像处理" ]
- 基金信息：
  
  国家自然科学基金联合基金资助项目;The National Natural Science Foundation of China(U19B2044);海南省重点研发计划项目;The Key Research and Development Project of Hainan Province, China(ZDYF2020012)
- DOI：10.11959/j.issn.1000-0801.2023246
  中图分类号： TP393
- 网络出版日期：2023-11，
  
  纸质出版日期：2023-11-20
- 稿件说明：
移动端阅览
符思政, 曹春杰, 刘志远, 等. 用于攻击深度哈希图像检索模型的双分支自编码器网络[J]. 电信科学, 2023,39(11):96-106.

Sizheng FU, Chunjie CAO, Zhiyuan LIU, et al. Dual-branch autoencoder network for attacking deep hashing image retrieval models[J]. Telecommunications science, 2023, 39(11): 96-106.
符思政, 曹春杰, 刘志远, 等. 用于攻击深度哈希图像检索模型的双分支自编码器网络[J]. 电信科学, 2023,39(11):96-106. DOI： 10.11959/j.issn.1000-0801.2023246.

Sizheng FU, Chunjie CAO, Zhiyuan LIU, et al. Dual-branch autoencoder network for attacking deep hashing image retrieval models[J]. Telecommunications science, 2023, 39(11): 96-106. DOI： 10.11959/j.issn.1000-0801.2023246.

摘要

由于其强大的表示学习能力和高效的计算能力，基于深度学习的哈希（深度哈希）方法在大规模图像检索中被广泛应用。然而，对深度哈希模型的安全性研究较少。提出了双分支自编码器网络（DBAE）来研究这种检索的目标攻击。DBAE 的主要目标是生成难以察觉的对抗样本作为查询图像，使深度哈希模型检索的图像在语义上与原始图像无关，与目标图像相关。大量实验证明，DBAE 可以成功地生成具有小扰动的对抗样本来误导深度哈希模型，验证了这些扰动在各种设置下的可迁移性。

Abstract

Due to its powerful representation learning capabilities and efficient computing capabilities

deep learning-based hashing (deep hashing) methods are widely used in large-scale image retrieval.However

there are less studies on the security of deep hashing models.A dual-branch autoencoder network (DBAE) to study targeted attacks on such retrieval was proposed.The main goal of DBAE was to generate imperceptible adversarial samples as query images in order to make the images retrieved by the deep hashing model semantically irrelevant to the original image and relevant to the target image.Numerous experiments demonstrate that DBAE can successfully generate adversarial samples with small perturbations to mislead deep hashing models

and italso verifies the transferability of these perturbations under various settings.

关键词

Keywords

references

XU Y J , ZHAO X H , LIANG Y C . Robust power control and beamforming in cognitive radio networks:a survey [J ] . IEEE Communications Surveys ＆ Tutorials , 2015 , 17 ( 4 ): 1834 - 1857 .

XIA R , PAN Y , LAI H , et al . Supervised hashing for image retrieval via image representation learning [C ] // Proceedings of the AAAI Conference on Artificial Intelligence . 2014 .

CAO Z J , LONG M S , WANG J M , et al . HashNet:deep learning to hash by continuation [C ] // Proceedings of 2017 IEEE International Conference on Computer Vision (ICCV) . Piscataway:IEEE Press , 2017 : 5609 - 5618 .

LI W J , WANG S , KANG W C . Feature learning based deep supervised hashing with pairwise labels [J ] . arXiv preprint arXiv:1511.03855 , 2015 .

SZEGEDY C , ZAREMBA W , SUTSKEVER I , et al . Intriguing properties of neural networks [J ] . arXiv preprint arXiv:1312.6199 , 2013 .

胡永进 , 郭渊博 , 马骏 , 等 . 基于对抗样本的网络欺骗流量生成方法 [J ] . 通信学报 , 2020 , 41 ( 9 ): 59 - 70 .

HU Y J , GUO Y B , MA J , et al . Method to generate cyber deception traffic based on adversarial sample [J ] . Journal on Communications , 2020 , 41 ( 9 ): 59 - 70 .

程旭 , 王莹莹 , 张年杰 , 等 . 基于空间感知的多级损失目标跟踪对抗攻击方法 [J ] . 通信学报 , 2021 , 42 ( 11 ): 242 - 254 .

CHENG X , WANG Y Y , ZHANG N J , et al . Multi-level loss object tracking adversarial attack method based on spatial perception [J ] . Journal on Communications , 2021 , 42 ( 11 ): 242 - 254 .

WANG D , CUI P , OU M , et al . Learning compact hash codes for multimodal representations using orthogonal deep structure [J ] . IEEE Transactions on Multimedia , 2015 , 17 ( 9 ): 1404 - 1416 .

YANG E , LIU T , DENG C , et al . Adversarial examples for hamming space search [J ] . IEEE transactions on cybernetics , 2018 , 50 ( 4 ): 1473 - 1484 .

ZHANG R , LIN L , ZHANG R , et al . Bit-scalable deep hashing with regularized similarity learning for image retrieval and person re-identification [J ] . IEEE Transactions on Image Processing , 2015 , 24 ( 12 ): 4766 - 4779 .

LIU B , CAO Y , LONG M , et al . Deep triplet quantization [C ] // Proceedings of the 26th ACM international conference on Multimedia . New York:ACM Press , 2018 : 755 - 763 .

SHEN F , XU Y , LIU L , et al . Unsupervised deep hashing with similarity-adaptive and discrete optimization [J ] . IEEE Transactions on Pattern Analysis and Machine Intelligence , 2018 , 40 ( 12 ): 3034 - 3044 .

SONG J , HE T , GAO L , et al . Binary generative adversarial networks for image retrieval [C ] // Proceedings of the AAAI Conference on Artificial Intelligence . 2018 , 32 ( 1 ).

LIN K , LU J W , CHEN C S , et al . Learning compact binary descriptors with unsupervised deep neural networks [C ] // Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway:IEEE Press , 2016 : 1183 - 1192 .

GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples [J ] . arXiv preprint arXiv:1412.6572 , 2014 .

MOOSAVI-DEZFOOLI S M , FAWZI A , FROSSARD P . DeepFool:a simple and accurate method to fool deep neural networks [C ] // Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway:IEEE Press , 2016 : 2574 - 2582 .

MADRY A , MAKELOV A , SCHMIDT L , et al . Towards deep learning models resistant to adversarial attacks [J ] . arXiv preprint arXiv:1706.06083 , 2017 .

CARLINI N , WAGNER D . Towards evaluating the robustness of neural networks [C ] // Proceedings of 2017 IEEE Symposium on Security and Privacy (SP) . Piscataway:IEEE Press , 2017 : 39 - 57 .

CHEN P Y , ZHANG H , SHARMA Y , et al . ZOO:zeroth order optimization based black-box attacks to deep neural networks without training substitute models [C ] // Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security . New York:ACM Press , 2017 : 15 - 26 .

MOPURI K R , OJHA U , GARG U , et al . NAG:network for adversary generation [C ] // Proceedings of 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition . Piscataway:IEEE Press , 2018 : 742 - 751 .

BAI J , CHEN B , LI Y , et al . Targeted attack for deep hashing based retrieval [C ] // Proceedings of Computer Vision–ECCV 2020:16th European Conference . Cham:Springer , 2020 : 618 - 634 .

HU S S , ZHOU Z Q , ZHANG Y C , et al . BadHash:invisible backdoor attacks against deep hashing with clean label [C ] // Proceedings of the 30th ACM International Conference on Multimedia . New York:ACM Press , 2022 : 678 - 686 .

HU S S , ZHANG Y C , LIU X G , et al . AdvHash:set-to-set targeted attack on deep hashing with one single adversarial patch [C ] // Proceedings of the 29th ACM International Conference on Multimedia . New York:ACM Press , 2021 : 2335 - 2343 .

HE K M , ZHANG X Y , REN S Q , et al . Deep residual learning for image recognition [C ] // Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway:IEEE Press , 2016 : 770 - 778 .

SIMONYAN K , ZISSERMAN A . Very deep convolutional networks for large-scale image recognition [J ] . arXiv preprint arXiv:1409.1556 , 2014 .

YU C Q , GAO C X , WANG J B , et al . BiSeNet V2:bilateral network with guided aggregation for real-time semantic segmentation [J ] . International Journal of Computer Vision , 2021 , 129 ( 11 ): 3051 - 3068 .

FU Y , WU X J . A dual-branch network for infrared and visible image fusion [C ] // Proceedings of 2020 25th International Conference on Pattern Recognition (ICPR) . Piscataway:IEEE Press , 2021 : 10675 - 10680 .

HUISKES M J , LEW M S . The MIR flickr retrieval evaluation [C ] // Proceedings of the 1st ACM international conference on Multimedia information retrieval . New York:ACM Press , 2008 : 39 - 43 .

LIN T Y , MAIRE M , BELONGIE S , et al . Microsoft COCO:common objects in context [M ] // Computer Vision – ECCV 2014 . Cham : Springer International Publishing , 2014 : 740 - 755 .

CHUA T S , TANG J H , HONG R C , et al . NUS-WIDE:a real-world web image database from National University of Singapore [C ] // Proceedings of the ACM International Conference on Image and Video Retrieval . New York:ACM Press , 2009 : 1 - 9 .

WANG Z J , ZHANG Z , LUO Y D , et al . Deep collaborative discrete hashing with semantic-invariant structure [C ] // Proceedings of the 42nd International ACM SIGIR Conference on Research and Development in Information Retrieval . New York:ACM Press , 2019 : 905 - 908 .

JIANG Q Y , LI W J . Deep cross-modal hashing [C ] // Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway:IEEE Press , 2017 : 3270 - 3278 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

结合VLAD特征和稀疏表示的图像检索