Nesterov动量迭代降噪对抗攻击算法NMI-FGSM&Whey

Nesterov Momentum Iterative Noise Reduction Adversarial Attack Algorithm

目前基于深度神经网络的图像分类器易受到对抗样本的攻击,而对抗样本往往是某种算法攻击原始样本所生成的特定图像.本文针对攻击算法的弱鲁棒性及低隐蔽性提出一种基于Nesterov-Momentum动量迭代以及Whey优化的NMI-FGSM&Whey攻击算法.首先在一般动量迭代攻击中加入Nesterov项,其次于生成对抗样本之后对图像实行Whey优化,在保证攻击性能的情况下有效地去除多余噪声.实验部分以Inception-v3、Resnet-152和IncRes-v2三种分类模型为基础,结合单模型攻击和融合模型攻击对比了多种攻击方法.实验结果表明所提算法在白盒模式中展现出较强的攻击力,并在有效减少噪声强度的同时于黑盒情景中呈现出较好的迁移性能.

At present,image classifiers based on deep neural network are vulnerable to the attack of adversarial example,which are often the specific images generated by some algorithm attacking the original samples.This paper proposes a NMI-FGSM & Whey attack based on nesterov-momentum iteration and Whey optimization for weak robustness and low concealability of attack algorithms.This algorithm firstly adds the Nesterov term to the general momentum iterative attack,and then Whey optimization to the image after the generation of counter samples,so as to remove redundant noise effectively under the condition of ensuring the attack performance.Experiment part was based on the initial-v3,resnet-152 and incres-v2 classification models,combined with the single model attack and ensemble model attack.The results show that the proposed method has strong attack power in white box mode and good migration performance in black box scenario while effectively reduce the noise’s intensity of the image.