基于平行注意力机制的对抗样本防御方法  被引量:1

Adversarial Examples Defense Method Base on Parallel Attention Mechanism

在线阅读下载全文

作  者:赵杰 郭东[1] ZHAO Jie;GUO Dong(College of Computer Science and Technology,Jilin University,Changchun 130012,China)

机构地区:[1]吉林大学计算机科学与技术学院,长春130012

出  处:《吉林大学学报(信息科学版)》2022年第5期846-855,共10页Journal of Jilin University(Information Science Edition)

摘  要:为降低对抗样本的影响,提高分类模型在遭受攻击威胁下的精度,利用哺乳动物视觉系统工作原理,结合注意力机制,提出一种新型防御对抗样本模型PSCAM-GAN(Parallel Spatial and Channel Attention Mechanism Adversarial Generative Network)。该防御模型在通过编码器获得对抗样本的特征图后,使用平行注意力机制提取特征图中的个体和位置信息,然后在保证这些特征不变的情况下,重新调整特征图的权重,通过解码器产生净化结果。该方法能在清除恶意扰动的同时保持净化结果与输入的一致性,有效降低对抗样本对模型精度的影响。在CIFAR-10和MNIST数据集上,PSCAM-GAN面对多种对抗样本攻击时的防御效果超越了其他基于预处理的防御方法,能有效提高模型的健壮性。We have the effect of adversarial examples is reduced and the accuracy of the classification model is improved under the threat. Inspired by the mammalian visual modality, we proposed a purification defense method using a novel parallel attention mechanism to mitigate the effect of adversarial examples, called PSCAM-GAN(Parallel Spatial and Channel Attention Mechanism Adversarial Generative Network). The defense model first generates the feature map through the encoder, the parallel attention module is used to extract the object and space information. Under the condition that these features remain unchanged, the weight of the feature map is readjusted generating purification results by decoder. This method can keep the consistency between the purification result and the input while removing malicious perturbation, and effectively reduce the influence of adversarial samples on the model accuracy. The robustness of the model is evaluated through various types of attacks on CIFAR-10 and MNIST dataset. The experiments show that PSCAM-GAN completely surpassed other pre-processing based defense methods. These mean the defense method can effectively improve the robustness of the original models.

关 键 词:深度学习 对抗样本 对抗生成网络 图像分类 

分 类 号:TP391[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象