Defense Against Adversarial Images Using Web-scale Nearest-neighbor Search
2019 Β· Abhimanyu Dubey, Laurens van Der Maaten, Zeki Yalniz, et al.
Abstract
A plethora of recent work has shown that convolutional networks are not robust to adversarial images: images that are created by perturbing a sample from the data distribution as to maximize the loss on the perturbed example. In this work, we hypothesize that adversarial perturbations move the image away from the image manifold in the sense that there exists no physical process that could have produced the adversarial image. This hypothesis suggests that a successful defense mechanism against adversarial images should aim to project the images back onto the image manifold. We study such defense mechanisms, which approximate the projection onto the unknown image manifold by a nearest-neighbor search against a web-scale image database containing tens of billions of images. Empirical evaluations of this defense strategy on ImageNet suggest that it is very effective in attack settings in which the adversary does not have access to the image database. We also propose two novel attack method
Authors
(none)
Tags
Stats
Related papers
- Retrievalguard: Provably Robust 1-nearest Neighbor Image Retrieval (2022)0.00
- Targeted Mismatch Adversarial Attack: Query With A Flower To Retrieve The Tower (2019)13.23
- Who's Afraid Of Adversarial Queries? The Impact Of Image Modifications On Content-based Image Retrieval (2019)0.00
- Adversarial Soft-detection-based Aggregation Network For Image Retrieval (2018)0.00
- Unsupervised Multi-criteria Adversarial Detection In Deep Image Retrieval (2023)0.00
- Query Attack Via Opposite-direction Feature:towards Robust Image Retrieval (2018)0.00
- Adapnet: Adaptive Noise-based Network For Low-quality Image Retrieval (2024)0.00
- Adversarial Attack On Deep Product Quantization Network For Image Retrieval (2020)11.29