期刊文献+

一种针对快速梯度下降对抗攻击的防御方法 被引量:3

A Defense Method Against FGSM Adversarial Attack
下载PDF
导出
摘要 智能舰船识别可有效提高舰船装备智能化水平,但存在安全识别问题,即使性能卓越的分类模型也会受到对抗样本的攻击。面对快速梯度下降法(FGSM)这类对抗攻击,传统的防御方法需要先推倒已经训练好的分类模型,再通过安全手段进行重新训练。为简化这一过程,提出防御FGSM对抗攻击的FGSM-Defense算法。获得分类器对对抗样本初次预测的类别排名后,按相应置信度大小排名取出指定数量的类别。在此基础上,通过暴力搜索将这些类别依次指定为攻击目标,分别对原对抗样本进行FGSM有目标攻击,并按相应规则分步缩小搜索范围,筛选出对抗样本真实的类别。实验结果表明,该算法能够准确区分对抗样本的真实类别,在ImageNet数据集上的防御成功率为53.1%。与传统防御方法相比,其无需改变原有神经网络结构和重新训练分类模型,可减少对硬件算力的依赖,降低防御成本。 Intelligent ship recognition has been widely used in the military,but it also brings increasingly serious security issues.Even the high performance classification models are still vulnerable to the attacks from adversarial examples.For Fast Gradient Sign Method(FGSM)adversarial attacks,traditional defense methods need to knock down the trained classification model and then retrain through security means.To simplify the process,this paper proposes FGSM-Defense algorithm to defend against FGSM attacks.The algorithm obtains the classification ranking of the initial prediction of the adversarial examples by the classifier,and takes out a specified number of classes in the confidence level order.Then these classes are designated as attack targets by means of violent search to carry out FGSM targeted attacks on the original adversarial examples.Finally,the search scope is narrowed step by step according to the corresponding rules to find out the original real class of the adversarial examples.Experimental results show that the method can recognize the real class of the adversarial examples,and the success rate of defense is 53.1%on ImageNet dataset.Compared with the traditional defense methods,this method does not need to change the original neural network structure or to retrain the classification model,which relieves the dependence on the computing power of hardware and reduces the defense cost.
作者 王晓鹏 罗威 秦克 杨锦涛 王敏 WANG Xiaopeng;LUO Wei;QIN Ke;YANG Jintao;WANG Min(China Ship Development and Design Center,Wuhan 430064,China;School of Electronic Information,Wuhan University,Wuhan 430072,China)
出处 《计算机工程》 CAS CSCD 北大核心 2021年第11期121-128,共8页 Computer Engineering
基金 国家自然科学基金(61701471)。
关键词 舰船识别 对抗样本 对抗攻击 快速梯度下降法 ImageNet数据集 ship recognition adversarial example adversarial attack Fast Gradient Sign Method(FGSM) ImageNet dataset
  • 相关文献

参考文献6

二级参考文献24

共引文献66

同被引文献27

引证文献3

二级引证文献5

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部