《電子技術(shù)應(yīng)用》
您所在的位置:首頁 > 模擬設(shè)計(jì) > 設(shè)計(jì)應(yīng)用 > 基于圖像降噪的集成對抗防御模型研究
基于圖像降噪的集成對抗防御模型研究
網(wǎng)絡(luò)安全與數(shù)據(jù)治理 8期
薛晨浩,杜金浩,劉泳銳,楊婧
(1. 國家計(jì)算機(jī)網(wǎng)絡(luò)應(yīng)急技術(shù)處理協(xié)調(diào)中心山西分中心,山西太原030002; 2.國家計(jì)算機(jī)網(wǎng)絡(luò)應(yīng)急技術(shù)處理協(xié)調(diào)中心,北京100083)
摘要: 深度學(xué)習(xí)的快速發(fā)展使其在圖像識別、自然語言處理等諸多領(lǐng)域廣泛應(yīng)用。但是,學(xué)者發(fā)現(xiàn)深度神經(jīng)網(wǎng)絡(luò)容易受到對抗樣本的欺騙,使其以較高置信度輸出錯(cuò)誤結(jié)果。對抗樣本的出現(xiàn)給對安全性要求嚴(yán)格的系統(tǒng)帶來很大威脅。研究了在低層特征(LowLevel Feature)和高層特征(HighLevel Feature)對圖像進(jìn)行降噪以提升模型防御性能。在低層訓(xùn)練一個(gè)降噪自動(dòng)編碼器,并采用集成學(xué)習(xí)的思路將自動(dòng)編碼器、高斯擾動(dòng)和圖像掩碼重構(gòu)等多種方式結(jié)合;高層對ResNet18作微小改動(dòng)加入均值濾波。實(shí)驗(yàn)顯示,所提出的方法在多個(gè)數(shù)據(jù)集的分類任務(wù)上有較好的防御性能。
中圖分類號:TP391
文獻(xiàn)標(biāo)識碼:A
DOI:10.19358/j.issn.2097-1788.2023.08.011
引用格式:薛晨浩,杜金浩,劉泳銳,等.基于圖像降噪的集成對抗防御模型研究[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2023,42(8):66-71.
Research on integrated adversarial defense model based on image noise reduction
Xue Chenhao1,Du Jinhao2,Liu Yongrui1,Yang Jing1
(1National Computer Network Emergency Response Technical Team/Coordination Center of China(Shanxi), Taiyuan 030002, China; 2National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100083, China)
Abstract: The rapid development of deep learning makes it widely used in many fields such as image recognition and natural language processing. However, scholars have found that deep neural networks are easily deceived by adversarial examples, making them output wrong results with a high degree of confidence. The emergence of adversarial examples poses a great threat to systems with strict security requirements. This paper denoises the image at the lowlevel (LowLevel Feature) and highlevel features (HighLevel Feature) to improve the defense performance of the model. At the lower layer, a denoising autoencoder is trained, and the idea of integrated learning is used to combine autoencoder, Gaussian perturbation, and image mask reconstruction; the upper layer makes minor changes to ResNet18 and adds mean filtering. Experimental results show that the method proposed in this paper has better performance on the classification task of multiple data sets.
Key words : adversarial examples; integrated learning; denoising autoencoders; highlevel features

0    引言

近年來隨著計(jì)算機(jī)硬件發(fā)展帶來的算力提升和數(shù)據(jù)量的爆炸性增長,深度學(xué)習(xí)在很多任務(wù)中如圖像分類、自然語言處理等方面表現(xiàn)十分出色。深度學(xué)習(xí)正以前所未有的規(guī)模被用于解決一些棘手的科學(xué)問題,例如DNA分析、腦回路重建、自動(dòng)駕駛、藥物分析等。

但是隨著對深度學(xué)習(xí)研究的不斷深入,學(xué)者發(fā)現(xiàn)在深度學(xué)習(xí)強(qiáng)大的表現(xiàn)下也隱藏著巨大的安全隱患。2014年,Szegedy等人在研究中發(fā)現(xiàn),通過添加微小的擾動(dòng),在人眼難以察覺到的情況下,可使深度學(xué)習(xí)模型以高置信度做出錯(cuò)誤判斷。如圖1所示在給“山脈”加上擾動(dòng)之后,DNN分類器以9439%的置信度將其識別為“狗”,給“河豚”添加擾動(dòng)后,DNN分類器以100%置信度將其識別為“螃蟹”。這種通過在原始圖像上增加一些人眼難以察覺的輕微擾動(dòng)使得深度學(xué)習(xí)模型產(chǎn)生錯(cuò)誤判斷的樣本,稱為對抗樣本。


本文詳細(xì)內(nèi)容請下載:http://ihrv.cn/resource/share/2000005469




作者信息:


薛晨浩1,杜金浩2,劉泳銳1,楊婧1

(1. 國家計(jì)算機(jī)網(wǎng)絡(luò)應(yīng)急技術(shù)處理協(xié)調(diào)中心山西分中心,山西太原030002;2.國家計(jì)算機(jī)網(wǎng)絡(luò)應(yīng)急技術(shù)處理協(xié)調(diào)中心,北京100083)




微信圖片_20210517164139.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。