基于空洞卷积的对抗样本防御技术  

Adversarial example defenses based on atrous convolution

在线阅读下载全文

作  者:涂生辉 杨锦涛 李立夏[2] 王赢[2] 江昊[1] TU Shenghui;YANG Jintao;LI Lixia;WANG Ying;JIANG Hao(School of Electronic Information,Wuhan University,Wuhan 430072,China;Wuhan Digital Engineering Institute,Wuhan 430074,China)

机构地区:[1]武汉大学电子信息学院,湖北武汉430072 [2]武汉数字工程研究所,湖北武汉430074

出  处:《武汉大学学报(工学版)》2023年第5期625-633,共9页Engineering Journal of Wuhan University

摘  要:深度神经网络容易受到对抗性样本的欺骗,攻击者将人眼难以察觉的扰动添加至原始图像中,会导致原本表现良好的网络模型输出错误的分类。为此,提出一种基于空洞卷积的对抗样本防御技术,通过高效的搜索算法得到空洞卷积层结构,使用残差密集块依次对图像特征进行压缩,并对低维特征进行图像重建,最终得到扰动滤除后的重建图像。该技术可作为预处理过程添加至已存在的图像分类任务中。在MNIST(Modified National Institute of Standards and Technology)和CIFAR(Canadian Institutes for Advanced Research)-10上的实验表明,提出的防御网络对多种先进的对抗样本攻击均有较好的防御性能,可以显著提高基分类器的抗攻击能力。Deep neural network is easily deceived by adversarial samples.Attackers add disturbances that are imperceptible to the human eye to original images,which will cause the originally well-performing network model to output incorrect classifications.Therefore,an adversarial sample defense method based on atrous convolution is proposed.The atrous convolution layer structure is obtained through an efficient search algorithm,and the residual dense blocks are used to sequentially compress the image features and reconstruct the low-dimensional features.Finally,the reconstructed image after disturbance filtering is obtained.It can be used as a preprocessing process to add to an existing image classification task.Experiments on MNIST(Modified National Institute of Standards and Technology)and CIFAR(Canadian Institutes for Advanced Research)-10 show that the proposed defense network based on atrous convolution has outstanding defense performance against a variety of advanced adversarial sample attacks,and significantly improve the ability of the base classifier to against attacks.

关 键 词:深度神经网络 空洞卷积 特征压缩 图像重建 对抗样本防御 

分 类 号:TP183[自动化与计算机技术—控制理论与控制工程]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象