Large-scale image retrieval using deep hashing has become increasingly popular due to the exponential growth of image data and the remarkable feature extraction capabilities of deep neural networks (DNNs). However, deep hashing methods are vulnerable to malicious attacks, including adversarial and backdoor attacks. It is worth noting that these attacks typically involve altering the query images, which is not a practical concern in real-world scenarios. In this paper, we point out that even clean query images can be dangerous, inducing malicious target retrieval results, like undesired or illegal images. To the best of our knowledge, we are the first to study data \textbf{p}oisoning \textbf{a}ttacks against \textbf{d}eep \textbf{hash}ing \textbf{(\textit{PADHASH})}. Specifically, we first train a surrogate model to simulate the behavior of the target deep hashing model. Then, a strict gradient matching strategy is proposed to generate the poisoned images. Extensive experiments on different models, datasets, hash methods, and hash code lengths demonstrate the effectiveness and generality of our attack method.

翻译：由于图像数据的指数级增长以及深度神经网络（DNNs）卓越的特征提取能力，使用深度哈希的大规模图像检索已变得越来越流行。然而，深度哈希方法容易受到恶意攻击，包括对抗性攻击和后门攻击。值得注意的是，这些攻击通常涉及修改查询图像，这在现实场景中并非一个实际的关注点。在本文中，我们指出，即使是干净的查询图像也可能具有危险性，会引发恶意的目标检索结果，例如不期望的或非法的图像。据我们所知，我们是首个研究针对深度哈希的数据\textbf{投}毒\textbf{攻}击（\textit{PADHASH}）的工作。具体而言，我们首先训练一个代理模型来模拟目标深度哈希模型的行为。然后，提出了一种严格的梯度匹配策略来生成投毒图像。在不同模型、数据集、哈希方法及哈希码长度上进行的大量实验证明了我们攻击方法的有效性和普适性。