摘要
针对轻量级神经网络在移动端的安全性缺乏问题,提出模型安全的反防御和二次防御方法。通过在MobileNet v2模型上改造CW算法优化器,采用旋转、添加高斯噪声以及双边滤波器平滑的传统数据增强进行防御,进而体现出反防御效果。在MobileNet v2、ShuffleNet v2和MnasNet模型上,通过改变旋转缩放因子、采用高斯-X噪声混叠模式以及调整双边滤波像素中心点直径对模型进行二次防御。实验结果表明,ASGD优化器对CW算法的反防御能力有很好的提升,同时改进的数据增强方法可以降低对抗样本的鲁棒性,提升模型二次防御能力。
Aiming at the lack of security of lightweight neural network in mobile terminal,anti-defense and secondary defense methods of model security were proposed.The CW algorithm optimizer was modified on MobileNet v2 model,and the traditional data enhancement of rotation,Gaussian noise addition and bilateral filter smoothing were used for defense,thus reflecting the anti-defense effect.On MobileNet v2,ShuffleNet v2,and MnasNet models,secondary defense was carried out by changing the rotation scaling factor,adopting Gaussian-X noise aliasing mode,and adjusting the diameter of the center point of bilateral filtering pixels.The experimental results show that ASGD optimizer has a good improvement on the anti-defense capability of CW algorithm,and the improved data enhancement method can reduce the robustness of the adversarial samples and improve the secondary defense capability of the model.
作者
曾逸夫
薛继伟
Zeng Yifu;Xue Jiwei(School of Computer and Information Technology,Northeast Petroleum University,Daqing 163318,Heilongjiang,China)
出处
《计算机应用与软件》
北大核心
2022年第3期328-335,共8页
Computer Applications and Software
基金
中国石油科技创新基金项目(2018D-5007-0302)
东北石油大学青年科学基金项目(2018QNL-56)。
关键词
轻量级神经网络
模型安全
反防御
二次防御
数据增强
对抗样本
Lightweight neural network
Model security
Anti-defense
Secondary defense
Data enhancement
Adversarial samples
