Deep learning model is vulnerable to adversarial examples in the task of image classification. In this paper, a cluster-based method for defending against adversarial examples is proposed. Each adversarial example bef...Deep learning model is vulnerable to adversarial examples in the task of image classification. In this paper, a cluster-based method for defending against adversarial examples is proposed. Each adversarial example before attacking a classifier is reconstructed by a clustering algorithm according to the pixel values. The MNIST database of handwritten digits was used to assess the defence performance of the method under the fast gradient sign method (FGSM) and the DeepFool algorithm. The defence model proposed is simple and the trained classifier does not need to be retrained.展开更多
基金the National NSF of China (61602125, 61772150, 61862011, 61862012)the China Postdoctoral Science Foundation (2018M633041)+5 种基金the NSF of Guangxi (2016GXNSFBA380153, 2017GXNSFAA198192, 2018GXNSFAA138116, 2018-GXNSFAA281232, 2018GXNSFDA281054)the Guangxi Science and Technology Plan Project (AD18281065)the Guangxi Key R&D Program (AB17195025)the Guangxi Key Laboratory of Cryptography and Information Security (GCIS201625, GCIS201704)the National Cryptography Development Fund of China (MMJJ20170217)the research start-up grants of Dongguan University of Technology, and the Postgraduate Education Innovation Project of Guilin University of Electronic Technology (2018YJCX51, 2019YCXS052).
文摘Deep learning model is vulnerable to adversarial examples in the task of image classification. In this paper, a cluster-based method for defending against adversarial examples is proposed. Each adversarial example before attacking a classifier is reconstructed by a clustering algorithm according to the pixel values. The MNIST database of handwritten digits was used to assess the defence performance of the method under the fast gradient sign method (FGSM) and the DeepFool algorithm. The defence model proposed is simple and the trained classifier does not need to be retrained.
