信息安全领域中鲁棒的深度学习及其应用研究

Robust Deep learning and its application in information security

本文初步探索了深度学习模型脆弱性,存在的潜在原因之一归结于其网络结构中高度敏感的局部线性行为。而对抗性训练的提出,旨在对抗扰动的训练集上训练深度学习模型,是一种有效的正则化方法,可缓解其脆弱性问题。由于传统对抗性训练算法依赖于已知攻击算法,在抵御其攻击时性能十分有限,而基于特征掩膜(Feature Mask)和特征填补(Feature Padding)的对抗性训练防御策略的提出,不仅不依赖于对抗样本,还能提高深度学习模型的鲁棒性及安全性,并在公开交通标识识别和人脸识别数据集上,验证了所提对抗性训练防御策略在对抗环境下较优的防御性能。

This article has initially explored the vulnerability of deep learning models. One of the potential reasons for this is due to its highly sensitive local linear behavior in the network structure. The adversarial training proposed to train deep learning models against the perturbed training set is an effective regularization method that can alleviate its vulnerability. While traditional adversarial training algorithms rely on known attack algorithms,their performance is very limited when resisting them. Advance adversarial training defense strategies based on feature mask and feature padding without relying on adversarial examples are proposed in this paper to improve the robustness and security of the DL models,and verifies the better defense performance of our proposed adversarial training defense mechanisms on public traffic sign and face recognition datasets in the adversarial scenario.