基于深度学习的对抗样本防御方法研究

Research on Adversarial Sample Defense Method Based on Deep Learning

受对抗样本自身可迁移属性的影响,传统对抗样本防御方法的防御效果存在不稳定的情况,为此,提出基于深度学习的对抗样本防御方法。文章借助深度学习算法,构建了对抗样本伊辛模型,设置模型的初始状态为神经网络的输入数据,采用自旋状态表示每一个神经元值与对抗样本伊辛模型的格点,并利用神经网络中卷积运算的特征,消解势场中预先给定的外部磁化作用,以最大限减少低对抗样本伊辛模型在能量作用下的局部自旋问题。在对抗样本防御阶段,利用对抗样本伊辛模型的通道相关性,生成重要性掩码对通道的激活进行调整,并结合对抗样本伊辛模型通道梯度累积值的实际情况设置了差异化的重要性掩码生成函数。在应用测试过程中,为验证防御效果,在快速梯度下降法(Fast Gradient Sign Method,FGSM)、Deepfool、C&W(Carlini and Wagner)攻击算法、投影梯度下降(Projected Gradient Descent,PFD)、集成对抗检测器(Energy-Aware Data-centric,EAD)共5种对抗策略下设计了对抗样本防御方法,对比不同对抗样本防御方法的性能,发现文章提出的基于深度学习的对抗样本防御方法的曲线下的面积(Area Under the Curve,AUC)值稳定在0.95以上,说明对抗样本防御方法具有较好的防御性能。

Due to the influence of the transferability properties of adversarial samples themselves,their defense effectiveness is unstable.Therefore,a deep learning based adversarial sample defense method is proposed.Using deep learning algorithms,an adversarial Ising model was constructed.The initial state of the model was set as the input data of the neural network,and the spin state was used to represent each neuron value and the lattice points of the adversarial Ising model.The convolutional operation features in the neural network were utilized to eliminate the pre given external magnetization in the potential field,minimizing the local spin problem of the adversarial Ising model under energy.In the defense stage of adversarial samples,the importance mask is generated by combining the channel correlation of the Ising model of adversarial samples to adjust the activation of the channel.Based on the actual situation of the accumulated gradient values of the Ising model channel of adversarial samples,a differentiated importance mask generation function is set.In the test results,the designed adversarial sample defense method exhibits good defense performance with Area Under the Curve(AUC)values above 0.95 under five adversarial strategies:Fast Gradient Sign Method(FGSM),Deepfool,Carlini and Wagner(C&W),Projected Gradient Descent(PFD),and Energy-Aware Data-centric(EAD).