Distance maximization and defences on deep hashing based image retrieval

Junda Lu; Yukai Miao; Mingyang Chen; Bo Huang; Bing Li; Wei Wang; Dinusha Vatsalan; Mohamed Ali Kaafar

doi:10.1109/ICKG59574.2023.00027

Distance maximization and defences on deep hashing based image retrieval

Junda Lu, Yukai Miao, Mingyang Chen, Bo Huang, Bing Li, Wei Wang, Dinusha Vatsalan, Mohamed Ali Kaafar

Research output: Chapter in Book / Conference Paper › Conference Paper › peer-review

Abstract

Though being remarkably efficient in computation and storage, recent research demonstrates deep hashing based image retrieval models are also vulnerable to adversarial attacks. A substantial amount of defence techniques against adversarial attacks have been developed recently, the overwhelming majority focus on adversarial training. However, adversarial defence focusing on the data side, i.e., cluster-contrasting, still remains a paucity. Albeit a pioneer work makes attempt to maximise the average distances of image clusters by anchoring predefined hash centers, it is still insufficient for a robust defence due to no optimal guarantee and over-sticking to the global average distance. Further, the laser-focus of either adversarial training or cluster contrasting of existing methods hinder them from further robustness boosting by judiciously incorporating them together. In this paper, we propose a novel distance maximization algorithm for defence on deep hashing based image retrieval systems. The model finds the optimal maximum average distance between cluster centers, and then uses a heuristic method to increase the minimum distance in the worst-case by solving a maximum Boolean satisfiability (max-SAT) problem. Our proposed distance maximization algorithm is a boosting algorithm that can be incorporated into adversarial training to enhance or boost the robustness of retrieval systems. Experiments conducted on two datasets demonstrate that our algorithm can generate clusters with a maximised average distance, while the minimum distance is also increased by up to 33% over the state-of-the-art method, and robustness is improved by up to 23 %.

Original language	English
Title of host publication	Proceedings of the IEEE International Conference on Knowledge Graph (ICKG), 1-2 December 2023, Shanghai, China
Editors	Victor S. Sheng, Chindo Hicks, Charles Ling, Vijay Raghavan, Xindong Wu
Place of Publication	U.S.
Publisher	IEEE
Pages	176-183
Number of pages	8
ISBN (Electronic)	9798350307092
DOIs	https://doi.org/10.1109/ICKG59574.2023.00027
Publication status	Published - 2023
Externally published	Yes
Event	IEEE International Conference on Knowledge Graph - Shanghai World Trade Mall, Shanghai, China Duration: 1 Dec 2023 → 2 Dec 2023 Conference number: 14th

Conference

Conference	IEEE International Conference on Knowledge Graph
Abbreviated title	ICKG
Country/Territory	China
City	Shanghai
Period	1/12/23 → 2/12/23

Keywords

Training
Machine learning algorithms
Image retrieval
Clustering algorithms
Knowledge graphs
Boosting
Robustness
Adversarial Machine Learning
Adversarial Defence
Deep Hashing
Image Retrieval

Access to Document

10.1109/ICKG59574.2023.00027

Cite this

Lu, J., Miao, Y., Chen, M., Huang, B., Li, B., Wang, W., Vatsalan, D., & Kaafar, M. A. (2023). Distance maximization and defences on deep hashing based image retrieval. In V. S. Sheng, C. Hicks, C. Ling, V. Raghavan, & X. Wu (Eds.), Proceedings of the IEEE International Conference on Knowledge Graph (ICKG), 1-2 December 2023, Shanghai, China (pp. 176-183). IEEE. https://doi.org/10.1109/ICKG59574.2023.00027

@inproceedings{a2b7e8f4e1554c0fac76418fbbe03e23,

title = "Distance maximization and defences on deep hashing based image retrieval",

abstract = "Though being remarkably efficient in computation and storage, recent research demonstrates deep hashing based image retrieval models are also vulnerable to adversarial attacks. A substantial amount of defence techniques against adversarial attacks have been developed recently, the overwhelming majority focus on adversarial training. However, adversarial defence focusing on the data side, i.e., cluster-contrasting, still remains a paucity. Albeit a pioneer work makes attempt to maximise the average distances of image clusters by anchoring predefined hash centers, it is still insufficient for a robust defence due to no optimal guarantee and over-sticking to the global average distance. Further, the laser-focus of either adversarial training or cluster contrasting of existing methods hinder them from further robustness boosting by judiciously incorporating them together. In this paper, we propose a novel distance maximization algorithm for defence on deep hashing based image retrieval systems. The model finds the optimal maximum average distance between cluster centers, and then uses a heuristic method to increase the minimum distance in the worst-case by solving a maximum Boolean satisfiability (max-SAT) problem. Our proposed distance maximization algorithm is a boosting algorithm that can be incorporated into adversarial training to enhance or boost the robustness of retrieval systems. Experiments conducted on two datasets demonstrate that our algorithm can generate clusters with a maximised average distance, while the minimum distance is also increased by up to 33% over the state-of-the-art method, and robustness is improved by up to 23 %.",

keywords = "Training, Machine learning algorithms, Image retrieval, Clustering algorithms, Knowledge graphs, Boosting, Robustness, Adversarial Machine Learning, Adversarial Defence, Deep Hashing, Image Retrieval",

author = "Junda Lu and Yukai Miao and Mingyang Chen and Bo Huang and Bing Li and Wei Wang and Dinusha Vatsalan and Kaafar, {Mohamed Ali}",

year = "2023",

doi = "10.1109/ICKG59574.2023.00027",

language = "English",

pages = "176--183",

editor = "Sheng, {Victor S.} and Chindo Hicks and Charles Ling and Vijay Raghavan and Xindong Wu",

booktitle = "Proceedings of the IEEE International Conference on Knowledge Graph (ICKG), 1-2 December 2023, Shanghai, China",

publisher = "IEEE",

note = "IEEE International Conference on Knowledge Graph, ICKG ; Conference date: 01-12-2023 Through 02-12-2023",

}

Lu, J, Miao, Y, Chen, M, Huang, B, Li, B, Wang, W, Vatsalan, D & Kaafar, MA 2023, Distance maximization and defences on deep hashing based image retrieval. in VS Sheng, C Hicks, C Ling, V Raghavan & X Wu (eds), Proceedings of the IEEE International Conference on Knowledge Graph (ICKG), 1-2 December 2023, Shanghai, China. IEEE, U.S., pp. 176-183, IEEE International Conference on Knowledge Graph, Shanghai, China, 1/12/23. https://doi.org/10.1109/ICKG59574.2023.00027

Distance maximization and defences on deep hashing based image retrieval. / Lu, Junda; Miao, Yukai; Chen, Mingyang et al.
Proceedings of the IEEE International Conference on Knowledge Graph (ICKG), 1-2 December 2023, Shanghai, China. ed. / Victor S. Sheng; Chindo Hicks; Charles Ling; Vijay Raghavan; Xindong Wu. U.S.: IEEE, 2023. p. 176-183.

Research output: Chapter in Book / Conference Paper › Conference Paper › peer-review

TY - GEN

T1 - Distance maximization and defences on deep hashing based image retrieval

AU - Lu, Junda

AU - Miao, Yukai

AU - Chen, Mingyang

AU - Huang, Bo

AU - Li, Bing

AU - Wang, Wei

AU - Vatsalan, Dinusha

AU - Kaafar, Mohamed Ali

N1 - Conference code: 14th

PY - 2023

Y1 - 2023

N2 - Though being remarkably efficient in computation and storage, recent research demonstrates deep hashing based image retrieval models are also vulnerable to adversarial attacks. A substantial amount of defence techniques against adversarial attacks have been developed recently, the overwhelming majority focus on adversarial training. However, adversarial defence focusing on the data side, i.e., cluster-contrasting, still remains a paucity. Albeit a pioneer work makes attempt to maximise the average distances of image clusters by anchoring predefined hash centers, it is still insufficient for a robust defence due to no optimal guarantee and over-sticking to the global average distance. Further, the laser-focus of either adversarial training or cluster contrasting of existing methods hinder them from further robustness boosting by judiciously incorporating them together. In this paper, we propose a novel distance maximization algorithm for defence on deep hashing based image retrieval systems. The model finds the optimal maximum average distance between cluster centers, and then uses a heuristic method to increase the minimum distance in the worst-case by solving a maximum Boolean satisfiability (max-SAT) problem. Our proposed distance maximization algorithm is a boosting algorithm that can be incorporated into adversarial training to enhance or boost the robustness of retrieval systems. Experiments conducted on two datasets demonstrate that our algorithm can generate clusters with a maximised average distance, while the minimum distance is also increased by up to 33% over the state-of-the-art method, and robustness is improved by up to 23 %.

AB - Though being remarkably efficient in computation and storage, recent research demonstrates deep hashing based image retrieval models are also vulnerable to adversarial attacks. A substantial amount of defence techniques against adversarial attacks have been developed recently, the overwhelming majority focus on adversarial training. However, adversarial defence focusing on the data side, i.e., cluster-contrasting, still remains a paucity. Albeit a pioneer work makes attempt to maximise the average distances of image clusters by anchoring predefined hash centers, it is still insufficient for a robust defence due to no optimal guarantee and over-sticking to the global average distance. Further, the laser-focus of either adversarial training or cluster contrasting of existing methods hinder them from further robustness boosting by judiciously incorporating them together. In this paper, we propose a novel distance maximization algorithm for defence on deep hashing based image retrieval systems. The model finds the optimal maximum average distance between cluster centers, and then uses a heuristic method to increase the minimum distance in the worst-case by solving a maximum Boolean satisfiability (max-SAT) problem. Our proposed distance maximization algorithm is a boosting algorithm that can be incorporated into adversarial training to enhance or boost the robustness of retrieval systems. Experiments conducted on two datasets demonstrate that our algorithm can generate clusters with a maximised average distance, while the minimum distance is also increased by up to 33% over the state-of-the-art method, and robustness is improved by up to 23 %.

KW - Training

KW - Machine learning algorithms

KW - Image retrieval

KW - Clustering algorithms

KW - Knowledge graphs

KW - Boosting

KW - Robustness

KW - Adversarial Machine Learning

KW - Adversarial Defence

KW - Deep Hashing

KW - Image Retrieval

UR - http://www.scopus.com/inward/record.url?scp=85186139906&partnerID=8YFLogxK

UR - https://go.openathens.net/redirector/westernsydney.edu.au?url=https://doi.org/10.1109/ICKG59574.2023.00027

U2 - 10.1109/ICKG59574.2023.00027

DO - 10.1109/ICKG59574.2023.00027

M3 - Conference Paper

SP - 176

EP - 183

BT - Proceedings of the IEEE International Conference on Knowledge Graph (ICKG), 1-2 December 2023, Shanghai, China

A2 - Sheng, Victor S.

A2 - Hicks, Chindo

A2 - Ling, Charles

A2 - Raghavan, Vijay

A2 - Wu, Xindong

PB - IEEE

CY - U.S.

T2 - IEEE International Conference on Knowledge Graph

Y2 - 1 December 2023 through 2 December 2023

ER -

Distance maximization and defences on deep hashing based image retrieval

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this