摘要
对抗样本防御技术是深度学习安全研究的重要一环。当前,对抗样本防御技术研究具有滞后性,只能针对对抗样本生成技术被动地改进,且往往需要根据具体的模型进行大量的训练,成本高、灵活性差。针对这些问题,提出一种基于滤波插值图像压缩的对抗样本防御方法(de la Vallée Poussin Filtered Interpolation for Image Compression, VPC),采用预处理的方式进行对抗样本防御,方法分为两个模块:压缩与重构模块。两个模块通过采样切比雪夫节点,利用滤波插值多项式进行图像压缩与重构。该方法无需训练,能够使深度神经网络(Deep Neural Network, DNN)在干净样本集上保持高准确率,在典型的对抗样本集上拥有较强的防御效果,且能够与任何DNN模型相结合,具有较高的灵活性。
Adversarial example defense is an important part of deep learning security research. At present, however, the research on adversarial example defense is limited by the technology of generating adversarial example. Moreover, defense methods require a lot of training for specific model, which is of high cost and poor flexibility. The defense method based on de la Vallée Poussin filter interpolation image compression(VPC) achieves adversarial example defense by preprocessing, which has two modules: compression module and reconstruction module. The two modules compress and reconstruct images by Chebyshev node samples and VP polynomials. VPC helps deep neural network(DNN) achieve high accuracy on clean datasets and strong defense against various adversarial examples without training. Besides, VPC can be combined with any DNN models, which suggests that it has strong flexibility.
作者
张田
杨奎武
张万里
胡学先
ZHANG Tian;YANG Kuiwu;ZHANG Wanli;HU Xuexian(Information Engineering University,Zhengzhou 450001,China)
出处
《信息工程大学学报》
2022年第6期672-678,共7页
Journal of Information Engineering University
基金
国家自然科学基金资助项目(62172433)。
关键词
深度学习
神经网络
对抗样本防御
滤波插值
deep learning
neural network
adversarial example defense
filter interpolation