计算机科学 ›› 2023, Vol. 50 ›› Issue (4): 88-95.doi: 10.11896/jsjkx.211100164
白祉旭, 王衡军, 郭可翔
BAI Zhixu, WANG Hengjun, GUO Kexiang
摘要: 尽管深度神经网络(Deep Neural Networks,DNNs)在大多数分类任务中拥有良好的表现,但在面对对抗样本(Adversarial Example)时显得十分脆弱,使得DNNs的安全性受到质疑。研究设计生成强攻击性的对抗样本可以帮助提升DNNs的安全性和鲁棒性。在生成对抗样本的方法中,相比需要依赖模型结构参数的白盒攻击,黑盒攻击更具实用性。黑盒攻击一般基于迭代方法来生成对抗样本,其迁移性较差,从而导致其黑盒攻击的成功率普遍偏低。针对这一问题,在对抗样本生成过程中引入数据增强技术,在有限范围内随机改变原始图像的颜色,可有效改善对抗样本的迁移性,从而提高对抗样本黑盒攻击的成功率。在ImageNet数据集上利用所提方法对正常网络及对抗训练网络进行对抗攻击实验,结果显示该方法能够有效提升所生成对抗样本的迁移性。
中图分类号:
[1]SZEGEDY C,LIU W,JIA Y,et al.Going deeper with convolutions[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2015:1-9. [2]BAI Z X,WANG H J.An adversarial sample generation method based on improved genetic algorithm[J/OL].Computer Engineering:1-15.[2022-10-26].DOI:10.19678/j.issn.1000-3428.0065260. [3]MA Y K,WU L F,JIAN M,et al.An adversarial example ge-neration algorithm for face live detection[J].Journal of Software,2019,30(2):279-290. [4]MADRY A,MAKELOV A,SCHMIDT L,et al.Towards deep learning models resistant to adversarial attacks[J].arXiv:1706.06083,2017. [5]GUO C,RANA M,CISSE M,et al.Countering adversarial images using input transformations[J].arXiv:1711.00117,2017. [6]SAMANGOUEI P,KABKAB M,CHELLAPPA R.Defense-gan:Protecting classifiers against adversarial attacks using ge-nerative models[J].arXiv:1805.06605,2018. [7]XIE C,ZHANG Z,ZHOU Y,et al.Improving transferability of adversarial examples with input diversity[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition.2019:2730-2739. [8]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013. [9]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2014. [10]KURAKIN A,GOODFELLOW I,BENGIO S.Adversarialexamples in the physical world[J].arXiv:1607.02533,2016. [11]DONG Y,LIAO F,PANG T,et al.Boosting adversarial attacks with momentum[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2018:9185-9193. [12]DONG Y,PANG T,SU H,et al.Evading defenses to transferable adversarial examples by translation invariant attacks[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition.2019:4312-4321. [13]LIN J,SONG C,HE K,et al.Nesterov accelerated gradient and scale invariance for adversarial attacks[J].arXiv:1908.06281,2019. [14]BAI Z X,WANG H J,GUO K X.A review of adversarial example techniques based on deep neural networks[J/OL].Compu-ter Engineering and Applications.[2021-11-01].http://kns.cnki.net/kcms/detail/11.2127.tp.20211008.1826.002.html. [15]SIMONYAN K,ZISSERMAN A.Very deep convolutional networks for large-scale image recognition[J].arXiv:1409.1556.2014. [16]FU Y,ZHENG Y,HUANG H,et al.Hyperspectral image super-resolution with a Mosaic RGB image[J].IEEE Transactions on Image Process,2018,27:5539-5552. [17]SZEGEDY C,VANHOUCKE V,IOFFE S,et al.Rethinking the inception architecture for computer vision[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition(CVPR).Las Vegas,NV,USA,2016:2818-2826. [18]SZEGEDY C,IOFFE S,VANHOUCKE V,et al.Inception-v4,inception-ResNet and the impact of residual connections on learning[C]//Proceedings of The Thirty-First AAAI Confe-rence on Artificial Intelligence.San Francisco,California,USA,2017. [19]HE K,ZHANG X,REN S,et al.Identity mappings in deep residual networks[C]//Proceedings of the European Conference on Computer Vision 2016.Cham,2016:630-645. [20]TRAMÈR F,KURAKIN A,PAPERNOT N,et al.Ensembleadversarial training:Attacks and defenses[OL].https://arxiv.org/abs/1705.07204. |
[1] | 尹海涛, 王天由. 基于深度多尺度卷积稀疏编码的图像去噪算法 Image Denoising Algorithm Based on Deep Multi-scale Convolution Sparse Coding 计算机科学, 2023, 50(4): 133-140. https://doi.org/10.11896/jsjkx.220100090 |
[2] | 饶丹, 时宏伟. 基于深度聚类的航空交通流识别与异常检测研究 Study on Air Traffic Flow Recognition and Anomaly Detection Based on Deep Clustering 计算机科学, 2023, 50(3): 121-128. https://doi.org/10.11896/jsjkx.220100086 |
[3] | 王祥炜, 韩锐, 刘驰. 基于层级化数据记忆池的边缘侧半监督持续学习方法 Hierarchical Memory Pool Based Edge Semi-supervised Continual Learning Method 计算机科学, 2023, 50(2): 23-31. https://doi.org/10.11896/jsjkx.221100133 |
[4] | 吴子斌, 闫巧. 基于动量的映射式梯度下降算法 Projected Gradient Descent Algorithm with Momentum 计算机科学, 2022, 49(6A): 178-183. https://doi.org/10.11896/jsjkx.210500039 |
[5] | 焦翔, 魏祥麟, 薛羽, 王超, 段强. 基于深度学习的自动调制识别研究 Automatic Modulation Recognition Based on Deep Learning 计算机科学, 2022, 49(5): 266-278. https://doi.org/10.11896/jsjkx.211000085 |
[6] | 高捷, 刘沙, 黄则强, 郑天宇, 刘鑫, 漆锋滨. 基于国产众核处理器的深度神经网络算子加速库优化 Deep Neural Network Operator Acceleration Library Optimization Based on Domestic Many-core Processor 计算机科学, 2022, 49(5): 355-362. https://doi.org/10.11896/jsjkx.210500226 |
[7] | 李建, 郭延明, 于天元, 武与伦, 王翔汉, 老松杨. 基于生成对抗网络的多目标类别对抗样本生成算法 Multi-target Category Adversarial Example Generating Algorithm Based on GAN 计算机科学, 2022, 49(2): 83-91. https://doi.org/10.11896/jsjkx.210800130 |
[8] | 陈梦轩, 张振永, 纪守领, 魏贵义, 邵俊. 图像对抗样本研究综述 Survey of Research Progress on Adversarial Examples in Images 计算机科学, 2022, 49(2): 92-106. https://doi.org/10.11896/jsjkx.210800087 |
[9] | 王珏, 芦斌, 祝跃飞. 对抗性网络流量的生成与应用综述 Generation and Application of Adversarial Network Traffic:A Survey 计算机科学, 2022, 49(11A): 211000039-11. https://doi.org/10.11896/jsjkx.211000039 |
[10] | 赵宏, 常有康, 王伟杰. 深度神经网络的对抗攻击及防御方法综述 Survey of Adversarial Attacks and Defense Methods for Deep Neural Networks 计算机科学, 2022, 49(11A): 210900163-11. https://doi.org/10.11896/jsjkx.210900163 |
[11] | 杨浩, 闫巧. 基于差分进化算法的字符对抗验证码生成方法 Adversarial Character CAPTCHA Generation Method Based on Differential Evolution Algorithm 计算机科学, 2022, 49(11A): 211100074-5. https://doi.org/10.11896/jsjkx.211100074 |
[12] | 钱栋炜, 崔阳光, 魏同权. 基于深度神经网络与联邦学习的污染物浓度预测二次建模 Secondary Modeling of Pollutant Concentration Prediction Based on Deep Neural Networks with Federal Learning 计算机科学, 2022, 49(11A): 211200084-5. https://doi.org/10.11896/jsjkx.211200084 |
[13] | 金玉杰, 初旭, 王亚沙, 赵俊峰. 变分推断域适配驱动的城市街景语义分割 Variational Domain Adaptation Driven Semantic Segmentation of Urban Scenes 计算机科学, 2022, 49(11): 126-133. https://doi.org/10.11896/jsjkx.220500193 |
[14] | 范红杰, 李雪冬, 叶松涛. 面向电子病历语义解析的疾病辅助诊断方法 Aided Disease Diagnosis Method for EMR Semantic Analysis 计算机科学, 2022, 49(1): 153-158. https://doi.org/10.11896/jsjkx.201100125 |
[15] | 王超, 魏祥麟, 田青, 焦翔, 魏楠, 段强. 基于特征梯度的调制识别深度网络对抗攻击方法 Feature Gradient-based Adversarial Attack on Modulation Recognition-oriented Deep Neural Networks 计算机科学, 2021, 48(7): 25-32. https://doi.org/10.11896/jsjkx.210300299 |
|