HUANG: A Robust Diffusion Model-based Targeted Adversarial Attack Against Deep Hashing Retrieval

Authors

  • Chihan Huang Nanjing University of Science and Technology
  • Xiaobo Shen Nanjing University of Science and Technology

DOI:

https://doi.org/10.1609/aaai.v39i4.32377

Abstract

Deep hashing models have achieved great success in retrieval tasks due to their powerful representation and strong information compression capabilities. However, they inherit the vulnerability of deep neural networks to adversarial perturbations. Attackers can severely impact the retrieval capability of hashing models by adding subtle, carefully crafted adversarial perturbations to benign images, transforming them into adversarial images. Most existing adversarial attacks target image classification models, with few focusing on retrieval models. We propose HUANG, the first targeted adversarial attack algorithm to leverage a diffusion model for hashing retrieval in black-box scenarios. In our approach, adversarial denoising uses adversarial perturbations and residual image to guide the shift from benign to adversarial distribution. Extensive experiments demonstrate the superiority of HUANG across different datasets, achieving state-of-the-art performance in black-box targeted attacks. Additionally, the dynamic interplay between denoising and adding adversarial perturbations in adversarial denoising endows HUANG with exceptional robustness and transferability.
AAAI-25 / IAAI-25 / EAAI-25 Proceedings Cover

Downloads

Published

2025-04-11

How to Cite

Huang, C., & Shen, X. (2025). HUANG: A Robust Diffusion Model-based Targeted Adversarial Attack Against Deep Hashing Retrieval. Proceedings of the AAAI Conference on Artificial Intelligence, 39(4), 3626–3634. https://doi.org/10.1609/aaai.v39i4.32377

Issue

Vol. 39 No. 4: AAAI-25 Technical Tracks 4

Section

AAAI Technical Track on Computer Vision III