摘要
随着机器学习算法在自动驾驶、入侵检测、工业互联网领域的广泛使用,针对机器学习的对抗性攻击日益频繁。针对目前图像语义对抗样本生成方法存在扰动范围不可控或对原样本改动过大的问题,该文分析了神经网络对抗样本的生成方法与防御方法,改进了语义对抗样本的生成方式,提出颜色扰动与物体检测的双语义对抗样本生成方法。仿真结果表明,在经过ComDefend和特征压缩防御处理后,相较于传统FGSM,BIM,PGD,DeepFool和C&W 5种攻击方法,该文所提出的对抗样本生成方法的攻击成功率明显提高,样本真实性相较于传统方法大幅提升,并且仿真结果表明该方法具有更好的鲁棒性。
With the widely use of machine learning algorithms in the fields of autopilot,intrusion detection and industrial Internet,adversarial attacks against machine learning are increasingly frequent.To overcome uncontrollable disturbance range or excessive changes to the original sample in the current image semantic adversarial sample generation method,this paper analyzes the generation method and the defense method of neural network adversarial samples,improves the generation method of semantic adversarial samples,and proposes semantic adversarial sample generation methods based on region restriction and color disturbance.The simulation results show that after ComDefend and feature compression defense processing,the attack success rate of adversarial samples is improved when compared with FGSM,BIM,PGD,DeepFool,and C&W,and the authenticity and robustness are significantly improved.
作者
李涛
刘超
LI Tao;LIU Chao(Joint Logistic Support Force,Wuhan 430000,China;College of Safety Science and Engineering,Civil Aviation University of China,Tianjin 300300,China;College of Intelligence and Computing,Tianjin University,Tianjin 300354,China)
出处
《自动化与仪表》
2023年第5期18-21,100,共5页
Automation & Instrumentation
关键词
语义对抗样本
颜色扰动
神经网络
图像语义
semantic adversarial sample
color disturbance
neural network
image semantic
