This repository provides the implementatin of our ECCV 2020 work: Targeted Attack for Deep Hashing based Retrieval.
The deep hashing based retrieval method is widely adopted in large-scale image and video retrieval. However, there is little investigation on its security. In this paper, we propose a novel method, dubbed deep hashing targeted attack (DHTA), to study the targeted attack on such retrieval. Specifically, we first formulate the targeted attack as a point-to-set optimization, which minimizes the average distance between the hash code of an adversarial example and those of a set of objects with the target label. Then we design a novel component-voting scheme to obtain an anchor code as the representative of the set of hash codes of objects with the target label, whose optimality guarantee is also theoretically derived. To balance the performance and perceptibility, we propose to minimize the Hamming distance between the hash code of the adversarial example and the anchor code under the restriction on the perturbation. Extensive experiments verify that DHTA is effective in attacking both deep hashing based image retrieval and video retrieval.
- Install PyTorch >= 1.4
- Clone this repo:
git clone https://github.com/jiawangbai/DHTA-master.git- Download the pretrained hashing model: VGG11_32_for_ImageNet
- Save this model in "./DHTA-master/models/imagenet_vgg11_32"
Run the following command with --reproduce to reproduce our results of attacking vgg11 with 32-bits code length on ImageNet.
python attack_imagenet.py --n-anchor 9 --root [imagent-data-root] --reproduce --gpu-id [gpu-id]n-anchor=9 denotes our DHTA method.
python attack_imagenet.py --n-anchor 1 --root [imagent-data-root] --reproduce --gpu-id [gpu-id]n-anchor=1 denotes P2P attack method.
An example of image retrieval with benign query and its adversarial query on ImageNet. Retrieved objects with top-10 similarity are shown in the box. The tick and cross indicate whether the retrieved object is consistent with the desired label (the original label for benign query and the target label for adversarial query).
Visualization examples of generated adversarial examples on ImageNet.
If our work is useful for your research, please cite it as follows.
@inproceedings{bai2020targeted,
title={Targeted Attack for Deep Hashing based Retrieval},
author={Bai, Jiawang and Chen, Bin and Li, Yiming and Wu, Dongxian and Guo, Weiwei and Xia, Shu-tao and Yang, En-hui},
booktitle={ECCV},
year={2020}
}