Collapse-Aware Triplet Decoupling for Adversarially Robust Image Retrieval

Qiwei Tian; Chenhao Lin; Zhengyu Zhao; Qian Li; Chao Shen

Collapse-Aware Triplet Decoupling for Adversarially Robust Image Retrieval

Qiwei Tian
, Chenhao Lin
, Zhengyu Zhao
, Qian Li
, Chao Shen

Faculty of Electronic and Information Engineering

Xi'an Jiaotong University

Research output: Contribution to journal › Conference article › peer-review

1 Scopus citations

Abstract

Adversarial training has achieved substantial performance in defending image retrieval against adversarial examples. However, existing studies in deep metric learning (DML) still suffer from two major limitations: weak adversary and model collapse. In this paper, we address these two limitations by proposing Collapse-Aware TRIplet DEcoupling (CA-TRIDE). Specifically, TRIDE yields a stronger adversary by spatially decoupling the perturbation targets into the anchor and the other candidates. Furthermore, CA prevents the consequential model collapse, based on a novel metric, collapseness, which is incorporated into the optimization of perturbation. We also identify two drawbacks of the existing robustness metric in image retrieval and propose a new metric for a more reasonable robustness evaluation. Extensive experiments on three datasets demonstrate that CA-TRIDE outperforms existing defense methods in both conventional and new metrics. Codes are available at https://github.com/michaeltian108/CA-TRIDE.

Original language	English
Pages (from-to)	48139-48153
Number of pages	15
Journal	Proceedings of Machine Learning Research
Volume	235
State	Published - 2024
Event	41st International Conference on Machine Learning, ICML 2024 - Vienna, Austria Duration: 21 Jul 2024 → 27 Jul 2024

Cite this

@article{66dd3d0b29cb42a7a74842affeb7ed6b,

title = "Collapse-Aware Triplet Decoupling for Adversarially Robust Image Retrieval",

abstract = "Adversarial training has achieved substantial performance in defending image retrieval against adversarial examples. However, existing studies in deep metric learning (DML) still suffer from two major limitations: weak adversary and model collapse. In this paper, we address these two limitations by proposing Collapse-Aware TRIplet DEcoupling (CA-TRIDE). Specifically, TRIDE yields a stronger adversary by spatially decoupling the perturbation targets into the anchor and the other candidates. Furthermore, CA prevents the consequential model collapse, based on a novel metric, collapseness, which is incorporated into the optimization of perturbation. We also identify two drawbacks of the existing robustness metric in image retrieval and propose a new metric for a more reasonable robustness evaluation. Extensive experiments on three datasets demonstrate that CA-TRIDE outperforms existing defense methods in both conventional and new metrics. Codes are available at https://github.com/michaeltian108/CA-TRIDE.",

author = "Qiwei Tian and Chenhao Lin and Zhengyu Zhao and Qian Li and Chao Shen",

year = "2024",

language = "英语",

volume = "235",

pages = "48139--48153",

journal = "Proceedings of Machine Learning Research",

issn = "2640-3498",

publisher = "ML Research Press",

}

TY - JOUR

T1 - Collapse-Aware Triplet Decoupling for Adversarially Robust Image Retrieval

AU - Tian, Qiwei

AU - Lin, Chenhao

AU - Zhao, Zhengyu

AU - Li, Qian

AU - Shen, Chao

PY - 2024

Y1 - 2024

N2 - Adversarial training has achieved substantial performance in defending image retrieval against adversarial examples. However, existing studies in deep metric learning (DML) still suffer from two major limitations: weak adversary and model collapse. In this paper, we address these two limitations by proposing Collapse-Aware TRIplet DEcoupling (CA-TRIDE). Specifically, TRIDE yields a stronger adversary by spatially decoupling the perturbation targets into the anchor and the other candidates. Furthermore, CA prevents the consequential model collapse, based on a novel metric, collapseness, which is incorporated into the optimization of perturbation. We also identify two drawbacks of the existing robustness metric in image retrieval and propose a new metric for a more reasonable robustness evaluation. Extensive experiments on three datasets demonstrate that CA-TRIDE outperforms existing defense methods in both conventional and new metrics. Codes are available at https://github.com/michaeltian108/CA-TRIDE.

AB - Adversarial training has achieved substantial performance in defending image retrieval against adversarial examples. However, existing studies in deep metric learning (DML) still suffer from two major limitations: weak adversary and model collapse. In this paper, we address these two limitations by proposing Collapse-Aware TRIplet DEcoupling (CA-TRIDE). Specifically, TRIDE yields a stronger adversary by spatially decoupling the perturbation targets into the anchor and the other candidates. Furthermore, CA prevents the consequential model collapse, based on a novel metric, collapseness, which is incorporated into the optimization of perturbation. We also identify two drawbacks of the existing robustness metric in image retrieval and propose a new metric for a more reasonable robustness evaluation. Extensive experiments on three datasets demonstrate that CA-TRIDE outperforms existing defense methods in both conventional and new metrics. Codes are available at https://github.com/michaeltian108/CA-TRIDE.

UR - https://www.scopus.com/pages/publications/85203791199

M3 - 会议文章

AN - SCOPUS:85203791199

SN - 2640-3498

VL - 235

SP - 48139

EP - 48153

JO - Proceedings of Machine Learning Research

JF - Proceedings of Machine Learning Research

T2 - 41st International Conference on Machine Learning, ICML 2024

Y2 - 21 July 2024 through 27 July 2024

ER -

Collapse-Aware Triplet Decoupling for Adversarially Robust Image Retrieval

Abstract

Other files and links

Fingerprint

Cite this