摘要
深度神经网络已被成功应用于图像分类,但研究表明深度神经网络容易受到对抗样本的攻击。提出一种移动目标防御方法,通过Bayes-Stackelberg博弈策略动态切换模型,使攻击者无法持续获得一致信息,从而阻断其构建对抗样本。成员模型的差异性是提高移动目标防御效果的关键,将成员模型之间的梯度一致性作为度量,构建新的损失函数进行训练,可有效提高成员模型之间的差异性。实验结果表明,所提出的方法能够提高图像分类系统的移动目标防御性能,显著降低对抗样本的攻击成功率。
Deep neural network has been successfully applied to image classification,but recent research work shows that deep neural network is vulnerable to adversarial attacks.A moving target defense method was proposed by means of dynamic switching model with a Bayes-Stackelberg game strategy,which could prevent an attacker from continuously obtaining consistent information and thus blocked its construction of adversarial examples.To improve the defense effect of the proposed method,the gradient consistency among the member models was taken as a measure to construct a new loss function in training for improving the difference among the member models.Experimental results show that the proposed method can improve the moving target defense performance of the image classification system and significantly reduce the attack success rate against the adversarial examples.
作者
王滨
陈靓
钱亚冠
郭艳凯
邵琦琦
王佳敏
WANG Bin;CHEN Liang;QIAN Yaguan;GUO Yankai;SHAO Qiqi;WANG Jiamin(College of Science,Zhejiang University of Science and Technology,Hangzhou 310023,China;College of Electrical Engineering,Zhejiang University,Hangzhou 310058,China;Network and Information Security Laboratory,Hangzhou Hikvision Digital Technology Co.,LTD,Hangzhou 310058,China)
出处
《网络与信息安全学报》
2021年第1期113-120,共8页
Chinese Journal of Network and Information Security
基金
国家重点研发计划(2018YFB2100400)
国家电网公司总部科技项目(5700-202019187A-0-0-00)
2019年度杭州市领军型创新团队项目。
