Knowledge Commons of Institute of Automation,CAS
Hashing Fake: Producing Adversarial Perturbation for Online Privacy Protection Against Automatic Retrieval Models | |
Zhang, Xingwei1,2; Zheng, Xiaolong1,2; Mao, Wenji1,2; Zeng, Daniel Dajun1,2; Wang, Fei-Yue1,2 | |
发表期刊 | IEEE TRANSACTIONS ON COMPUTATIONAL SOCIAL SYSTEMS |
ISSN | 2329-924X |
2022-09-30 | |
页码 | 11 |
通讯作者 | Zheng, Xiaolong(xiaolong.zheng@ia.ac.cn) |
摘要 | The wide application of deep neural networks (DNNs) has significantly improved the performance of hashing models on multimodal retrieval issues. DNN-based deep models can automatically learn semantic features from raw data to make human-level decisions. However, the superior generalization leads to potential privacy leakage risks. Strong DNN-based retrieval models enable malicious crawlers to search for nontag private information based on semantic similarity matching. Hence, executing effective privacy protection mechanisms against those retrieval software is essential for reliable social website construction. In this article, we propose a retrieval task-based adversarial perturbation generation method called Hashing Fake to meet this request. Specifically, DNNs are recently found to be vulnerable to a specific set of attacks called adversarial perturbations, which denote some magnitude-restricted signals added on objective samples to misguide well-crafted DNN models, and perturbations' magnitudes are small enough that will not induce humans' perception. Moreover, since existing adversarial perturbation generation methods are designed for supervised tasks, Hashing Fake constructs a differential approximation substitution for perturbation production on unsupervised retrieval tasks. Through extensive experiments on several deep retrieval benchmarks, we demonstrate that well-crafted perturbations using Hashing Fake can effectively misguide objective models' recognitions to make false predictions. The added norm-restricted perturbations on objective samples will not alter humans' perception; hence, Hashing Fake can be applied on real-world social websites to protect subscribers' privacy against malicious retrieval software. |
关键词 | Perturbation methods Semantics Computational modeling Codes Task analysis Privacy Software Adversarial perturbation deep neural network (DNN) privacy protection semantic retrieval |
DOI | 10.1109/TCSS.2022.3204120 |
收录类别 | SCI |
语种 | 英语 |
资助项目 | Ministry of Science and Technology of China[2020AAA0108401] ; Natural Science Foundation of China[72225011] ; Natural Science Foundation of China[71621002] |
项目资助者 | Ministry of Science and Technology of China ; Natural Science Foundation of China |
WOS研究方向 | Computer Science |
WOS类目 | Computer Science, Cybernetics ; Computer Science, Information Systems |
WOS记录号 | WOS:000865074900001 |
出版者 | IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC |
引用统计 | |
文献类型 | 期刊论文 |
条目标识符 | http://ir.ia.ac.cn/handle/173211/50353 |
专题 | 多模态人工智能系统全国重点实验室_互联网大数据与信息安全 多模态人工智能系统全国重点实验室_平行智能技术与系统团队 |
通讯作者 | Zheng, Xiaolong |
作者单位 | 1.Univ Chinese Acad Sci, Sch Artificial Intelligence, Beijing 101408, Peoples R China 2.Chinese Acad Sci, State Key Lab Management & Control Complex Syst, Inst Automat, Beijing 100080, Peoples R China |
第一作者单位 | 中国科学院自动化研究所 |
通讯作者单位 | 中国科学院自动化研究所 |
推荐引用方式 GB/T 7714 | Zhang, Xingwei,Zheng, Xiaolong,Mao, Wenji,et al. Hashing Fake: Producing Adversarial Perturbation for Online Privacy Protection Against Automatic Retrieval Models[J]. IEEE TRANSACTIONS ON COMPUTATIONAL SOCIAL SYSTEMS,2022:11. |
APA | Zhang, Xingwei,Zheng, Xiaolong,Mao, Wenji,Zeng, Daniel Dajun,&Wang, Fei-Yue.(2022).Hashing Fake: Producing Adversarial Perturbation for Online Privacy Protection Against Automatic Retrieval Models.IEEE TRANSACTIONS ON COMPUTATIONAL SOCIAL SYSTEMS,11. |
MLA | Zhang, Xingwei,et al."Hashing Fake: Producing Adversarial Perturbation for Online Privacy Protection Against Automatic Retrieval Models".IEEE TRANSACTIONS ON COMPUTATIONAL SOCIAL SYSTEMS (2022):11. |
条目包含的文件 | 条目无相关文件。 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论