摘要
深度学习目前被广泛应用于计算机视觉、机器人技术和自然语言处理等领域。然而,已有研究表明,深度神经网络在对抗样本面前很脆弱,一个精心制作的对抗样本就可以使深度学习模型判断出错。现有的研究大多通过产生微小的Lp范数扰动来误导分类器的对抗性攻击,但是取得的效果并不理想。本文提出一种新的对抗攻击方法——图像着色攻击,将输入样本转为灰度图,设计一种灰度图上色方法指导灰度图着色,最终利用经过上色的图像欺骗分类器实现无限制攻击。实验表明,这种方法制作的对抗样本在欺骗几种最先进的深度神经网络图像分类器方面有不俗表现,并且通过了人类感知研究测试。
Deep learning is now widely used in areas such as computer vision,robotics,and natural language processing.However,it has been shown that deep neural networks are vulnerable to adversarial examples,and a single carefully crafted adversarial example can make deep learning models misjudge.Most of the existing studies mislead the adversarial attack on classifiers by generating a small perturbation of the L p paradigm,but the results achieved are not satisfactory.In this paper,we propose a new adversarial attack method,colorization adversarial attack,which converts the input samples into grayscale maps,designs a grayscale coloring method to guide the grayscale map coloring,and finally uses the colorized images to deceive the classifier to achieve unrestricted attacks.Experiments show that the adversarial examples produced by this method performs well in deceiving several state-of-the-art deep neural network image classifiers and passes human perception research tests.
作者
李世宝
王杰伟
崔学荣
刘建航
黄庭培
LI Shi-bao;WANG Jie-wei;CUI Xue-rong;LIU Jian-hang;HUANG Ting-pei(College of Oceanography and Space Informatics,China University of Petroleum(East China),Qingdao 266580,China;College of Computer Science and Technology,China University of Petroleum(East China),Qingdao 266580,China)
出处
《计算机与现代化》
2022年第11期52-59,共8页
Computer and Modernization
基金
国家自然科学基金资助项目(61972417,61872385,61902431,91938204)
中央高校基本科研业务费专项资金资助项目(19CX05003A-4)。
关键词
对抗攻击
灰度图着色
对抗样本
无限制攻击
adversarial attack
colorization
adversarial examples
unrestricted attack
