Evade Deep Image Retrieval by Stashing Private Images in the Hash Space
Document Type
Conference Paper
Publication Date
2020
DOI
10.1109/CVPR42600.2020.00967
Publication Title
2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
Pages
9648-9657
Conference Name
2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Los Alamitos, CA, USA, June 13-19, 2020
Abstract
With the rapid growth of visual content, deep learning to hash is gaining popularity in the image retrieval community recently. Although it greatly facilitates search efficiency, privacy is also at risks when images on the web are retrieved at a large scale and exploited as a rich mine of personal information. An adversary can extract private images by querying similar images from the targeted category for any usable model. Existing methods based on image processing preserve privacy at a sacrifice of perceptual quality. In this paper, we propose a new mechanism based on adversarial examples to "stash'' private images in the deep hash space while maintaining perceptual similarity. We first find that a simple approach of hamming distance maximization is not robust against brute-force adversaries. Then we develop a new loss function by maximizing the hamming distance to not only the original category, but also the centers from all the classes, partitioned into clusters of various sizes. The extensive experiment shows that the proposed defense can harden the attacker's efforts by 2-7 orders of magnitude, without significant increase of computational overhead and perceptual degradation. We also demonstrate 30-60% transferability in hash space with a black-box setting. The code is available at: https://github.com/sugarruy/hashstash.
Original Publication Citation
Xiao, Y., Wang, C., & Gao, X. (2020). Evade deep image retrieval by stashing private images in the hash space. Paper presented at the 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Los Alamitos, CA, USA, June 13-19, 2020.
Repository Citation
Xiao, Y., Wang, C., & Gao, X. (2020). Evade deep image retrieval by stashing private images in the hash space. Paper presented at the 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Los Alamitos, CA, USA, June 13-19, 2020.
Comments
The CVPR 2020 paper is the Open Access version, provided by the Computer Vision Foundation. The final published version of the proceedings is available on IEEE Xplore at: https://dx.doi.org/10.1109/CVPR42600.2020.00967