期刊文献+

GAN图像对抗样本生成方法 被引量:7

Method for Image Adversarial Samples Generating Based on GAN
下载PDF
导出
摘要 为了提高生成对抗网络模型对抗样本的多样性和攻击成功率,提出了一种GAN图像对抗样本生成方法。首先,利用原始样本集整体训练一个深度卷积对抗生成网络G1,模拟原始样本集分布;其次,在黑盒攻击场景下,利用模型蒸馏方法对目标模型进行黑盒复制,获取目标模型的本地复制;然后以G1的输出作为输入,以蒸馏模型作为目标模型,训练生成对抗网络G2,在有目标攻击情况下还需输入目标类别,G2用以生成输入数据针对目标类别的扰动;最后将样本与扰动相加并以像素灰度值区间进行规范化,得到对抗样本。实验结果表明,在相同输入条件下该方法产生图像对抗样本平均SSIM指标、MI指标和Cosin相似度分别降低50.7%、10.96%和28.7%,平均均方误差值(MSE)和图像指纹的海明距离分别提升7.6%和1974.80,同时MNIST数据集和CIFAR10数据集下模型平均攻击成功率在95%以上。 In order to improve the diversity of adversarial samples and the success rate of attacks,a GAN image adversarial sample generation method is proposed.Firstly,the original sample set is used to train a deep convolutional generative adversarial network G1 to simulate the distribution of the original sample set.Secondly,in the black box attack scenario,the model distillation method is used to copy the target model in black box to obtain the local copy of the target model.Then the output of G1 is taken as input and the distillation model as the target model to train the generative adversarial network G2.In the case of target attack,the target category is also needed to be entered.G2 is used to generate the disturbance of the input data against the target category.Finally,the sample and the disturbance are added and the pixel gray value interval is normalized to obtain the adversarial sample.Experimental results show that under the same input conditions,the average of SSIM index,MI index and Cosin similarity of the image generated by this method are reduced by 50.7%,10.96%and 28.7%respectively,the average MSE(mean square error)value and Hamming distance of fingerprint are increased by 7.6%and 1974.80 respectively,and the average attack success rate of the model under the MNIST dataset and the CIFAR10 dataset is above 95%.
作者 王曙燕 金航 孙家泽 WANG Shuyan;JIN Hang;SUN Jiaze(School of Computer Science,Xi’an University of Posts&Telecommunications,Xi'an 710121,China)
出处 《计算机科学与探索》 CSCD 北大核心 2021年第4期702-711,共10页 Journal of Frontiers of Computer Science and Technology
基金 陕西省重点研发计划项目(2020GY-010) 西安市科技计划项目(2019218114GXRC017CG018-GXYD17.10) 西安邮电大学研究生创新基金项目(CXJJLY2019065)。
关键词 神经网络 对抗样本 生成对抗网络(GAN) 模型蒸馏 图像多样性 neural networks adversarial sample generative adversarial network(GAN) model distillation image diversity
  • 相关文献

参考文献2

二级参考文献11

共引文献48

同被引文献24

引证文献7

二级引证文献35

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部