基于特征加权聚合的图像检索目标对抗攻击方法

基于深度学习的图像检索技术使得图像隐私泄露成为一个亟待解决的问题.利用对抗攻击生成的对抗样本,可在一定程度上实现隐私保护.但现有针对图像检索系统的目标对抗攻击方法易受选取目标样本质量和数量的影响,导致其攻击效果不佳.针对该问题,提出了一种基于特征加权聚合的图像检索目标对抗攻击方法,该方法将目标图像的检索准确率作为衡量样本质量的权重,利用目标类中少量样本的特征进行加权聚合获取类特征作为最终攻击目标.在RParis和ROxford两个数据集上的实验结果表明,该方法生成的对抗样本相比TMA方法,检索精度平均提升38％,相比DHTA方法,检索精度平均提升7.5％.

Targeted adversarial attack method for image retrieval based on feature weighted aggregation

Image privacy leakage is an urgent problem to be solved in deep learning-based image retrieval systems. Using adversarial samples generated by the adversarial attack technology can achieve privacy protection to some extent. However, the existing targeted attack methods for image retrieval systems are susceptible to the quality and quantity of selected target samples, which can lead to poor attack effects. To solve this problem, this paper proposed a targeted adversarial attack method for image retrieval based on feature weighted aggregation. This method used the retrieval accuracy of the target image as weights to obtain the class features, which was generated by a small number of samples from the target class. Experimental results on two image retrieval datasets of RParis and ROxford show that the retrieval accuracy of the adversarial samples generated by this method improved by 38% on average compared with TMA method, and improved by 7.5% on average compared with DHTA method.