基于生成对抗网络的多目标类别对抗样本生成算法  被引量：3

作　　者：李建 郭延明 于天元 武与伦 王翔汉 老松杨[1] LI Jian;GUO Yan-ming;YU Tian-yuan;WU Yu-lun;WANG Xiang-han;LAO Song-yang(College of Systems Engineering,National University of Defense Technology,Changsha 410073,China)

机构地区：[1]国防科技大学系统工程学院,长沙410073

出　　处：《计算机科学》2022年第2期83-91,共9页Computer Science

摘　　要：深度神经网络在很多领域表现出色,但是研究表明其很容易受到对抗样本的攻击。目前针对神经网络进行攻击的算法众多,但绝大多数攻击算法的攻击速度较慢,因此快速生成对抗样本逐渐成为对抗样本领域的研究重点。AdvGAN是一种使用网络攻击网络的算法,生成对抗样本的速度极快,但是当进行有目标攻击时,其要为每个目标训练一个网络,使攻击的效率较低。针对上述问题,提出了一种基于生成对抗网络的多目标攻击网络MTA,在进行攻击时MTA仅需要训练一次就可以完成多目标攻击并快速生成对抗样本。实验结果表明,MTA在CIFAR10和MNIST数据集上有目标攻击的成功率高于AdvGAN。文中还做了对抗样本的迁移实验和防御背景下的攻击实验,结果表明,MTA生成的对抗样本的迁移性比其他多目标攻击算法更强,而且在防御背景下攻击成功率更高。Although deep neural networks perform well in many areas,research shows that deep neural networks are vulnerable to attacks from adversarial examples.There are many algorithms for attacking neural networks,but the attack speed of most attack algorithms is slow.Therefore,the rapid generation of adversarial examples has gradually become the focus of research in the area of adversarial examples.AdvGAN is an algorithm that uses the network to attack another network,which can generate adversarial samples extremely faster than other methods.However,when carrying out a targeted attack,AdvGAN needs to train a network for each target,so the efficiency of the attack is low.In this article,we propose a multi-target attack network(MTA)based on the generative adversarial network,which can complete multi-target attacks and quickly generate adversarial examples by training only once.Experiments show that MTA has a higher success rate for targeted attacks on the CIFAR10 and MNIST datasets than AdvGAN.We have also done adversarial sample transfer experiments and attack experiments under defense.The results show that the transferability of the adversarial examples generated by MTA is stronger than other multi-target attack algorithms,and our MTA method also has a higher attack success rate under defense.

关 键 词：神经网络 对抗攻击 生成对抗网络 多目标攻击 对抗样本 

分 类 号：TP183[自动化与计算机技术—控制理论与控制工程] TP391.41[自动化与计算机技术—控制科学与工程]