AdvHash: Set-to-set Targeted Attack on Deep Hashing with One Single Adversarial Patch
File version
Author(s)
Zhang, Y
Liu, X
Zhang, LY
Li, M
Jin, H
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
Size
File type(s)
Location
Virtual
License
Abstract
In this paper, we propose AdvHash, the first targeted mismatch attack on deep hashing through adversarial patch. After superimposed with the same adversarial patch, any query image with a chosen label will retrieve a set of irrelevant images with the target label. Concretely, we first formulate a set-to-set problem, where a set of samples are pushed into a predefined clustered area in the Hamming space. Then we obtain a target anchor hash code and transform the attack to a set-to-point optimization. In order to generate a image-agnostic stable adversarial patch for a chosen label more efficiently, we propose a product-based weighted gradient aggregation strategy to dynamically adjust the gradient directions of the patch, by exploiting the Hamming distances between training samples and the target anchor hash code and assigning different weights to discriminatively aggregate gradients. Extensive experiments on benchmark datasets verify that AdvHash is highly effective at attacking two state-of-the-art deep hashing schemes. Our codes are available at: https://github.com/CGCL-codes/AdvHash.
Journal Title
Conference Title
MM '21: Proceedings of the 29th ACM International Conference on Multimedia
Book Title
Edition
Volume
Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
Item Access Status
Note
Access the data
Related item(s)
Subject
Computer vision
System and network security
Persistent link to this record
Citation
Hu, S; Zhang, Y; Liu, X; Zhang, LY; Li, M; Jin, H, AdvHash: Set-to-set Targeted Attack on Deep Hashing with One Single Adversarial Patch, MM '21: Proceedings of the 29th ACM International Conference on Multimedia, 2021, pp. 2335-2343