Deep hashing has been intensively studied and successfully applied in large-scale image retrieval systems due to its efficiency and effectiveness. Recent studies have recognized that the existence of adversarial examples poses a security threat to deep hashing models, that is, adversarial vulnerability. Notably, it is challenging to efficiently distill reliable semantic representatives for deep hashing to guide adversarial learning, and thereby it hinders the enhancement of adversarial robustness of deep hashing-based retrieval models. Moreover, current researches on adversarial training for deep hashing are hard to be formalized into a unified minimax structure. In this paper, we explore Semantic-Aware Adversarial Training (SAAT) for improving the adversarial robustness of deep hashing models. Specifically, we conceive a discriminative mainstay features learning (DMFL) scheme to construct semantic representatives for guiding adversarial learning in deep hashing. Particularly, our DMFL with the strict theoretical guarantee is adaptively optimized in a discriminative learning manner, where both discriminative and semantic properties are jointly considered. Moreover, adversarial examples are fabricated by maximizing the Hamming distance between the hash codes of adversarial samples and mainstay features, the efficacy of which is validated in the adversarial attack trials. Further, we, for the first time, formulate the formalized adversarial training of deep hashing into a unified minimax optimization under the guidance of the generated mainstay codes. Extensive experiments on benchmark datasets show superb attack performance against the state-of-the-art algorithms, meanwhile, the proposed adversarial training can effectively eliminate adversarial perturbations for trustworthy deep hashing-based retrieval. Our code is available at https://github.com/xandery-geek/SAAT.

翻译：深度哈希因其高效性被广泛研究并成功应用于大规模图像检索系统。近期研究认识到，对抗样本的存在对深度哈希模型构成安全威胁，即对抗脆弱性。值得注意的是，为深度哈希高效提炼可靠的语义代表以指导对抗学习具有挑战性，这阻碍了基于深度哈希的检索模型对抗鲁棒性的提升。此外，当前深度哈希对抗训练的研究难以被统一形式化为极小极大结构。本文探索了语义感知对抗训练（SAAT）以提升深度哈希模型的对抗鲁棒性。具体而言，我们设计了一种判别性主特征学习（DMFL）方案，用于构建语义代表以指导深度哈希中的对抗学习。特别是，具有严格理论保证的DMFL以判别学习方式自适应优化，同时兼顾判别性与语义属性。此外，通过最大化对抗样本哈希码与主特征之间的汉明距离来生成对抗样本，其在对抗攻击实验中的有效性得到验证。更进一步，我们首次将深度哈希的形式化对抗训练统一为主码引导下的极小极大优化。在基准数据集上的大量实验表明，该方法对现有最优算法具有卓越的攻击性能，同时所提出的对抗训练能有效消除对抗扰动，实现可信的深度哈希检索。我们的代码开源在 https://github.com/xandery-geek/SAAT。