计算机科学 ›› 2023, Vol. 50 ›› Issue (4): 110-116.doi: 10.11896/jsjkx.220300024
刘依凡, 欧博, 熊剑琴
LIU Yifan, OU Bo, XIONG Jianqin
摘要: 对抗重编程是一种针对深度神经网络的攻击方法,它通过往输入图像中添加扰动使网络模型执行攻击者指定的任务,能够破坏训练网络模型的合法使用权。研究和设计对抗重编程方法,对于理解此类攻击并设计相应的防御算法有积极意义。探讨对抗扰动添加区域对对抗重编程算法性能的影响,通过使用噪声不可见性函数来评估图像各区域的对抗失真特性,得到掩蔽矩阵,然后自适应地添加对抗扰动,优化对抗重编程任务。实验结果表明,对于当前主流的深度网络分类模型,所提算法能够提高对抗重编程的攻击性能,并提升修改后图像的不可感知性。
中图分类号:
[1]GE Y Z,LIU H,WANG Y,et al.Overview of Deep Learning Image Recognition Under Small Sample Dilemma[J].Journal of Software,2022,33(1):193-210. [2]QIAO S B,PANG S C,WANG M,et al.Convolution NeuralNetwork Model for Brain CT Image Classification Based on Residual Mixed Attention Mechanism[J].Journal of Electronics,2021,49(5):984-991. [3]YU J Y,DING P C,WANG C.Application of ConvolutionalNeural Network in Target Detection[J].Computer Science,2018,45(S2):17-26. [4]WANG H L,QI X L,WU G S.Research Progress of Target De-tection Technology Based on Deep Convolution Neural Network[J].Computer Science,2018,45(9):11-19. [5]WANG N Y,YE Y X,LIU L,et al.Research Progress of Language Model Based on Deep Learning[J].Journal of Software,2021,32(4):1082-1115. [6]TONG X,WANG B J,WANG R Z,et al.A Survey of Samples of Deep Learning Confrontation for Natural Language Proces-sing[J].Computer Science,2021,48(1):258-267. [7]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and Harnessing Adversarial Examples[J].Statistics,2014,3:1467-5463. [8]ALEXEY K,IAN G,SAMY B.Adversarial Examples in The Physical World[J].Statistics,2016,2:1467-5463. [9]CHENG X,WANG Y Y,ZHANG N J,et al.Multi level loss target tracking and countermeasure attack method based on spatial perception[J].Journal of communication,2021,42(11):242-254. [10]CHEN J Y,CHEN Z Q,ZHENG H B,et al.PSO Based Road Sign Recognition Model Black Box Anti Attack Method[J].Journal of Software,2020,31(9):2785-2801. [11]ELSAYED G F,GOODFELLOW I,SOHL-DICKSTEIN J.Adversarial Reprogramming of Neural Networks[J].Statistics,2018,1:1467-5463. [12]NEEKHARA P,HUSSAIN S,DUBNOV S,et al.AdversarialReprogramming of Sequence Classification Neural Networks[J].Statistics,2018,2:1467-5463. [13]NEEKHARA P,HUSSAIN S,DU J,et al.Cross-modal Adversarial Reprogramming[C]//Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision.2022:2427-2435. [14]CARLINI N,WAGNER D.Towards Evaluating the Robus-tness of Neural Networks[C]//IEEE Symposiumon Security and Privacy(SP).IEEE,2017:39-57. [15]MOOSAVI-DEZFOOLI S M,FAWZI A,FROSSARD P,et al.A Simple and Accurate Method to Fool Deep Neural Networks[C]//Proceedings of the CVPR.2016:2574-2582. [16]WANG C,WEI X L,TIAN Q,et al.Modulation Recognition Depth Network Countermeasure Attack Method Based on Cha-racteristic Gradient[J].Computer Science,2021,48(7):25-32. [17]SHI D,LU T L,DU Y H,et al.Face Gender Forgery Image Generation Model Based on Improved Cyclegan[J].Computer Science,2022,49(2):31-39. [18]YU X M,HUANG H.Research on the Application of Im-proved Gan Network in Generating Short Video[J].Computer Science,2021,48(S2):625-629. [19]LIN S Y,ZHANG M K,WU C M,et al.Face Image Step-by-Step Completion Method by Generating Countermeasure Network[J].Computer Science,2021,48(9):174-180. [20]MA N,ZHANG X,ZHENG H T,et al.Shufflenet v2:Practical Guidelines for Efficient CNN Architecture Design[C]//Procee-dings of the European Conference on Computer Vision(ECCV).2018:116-131. [21]HAN X,LIU Q,XU J,et al.Handwritten Numeral Recognition Algorithm Based on Pseudo PCA[J].Computer Science,2018,45(S2):278-281,307. [22]KRIZHEVSKY A,NAIR V,HINTON G.Cifar-10(canadian institute for advanced research)[J/OL].http://www.cs.toronto.edu/kriz/cifar.html. [23]LEE K,SU H C,RAMCHANDRAN K.Reprogramming GANs Via Input Noise Design[C]//Joint European Conference on Machine Learning and Knowledge Discovery in Databases.Springer,Cham,2020:256-271. [24]PROCA A,BANBURSKI A,POGGIO T A.Cross-Domain Adversarial Reprogramming of a Recurrent Neural Network[C]//CogSci.2020. [25]WANG X,WANG S,CHEN P Y,et al.Protecting Neural Networks with Hierarchical Random Switching:Towards Better Robustness-Accuracy Trade-off for Stochastic Defenses[C]//Twenty-Eighth International Joint Conference on Artificial Intelligence(IJCAI-19).2019. [26]MENG X L,WANG Z Z.Image Diffusion Based on VisualMasking Effect[J].Journal of Automation,2011,37(1):21-27. [27]SAJASI S,MOGHADAM A M E.An Adaptive Image Steganographic Scheme Based on Noise Visibility Function and an Optimal Chaotic Based Encryption Method[J].Applied Soft Computing,2015,30:375-389. [28]VINYALS O,BLUNDELL C,LILLICRAP T,et al.MatchingNetworks for One Shot Learning[J].Advances in Neural Information Processing Systems,2016,29:3630-3638. [29]KINGMA D,BA J.Adam:A Method for Stochastic Optimization[J].arXiv:1412.6980,2017. |
[1] | 郝志荣, 陈龙, 黄嘉成. 面向文本分类的类别区分式通用对抗攻击方法 Class Discriminative Universal Adversarial Attack for Text Classification 计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077 |
[2] | 吴子斌, 闫巧. 基于动量的映射式梯度下降算法 Projected Gradient Descent Algorithm with Momentum 计算机科学, 2022, 49(6A): 178-183. https://doi.org/10.11896/jsjkx.210500039 |
[3] | 闫萌, 林英, 聂志深, 曹一凡, 皮欢, 张兰. 一种提高联邦学习模型鲁棒性的训练方法 Training Method to Improve Robustness of Federated Learning 计算机科学, 2022, 49(6A): 496-501. https://doi.org/10.11896/jsjkx.210400298 |
[4] | 李建, 郭延明, 于天元, 武与伦, 王翔汉, 老松杨. 基于生成对抗网络的多目标类别对抗样本生成算法 Multi-target Category Adversarial Example Generating Algorithm Based on GAN 计算机科学, 2022, 49(2): 83-91. https://doi.org/10.11896/jsjkx.210800130 |
[5] | 陈梦轩, 张振永, 纪守领, 魏贵义, 邵俊. 图像对抗样本研究综述 Survey of Research Progress on Adversarial Examples in Images 计算机科学, 2022, 49(2): 92-106. https://doi.org/10.11896/jsjkx.210800087 |
[6] | 王晓明, 温旭云, 徐梦婷, 张道强. 一种面向脑疾病诊断的图卷积网络对抗攻击方法 Graph Convolutional Network Adversarial Attack Method for Brain Disease Diagnosis 计算机科学, 2022, 49(12): 340-345. https://doi.org/10.11896/jsjkx.220500185 |
[7] | 赵宏, 常有康, 王伟杰. 深度神经网络的对抗攻击及防御方法综述 Survey of Adversarial Attacks and Defense Methods for Deep Neural Networks 计算机科学, 2022, 49(11A): 210900163-11. https://doi.org/10.11896/jsjkx.210900163 |
[8] | 杨文博, 原继东. 局部时间序列黑盒对抗攻击 Locally Black-box Adversarial Attack on Time Series 计算机科学, 2022, 49(10): 285-290. https://doi.org/10.11896/jsjkx.210900254 |
[9] | 景慧昀, 周川, 贺欣. 针对人脸检测对抗攻击风险的安全测评方法 Security Evaluation Method for Risk of Adversarial Attack on Face Detection 计算机科学, 2021, 48(7): 17-24. https://doi.org/10.11896/jsjkx.210300305 |
[10] | 羊洋, 陈伟, 张丹懿, 王丹妮, 宋爽. 对抗攻击威胁基于卷积神经网络的网络流量分类 Adversarial Attacks Threatened Network Traffic Classification Based on CNN 计算机科学, 2021, 48(7): 55-61. https://doi.org/10.11896/jsjkx.210100095 |
[11] | 陈晋音, 邹健飞, 袁俊坤, 叶林辉. 面向恶意软件检测模型的黑盒对抗攻击方法 Black-box Adversarial Attack Method Towards Malware Detection 计算机科学, 2021, 48(5): 60-67. https://doi.org/10.11896/jsjkx.200300127 |
[12] | 陈凯, 魏志鹏, 陈静静, 姜育刚. 多媒体模型对抗攻防综述 Adversarial Attacks and Defenses on Multimedia Models:A Survey 计算机科学, 2021, 48(3): 27-39. https://doi.org/10.11896/jsjkx.210100079 |
[13] | 徐行, 孙嘉良, 汪政, 杨阳. 基于特征变换的图像检索对抗防御 Feature Transformation for Defending Adversarial Attack on Image Retrieval 计算机科学, 2021, 48(10): 258-265. https://doi.org/10.11896/jsjkx.200800222 |
[14] | 华茂,余世明. 一种改进的混沌伊藤算法求解车辆配送问题 Modified Chaotic ITO Algorithm to Vehicle Routing Problem 计算机科学, 2016, 43(3): 266-270. https://doi.org/10.11896/j.issn.1002-137X.2016.03.049 |
|