Adversarial Attack and Defense in Deep Ranking
Mo Zhou, Le Wang, Zhenxing Niu, Qilin Zhang, Nanning Zheng, Gang Hua
TL;DR
This paper introduces novel adversarial attacks and defenses for deep ranking systems, demonstrating their effectiveness and proposing a robustness measure across multiple datasets.
Contribution
It presents two new attack methods for deep ranking, a defense strategy, and a comprehensive robustness score to evaluate model resilience.
Findings
Attacks can significantly alter ranking outcomes.
The proposed defense improves robustness against various attacks.
Empirical robustness scores effectively measure defense effectiveness.
Abstract
Deep Neural Network classifiers are vulnerable to adversarial attack, where an imperceptible perturbation could result in misclassification. However, the vulnerability of DNN-based image ranking systems remains under-explored. In this paper, we propose two attacks against deep ranking systems, i.e., Candidate Attack and Query Attack, that can raise or lower the rank of chosen candidates by adversarial perturbations. Specifically, the expected ranking order is first represented as a set of inequalities, and then a triplet-like objective function is designed to obtain the optimal perturbation. Conversely, an anti-collapse triplet defense is proposed to improve the ranking model robustness against all proposed attacks, where the model learns to prevent the positive and negative samples being pulled close to each other by adversarial attack. To comprehensively measure the empirical…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Domain Adaptation and Few-Shot Learning · Traumatic Brain Injury and Neurovascular Disturbances