The vulnerability in the algorithm supply chain of deep learning has imposed new challenges to image retrieval systems in the downstream. Among a variety of techniques, deep hashing is gaining popularity. As it inherits the algorithmic backend from deep learning, a handful of attacks are recently proposed to disrupt normal image retrieval. Unfortunately, the defense strategies in softmax classification are not readily available to be applied in the image retrieval domain. In this paper, we propose an efficient and unsupervised scheme to identify unique adversarial behaviors in the hamming space. In particular, we design three criteria from the perspectives of hamming distance, quantization loss and denoising to defend against both untargeted and targeted attacks, which collectively limit the adversarial space. The extensive experiments on four datasets demonstrate 2-23% improvements of detection rates with minimum computational overhead for real-time image queries.

翻译：深度学习算法供应链的脆弱性给下游图像检索系统带来了新的挑战。在众多技术中，深度哈希正日益受到关注。由于其继承了深度学习的算法后端，近期出现了一系列破坏正常图像检索的攻击手段。然而，软最大化分类中的防御策略无法直接应用于图像检索领域。本文提出了一种高效且无监督的方案，用于识别汉明空间中的独特对抗行为。具体而言，我们从汉明距离、量化损失和去噪三个角度设计了三种准则，以防御无目标和有目标攻击，从而共同限制对抗空间。在四个数据集上的大量实验表明，该方法在实时图像查询中仅需极小的计算开销，即可将检测率提升2%-23%。