摘要
为降低对抗样本的影响,提高分类模型在遭受攻击威胁下的精度,利用哺乳动物视觉系统工作原理,结合注意力机制,提出一种新型防御对抗样本模型PSCAM-GAN(Parallel Spatial and Channel Attention Mechanism Adversarial Generative Network)。该防御模型在通过编码器获得对抗样本的特征图后,使用平行注意力机制提取特征图中的个体和位置信息,然后在保证这些特征不变的情况下,重新调整特征图的权重,通过解码器产生净化结果。该方法能在清除恶意扰动的同时保持净化结果与输入的一致性,有效降低对抗样本对模型精度的影响。在CIFAR-10和MNIST数据集上,PSCAM-GAN面对多种对抗样本攻击时的防御效果超越了其他基于预处理的防御方法,能有效提高模型的健壮性。
We have the effect of adversarial examples is reduced and the accuracy of the classification model is improved under the threat. Inspired by the mammalian visual modality, we proposed a purification defense method using a novel parallel attention mechanism to mitigate the effect of adversarial examples, called PSCAM-GAN(Parallel Spatial and Channel Attention Mechanism Adversarial Generative Network). The defense model first generates the feature map through the encoder, the parallel attention module is used to extract the object and space information. Under the condition that these features remain unchanged, the weight of the feature map is readjusted generating purification results by decoder. This method can keep the consistency between the purification result and the input while removing malicious perturbation, and effectively reduce the influence of adversarial samples on the model accuracy. The robustness of the model is evaluated through various types of attacks on CIFAR-10 and MNIST dataset. The experiments show that PSCAM-GAN completely surpassed other pre-processing based defense methods. These mean the defense method can effectively improve the robustness of the original models.
作者
赵杰
郭东
ZHAO Jie;GUO Dong(College of Computer Science and Technology,Jilin University,Changchun 130012,China)
出处
《吉林大学学报(信息科学版)》
CAS
2022年第5期846-855,共10页
Journal of Jilin University(Information Science Edition)
关键词
深度学习
对抗样本
对抗生成网络
图像分类
deep learning
adversarial examples
generative adversarial networks
image classification
