检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:王飞宇 张帆[1] 郭威[1] WANG Feiyu;ZHANG Fan;GUO Wei(Information Engineering University,Zhengzhou 450001,China)
机构地区:[1]信息工程大学,河南郑州450001
出 处:《信息工程大学学报》2024年第4期466-471,共6页Journal of Information Engineering University
摘 要:在图像分类任务中,对抗样本可导致深度学习模型以高置信度输出错误的结果,而目前防御对抗样本的主要方法——改进分类模型的成本较高或难以防御新的攻击算法。为解决上述问题,提出一种新的基于图像去噪的对抗样本防御方法。通过向输入样本中添加高斯噪声来破坏攻击者精心设计的对抗扰动,利用Neighbor2Neighbor去噪网络来减少该样本中的噪声。实验结果表明,在ImageNet数据集上,所提方法能够对基本迭代法(Basic Iterative Method,BIM)、C&W(Carlini and Wagner)攻击和DeepFool等经典攻击进行有效防御,且其防御效果优于Com‐Defend和JPEG压缩。In image classification tasks,adversarial examples can fool the deep learning models with high confidence.At present,improving the classification model is the main method of defending adversarial examples,however,which is expensive or difficult to defend against new adversarial attack algorithms.To solve the above problems,a defense method against adversarial attacks is proposed based on image denoising.By adding Gaussian noise to the input examples,the adversarial perturbations elaborately designed by the attackers can be destroyed.Then the noise in the input examples could be decreased by using the Neighbor2Neighbor denoising network.The experiment results show that,on ImageNet dataset,the proposed method can effectively defend against the classical adversarial attacks such as basic itrative method(BIM),C&W(Carlini and Wagner)attacks,and DeepFool.And its defense effect is better than those of ComDefend and JPEG compression.
分 类 号:TP391[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15