摘要
基于深度学习的图像检索技术使得图像隐私泄露成为一个亟待解决的问题。利用对抗攻击生成的对抗样本,可在一定程度上实现隐私保护。但现有针对图像检索系统的目标对抗攻击方法易受选取目标样本质量和数量的影响,导致其攻击效果不佳。针对该问题,提出了一种基于特征加权聚合的图像检索目标对抗攻击方法,该方法将目标图像的检索准确率作为衡量样本质量的权重,利用目标类中少量样本的特征进行加权聚合获取类特征作为最终攻击目标。在RParis和ROxford两个数据集上的实验结果表明,该方法生成的对抗样本相比TMA方法,检索精度平均提升38%,相比DHTA方法,检索精度平均提升7.5%。
Image privacy leakage is an urgent problem to be solved in deep learning-based image retrieval systems.Using adversarial samples generated by the adversarial attack technology can achieve privacy protection to some extent.However,the existing targeted attack methods for image retrieval systems are susceptible to the quality and quantity of selected target samples,which can lead to poor attack effects.To solve this problem,this paper proposed a targeted adversarial attack method for image retrieval based on feature weighted aggregation.This method used the retrieval accuracy of the target image as weights to obtain the class features,which was generated by a small number of samples from the target class.Experimental results on two image retrieval datasets of RParis and ROxford show that the retrieval accuracy of the adversarial samples generated by this method improve by 38%on average compared with TMA method,and improve by 7.5%on average compared with DHTA method.
作者
杨帆
李阳
苗壮
张睿
王家宝
李航
Yang Fan;Li Yang;Miao Zhuang;Zhang Rui;Wang Jiabao;Li Hang(College of Command&Control Engineering,Army Engineering University of PLA,Nanjing 210007,China)
出处
《计算机应用研究》
CSCD
北大核心
2021年第12期3760-3764,共5页
Application Research of Computers
基金
国家自然科学基金青年科学基金资助项目(61806220)
国家重点研发计划资助项目(2017YFC0821905)
江苏省自然科学基金资助项目(BK20200581)
中国博士后科学基金资助项目(2020M683754,2021T140799)。
关键词
对抗攻击
图像检索
深度学习
adversarial attack
image retrieval
deep learning
