基于双对抗机制的图像攻击算法  

Image Attack Algorithm Based on Bi-Adversary Mechanism

在线阅读下载全文

作  者:黄静琪 贾西平 陈道鑫 柏柯嘉 廖秀秀 HUANG Jingqi;JIA Xiping;CHEN Daoxin;BAI Kejia;LIAO Xiuxiu(School of Computer Science,Guangdong Polytechnic Normal University,Guangzhou 510665,China)

机构地区:[1]广东技术师范大学计算机科学学院,广州510665

出  处:《计算机工程》2021年第11期150-157,共8页Computer Engineering

基  金:国家自然科学基金(61872096);广东省普通高校重点科研项目(2019KZDXM063);广东省教育厅青年创新人才项目(2016KQNCX092)。

摘  要:图像攻击是指通过对图像添加小幅扰动使深度神经网络产生误分类。针对现有图像攻击算法在变分自编码器(VAE)防御下攻击性能不稳定的问题,在AdvGAN算法的基础上,提出基于对抗机制的AntiVAEGAN算法获取对VAE防御的稳定攻击效果。为应对AntiVAEGAN算法防御能力提升时攻击性能不稳定的问题,结合生成器与鉴别器、生成器与VAE的双对抗机制提出改进的图像攻击算法VAEAdvGAN。在MNIST和GTSRB数据集上的实验结果表明,在无防御的情况下,AntiVAEGAN和VAEAdvGAN算法几乎能达到与AdvGAN算法相同的图像分类准确率和攻击成功率,而在VAE防御的情况下,VAEAdvGAN相比AdvGAN和AntiVAEGAN算法整体攻击效果更优。Image attack can disable a deep neural network in image classification by adding a small amount of interference to the input image.However,most of the existing image attack algorithms are relatively fragile against Variational Auto-Encoder(VAE)defense.Based on the AdvGAN algorithm,an algorithm named AntiVAEGAN is proposed,which employs the adversary mechanism to penetrate VAE defenses persistent,but AntiVAEGAN suffers from a loss of attack performance when improving the defense performance.To address the problem,this paper proposes an improved image attack algorithm,VAEAdvGAN,by combining both the generator-discriminator defense mechanism and the generator-VAE defense mechanism.Experimental results on the MNIST dataset and GTSRB dataset show that without defense,AntiVAEGAN and VAEAdvGAN can achieve almost the same classification accuracy and attack success rate as AdvGAN.In the case of VAE defense,VAEAdvGAN exhibits better overall attack effect than AdvGAN and AntiVAEGAN.

关 键 词:生成对抗网络 图像攻击 对抗样本 变分自编码器防御 防御模型 

分 类 号:TP391[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象