摘要
在原始图像数据集中,添加特殊的细微扰动能形成对抗样本,经这类样本攻击的深度神经网络等模型可能以高置信度给出错误输出,然而当前大部分检测对抗样本的方法有许多前提条件,限制了其检测能力.针对这一问题,该文提出一个二分类判别网络模型,通过多层卷积神经网络来提取样本数据的主要特征;应用特殊的判别目标函数,结合不同程度的噪声数据来训练并优化网络模型,以提高模型检测对抗样本的能力;模型采用端到端的方式,可直接部署到目标模型的源样本中来检测对抗样本的存在,亦可进行大规模应用.实验结果表明:该模型的检测率优于其他相关模型.
The deep neural network is vulnerable to the attack of adversarial samples that are generated by adding small but special perturbations to the original datasets,resulting in the network model giving error output with high confidence.Additionally,most of the detection methods of adversarial samples need to have many preconditions when detecting,and the whole detection ability is limited.Therefore,a binary discrimination network is proposed to effectively improve the detection rate of the adversarial samples,which extracts the main features of the sample data in the way of multi-layer convolution,trains the network with different levels of noise data,and continuously optimizes the network model with unique discriminant objective function.The model can be directly deployed to the source data of the target model to detect the presence of adversarial samples,and can be used on a large scale by an end-to-end way.Experimental results show that the detection rate of this model is better than that of other comparison models.
作者
曾利宏
张巍
滕少华
ZENG Lihong;ZHANG Wei;TENG Shaohua(School of Computers,Guangdong University of Technology,Guangzhou Guangdong 510006,China)
出处
《江西师范大学学报(自然科学版)》
CAS
北大核心
2021年第3期285-291,共7页
Journal of Jiangxi Normal University(Natural Science Edition)
基金
广东省重点领域研发计划(2020B010166006)
国家自然科学基金(61972102)
广东省教育厅课题(粤教高[2018]179号,粤教高函[2018]1号)
广州市科技计划(201903010107,201802030011,201802010026,201802010042,201604046017)资助项目.
关键词
二分类判别网络
深度神经网络
对抗样本
检测
binary discrimination network
deep neural network
adversarial samples
detection
