PIHA: Detection method using perceptual image hashing against query-based adversarial attacks

Abstract

As a representative adversarial example generation method in a black-box scenario, query-based adversarial attack has recently been highlighted due to its high attack success rate and feasibility. To provide the robustness against query-based adversarial attacks, the state-of-the-art defense methods use similarity of queries. Among them, two state-of-the-art defense methods have shown the good performance in the number of detected attack queries: (1) Stateful Detection; and (2) Blacklight. In this paper, we first propose two simple but effective mitigation strategies(i.e., parallelization and brightness adjustment) to show how to mitigate the robustness of the state-of-the-art defense methods. Next, we propose a new defense method, which uses the concept of perceptual hashing. Given a query image, the proposed defense method generates a hash sequence using a perceptual image hashing scheme, called PIHA, and compares the hash sequence with those of previous queries to detect query-based adversarial attacks. Here, a hash sequence has invariance to small perturbations and color changes when detecting query-based adversarial attacks. From the experimental results under various conditions, we show that the proposed defense method provides good robustness against well-known query-based adversarial attacks without or with mitigation strategies applied.