基于图像熵联合重构的对抗样本检测方法

Adversarial examples detection based on image entropy and joint reconstruction

为增强机器视觉领域深度神经网络模型的安全性,提出一种基于图像熵联合重构的对抗样本检测方法。利用正常样本和对抗样本在图像重构后,分类结果差异大小不同的原理进行对抗样本的检测。引入位深度缩减、空间平滑、图像压缩、平移、翻转、缩放6种图像重构方法,以图像熵作为重构参数选择的指标,利用KL散度序列训练二元检测器。对比实验结果表明,采用的方法相较于特征压缩法,对抗样本检测率得到提升,误检率有所降低。

To strengthen the security of deep neural network in the field of machine vision,an adversarial examples detection method based on image entropy and joint reconstruction was proposed.The adversarial detection method was based on the principle that the prediction distance differs for normal examples and adversarial examples after being reconstructed.Six reconstruction methods including bit depth reduction,spatial smoothing,compression,translation,flipping,scaling,were adopted.Image entropy was selected as an index for reconstruction parameters,and a binary detector was trained using KL divergence sequence.It is demonstrated that the method adopted achieves higher detection rates and lower false positive rates compared to feature squeezing in the contrast experiment.