Evade Deep Image Retrieval by Stashing Private Images in the Hash Space

Document Type

Conference Paper

Publication Date

2020

DOI

10.1109/CVPR42600.2020.00967

Publication Title

2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)

Pages

9648-9657

Conference Name

2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Los Alamitos, CA, USA, June 13-19, 2020

Abstract

With the rapid growth of visual content, deep learning to hash is gaining popularity in the image retrieval community recently. Although it greatly facilitates search efficiency, privacy is also at risks when images on the web are retrieved at a large scale and exploited as a rich mine of personal information. An adversary can extract private images by querying similar images from the targeted category for any usable model. Existing methods based on image processing preserve privacy at a sacrifice of perceptual quality. In this paper, we propose a new mechanism based on adversarial examples to "stash'' private images in the deep hash space while maintaining perceptual similarity. We first find that a simple approach of hamming distance maximization is not robust against brute-force adversaries. Then we develop a new loss function by maximizing the hamming distance to not only the original category, but also the centers from all the classes, partitioned into clusters of various sizes. The extensive experiment shows that the proposed defense can harden the attacker's efforts by 2-7 orders of magnitude, without significant increase of computational overhead and perceptual degradation. We also demonstrate 30-60% transferability in hash space with a black-box setting. The code is available at: https://github.com/sugarruy/hashstash.

Comments

The CVPR 2020 paper is the Open Access version, provided by the Computer Vision Foundation. The final published version of the proceedings is available on IEEE Xplore at: https://dx.doi.org/10.1109/CVPR42600.2020.00967

Original Publication Citation

Xiao, Y., Wang, C., & Gao, X. (2020). Evade deep image retrieval by stashing private images in the hash space. Paper presented at the 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Los Alamitos, CA, USA, June 13-19, 2020.

Share

COinS