Collapse-Aware Triplet Decoupling for Adversarially Robust Image Retrieval
Abstract: Adversarial training has achieved substantial performance in defending image retrieval against adversarial examples. However, existing studies in deep metric learning (DML) still suffer from two major limitations: *weak adversary* and *model collapse*. In this paper, we address these two limitations by proposing **C**ollapse-**A**ware **TRI**plet **DE**coupling (**CA-TRIDE**). Specifically, TRIDE yields a stronger adversary by spatially decoupling the perturbation targets into the anchor and the other candidates. Furthermore, CA prevents the consequential model collapse, based on a novel metric, collapseness, which is incorporated into the optimization of perturbation. We also identify two drawbacks of the existing robustness metric in image retrieval and propose a new metric for a more reasonable robustness evaluation. Extensive experiments on three datasets demonstrate that CA-TRIDE outperforms existing defense methods in both conventional and new metrics. *Codes are available at https://github.com/michaeltian108/CA-TRIDE.*
Submission Number: 6048
Loading