Unsupervised Adversarial Attacks on Deep Feature-based Retrieval with GAN

07/12/2019
by   Guoping Zhao, et al.
2

Studies show that Deep Neural Network (DNN)-based image classification models are vulnerable to maliciously constructed adversarial examples. However, little effort has been made to investigate how DNN-based image retrieval models are affected by such attacks. In this paper, we introduce Unsupervised Adversarial Attacks with Generative Adversarial Networks (UAA-GAN) to attack deep feature-based image retrieval systems. UAA-GAN is an unsupervised learning model that requires only a small amount of unlabeled data for training. Once trained, it produces query-specific perturbations for query images to form adversarial queries. The core idea is to ensure that the attached perturbation is barely perceptible to human yet effective in pushing the query away from its original position in the deep feature space. UAA-GAN works with various application scenarios that are based on deep features, including image retrieval, person Re-ID and face search. Empirical results show that UAA-GAN cripples retrieval performance without significant visual changes in the query images. UAA-GAN generated adversarial examples are less distinguishable because they tend to incorporate subtle perturbations in textured or salient areas of the images, such as key body parts of human, dominant structural patterns/textures or edges, rather than in visually insignificant areas (e.g., background and sky). Such tendency indicates that the model indeed learned how to toy with both image retrieval systems and human eyes.

READ FULL TEXT

page 1

page 3

page 7

page 8

research
01/29/2019

Who's Afraid of Adversarial Queries? The Impact of Image Modifications on Content-based Image Retrieval

An adversarial query is an image that has been modified to disrupt conte...
research
12/03/2018

Universal Perturbation Attack Against Image Retrieval

Despite the remarkable success, deep learning models have shown to be vu...
research
08/24/2019

Targeted Mismatch Adversarial Attack: Query with a Flower to Retrieve the Tower

Access to online visual search engines implies sharing of private user c...
research
02/26/2023

Learning cross space mapping via DNN using large scale click-through logs

The gap between low-level visual signals and high-level semantics has be...
research
07/14/2020

Conditional Image Retrieval

This work introduces Conditional Image Retrieval (CIR) systems: IR metho...
research
04/09/2023

Unsupervised Multi-Criteria Adversarial Detection in Deep Image Retrieval

The vulnerability in the algorithm supply chain of deep learning has imp...
research
07/09/2020

Efficient detection of adversarial images

In this paper, detection of deception attack on deep neural network (DNN...

Please sign up or login with your details

Forgot password? Click here to reset