面向对抗样本攻击的移动目标防御  

Moving target defense against adversarial attacks

在线阅读下载全文

作  者:王滨 陈靓[1] 钱亚冠[1] 郭艳凯 邵琦琦 王佳敏 WANG Bin;CHEN Liang;QIAN Yaguan;GUO Yankai;SHAO Qiqi;WANG Jiamin(College of Science,Zhejiang University of Science and Technology,Hangzhou 310023,China;College of Electrical Engineering,Zhejiang University,Hangzhou 310058,China;Network and Information Security Laboratory,Hangzhou Hikvision Digital Technology Co.,LTD,Hangzhou 310058,China)

机构地区:[1]浙江科技学院大数据学院,浙江杭州310023 [2]浙江大学电气工程学院,浙江杭州310058 [3]海康威视数字技术有限公司网络与信息安全实验室,浙江杭州310058

出  处:《网络与信息安全学报》2021年第1期113-120,共8页Chinese Journal of Network and Information Security

基  金:国家重点研发计划(2018YFB2100400);国家电网公司总部科技项目(5700-202019187A-0-0-00);2019年度杭州市领军型创新团队项目。

摘  要:深度神经网络已被成功应用于图像分类,但研究表明深度神经网络容易受到对抗样本的攻击。提出一种移动目标防御方法,通过Bayes-Stackelberg博弈策略动态切换模型,使攻击者无法持续获得一致信息,从而阻断其构建对抗样本。成员模型的差异性是提高移动目标防御效果的关键,将成员模型之间的梯度一致性作为度量,构建新的损失函数进行训练,可有效提高成员模型之间的差异性。实验结果表明,所提出的方法能够提高图像分类系统的移动目标防御性能,显著降低对抗样本的攻击成功率。Deep neural network has been successfully applied to image classification,but recent research work shows that deep neural network is vulnerable to adversarial attacks.A moving target defense method was proposed by means of dynamic switching model with a Bayes-Stackelberg game strategy,which could prevent an attacker from continuously obtaining consistent information and thus blocked its construction of adversarial examples.To improve the defense effect of the proposed method,the gradient consistency among the member models was taken as a measure to construct a new loss function in training for improving the difference among the member models.Experimental results show that the proposed method can improve the moving target defense performance of the image classification system and significantly reduce the attack success rate against the adversarial examples.

关 键 词:对抗样本 移动目标防御 Bayes-Stackelberg博弈 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象