Targeted Universal Adversarial Attack on Deep Hash Networks

Deep hash networks have garnered significant attention due to their efficiency and ability to learn discriminative embeddings for approximate nearest neighbor search. However, it is observed that deep hash networks are vulnerable to adversarial interference, which is an important security problem. Despite the growing interest in targeted attack on deep hash networks, it suffers from a scarcity of research on generating universal adversarial perturbations which are unrelated to the specific images. In this paper, we introduce a novel Targeted Universal adversarial Attack (TUA) on deep hash networks. Our framework consists of two key components: a ReferenceNet and a universal generative adversarial network. Specifically, ReferenceNet is designed to generate category-level representative reference codes for the target labels by introducing a cosine similarity based reference loss. Additionally, we feed the fixed random noise and target labels into the generator to learn universal adversarial perturbations. Particularly, the reference codes are used to optimize the generator by minimizing the Hamming distances between the hash codes of the adversarial examples and the reference codes. Extensive experiments on three common datasets validate the superior targeted attack performance, transferability, and universality of our method compared with state-of-the-art targeted attack methods on deep hash networks.