摘要
神经网络在图像分类的任务上取得了极佳的成绩,但是相关工作表明它们容易受到对抗样本的攻击并且产生错误的结果。之前的工作利用深度神经网络去除对抗性扰动,以达到防御对抗样本的目的。但是存在正常样本经该网络处理,反而会降低分类准确率的问题。为了提高对抗样本的分类准确率和减轻防御网络对正常样本影响,提出一种基于对抗生成网络(Generative Adversarial Networks,GAN)与数据流形的防御网络。引入GAN提高分类网络识别对抗样本的准确率;利用正常样本数据流形降低防御网络对干净样本的影响。实验结果表明该方法可以防御多种攻击方法,同时降低了防御网络对正常样本的影响。
Neural networks have achieved excellent results in the task of image classification,but related work shows that they are vulnerable to adversarial examples and produce wrong results.In the previous work,the deep neural network is used to remove the adversarial perturbation to achieve the purpose of defending adversarial examples.However,normal samples processed by the network will reduce the classification accuracy.In order to improve the classification accuracy of adversarial examples and reduce the influence of defense network on normal samples,a defense network based on generative adversarial networks(GAN) and data manifold is proposed.GAN was introduced to improve the accuracy of classification network identification adversarial examples.The normal sample data manifold was used to reduce the influence of defense network on clean samples.Experimental results show that this method can defend against various attack methods and reduce the influence of defense network on normal samples.
作者
余勇
张俊三
Yu Yong;Zhang Junsan(School of Computer Science and Technology,China University of Petroleum(East China),Qingdao 266580,Shandong,China)
出处
《计算机应用与软件》
北大核心
2023年第10期205-211,344,共8页
Computer Applications and Software
基金
国家自然科学基金项目(61673396)
中央高校基本科研业务费专项资金项目(20CX05019A)
中石油重大科技项目(ZD2019-183-004)。
关键词
深度神经网络
图像分类
对抗样本
生成对抗网络
数据流形
Deep-neural network
Image classification
Adversarial examples
Generative adversarial network
Data-manifold
