Backdoor Attack On Hash-based Image Retrieval Via Clean-label Data Poisoning
2021 Β· Kuofeng Gao, Jiawang Bai, Bin Chen, et al.
Abstract
A backdoored deep hashing model is expected to behave normally on original query images and return the images with the target label when a specific trigger pattern presents. To this end, we propose the confusing perturbations-induced backdoor attack (CIBA). It injects a small number of poisoned images with the correct label into the training data, which makes the attack hard to be detected. To craft the poisoned images, we first propose the confusing perturbations to disturb the hashing code learning. As such, the hashing model can learn more about the trigger. The confusing perturbations are imperceptible and generated by optimizing the intra-class dispersion and inter-class shift in the Hamming space. We then employ the targeted adversarial patch as the backdoor trigger to improve the attack performance. We have conducted extensive experiments to verify the effectiveness of our proposed CIBA. Our code is available at https://github.com/KuofengGao/CIBA.
Authors
(none)
Tags
Stats
Code
Related papers
- Clean Image May Be Dangerous: Data Poisoning Attacks Against Deep Hashing (2025)0.00
- Badhash: Invisible Backdoor Attacks Against Deep Hashing With Clean Label (2022)11.19
- Darkhash: A Data-free Backdoor Attack Against Deep Hashing (2025)2.26
- Diffhash: Text-guided Targeted Attack Via Diffusion Models Against Deep Hashing Image Retrieval (2025)0.00
- Targeted Attack For Deep Hashing Based Retrieval (2020)13.65
- Model Inversion Attack Against Deep Hashing (2025)0.00
- Unsupervised Multi-criteria Adversarial Detection In Deep Image Retrieval (2023)0.00
- Cgat: Center-guided Adversarial Training For Deep Hashing-based Retrieval (2022)8.42