摘要
当数据集包含对抗性扰动样本时,其分类结构缺乏稳定性,传统的扰动评估方法效率低且准确率不高.针对该问题,提出一种高效准确的扰动评估方法.首先,根据样本与分类器间的物理属性,定义样本的对抗性扰动,利用线性迭代方法评估计算二类分类器的鲁棒性;然后,为了适应更加一般的情况,将该方法扩展到更加普遍的多类非线性分类器,即超平面包围的区域变为不规则多面体;最后,标记扰动样本对分类器进行优化调整,并对当前估计进行更新,以进一步提高分类器性能.不同数据集和分类器的实验结果表明:与FGSM方法、 L-BFGS方法和未标记方法相比,提出的方法具有更稳定高效的扰动评估性能,且可以构建鲁棒性更高的分类器.
When data sets contain adversarial perturbation samples, their classification structure lacks stability, and traditional perturbation evaluation methods are complex, inefficient and accurate. To solve this problem, a perturbation evaluation method with efficiency and accuracy has beenproposed. Firstly, according to physical properties of sample and antagonism between the classifiers, sample antagonistic perturbations are defined, and the linear iterative method is used to evaluate the two classes robustness of classifiers. Secondly,in order to adapt to more general cases, the proposed method is extended to multiple class classification with more general nonlinear, which means that hyperplane encircled region becomes an irregular polyhedron. And finally, perturbation samples are tagged to optimize classifier, and updates the current estimate, so that the classifier performance gets further improvement. Through experiments for different data-sets and classifiers, experimental results show that the proposed method could get more stable and efficient perturbation evaluation performance in comparison with traditional methods, which makes classifiers more robust.
作者
邹瑛
ZOU Ying(Department of Judicial Information Management,Sichuan Vocational College of Judicial Police,Deyang Sichuan 618000,China)
出处
《西南师范大学学报(自然科学版)》
CAS
北大核心
2019年第3期88-94,共7页
Journal of Southwest China Normal University(Natural Science Edition)
基金
四川省自然科学基金项目(14ZJ0280)
四川省科技攻关项目(2014JY0095)
关键词
多类非线性分类器
对抗性样本
扰动评估
线性迭代
鲁棒性
multi-class nonlinear classifier
adversarial samples
perturbation evaluation
linear iteration
robust
