Adversarial training has achieved substantial performance in defending image retrieval against adversarial examples. However, existing studies in deep metric learning (DML) still suffer from two major limitations: weak adversary and model collapse. In this paper, we address these two limitations by proposing Collapse-Aware TRIplet DEcoupling (CA-TRIDE). Specifically, TRIDE yields a stronger adversary by spatially decoupling the perturbation targets into the anchor and the other candidates. Furthermore, CA prevents the consequential model collapse, based on a novel metric, collapseness, which is incorporated into the optimization of perturbation. We also identify two drawbacks of the existing robustness metric in image retrieval and propose a new metric for a more reasonable robustness evaluation. Extensive experiments on three datasets demonstrate that CA-TRIDE outperforms existing defense methods in both conventional and new metrics. Codes are available at https://github.com/michaeltian108/CA-TRIDE.

翻译：对抗训练在防御图像检索对抗样本方面已取得显著成效。然而，深度度量学习领域的现有研究仍面临两大局限：对抗强度不足与模型坍塌。本文通过提出坍塌感知三元组解耦方法（CA-TRIDE）以应对上述局限。具体而言，TRIDE通过将扰动目标在空间维度解耦为锚点样本与其他候选样本，从而生成更强的对抗样本。此外，CA模块基于新提出的度量指标——坍塌度，将其融入扰动优化过程，有效防止由此引发的模型坍塌。本文同时指出现有图像检索鲁棒性评估指标的两点缺陷，并提出更合理的新评估指标。在三个数据集上的大量实验表明，CA-TRIDE在传统指标与新指标上均优于现有防御方法。代码已发布于https://github.com/michaeltian108/CA-TRIDE。