计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (5): 363-373.doi: 10.11896/jsjkx.230300153

• 信息安全 • 上一篇    下一篇

基于对抗样本和自编码器的鲁棒异常检测

李沙沙, 邢红杰   

  1. 河北大学数学与信息科学学院河北省机器学习与计算智能重点实验室 河北 保定 071002
  • 收稿日期:2023-03-18 修回日期:2023-07-09 出版日期:2024-05-15 发布日期:2024-05-08
  • 通讯作者: 邢红杰(hjxing@hbu.edu.cn)
  • 作者简介:(lss96133@163.com)
  • 基金资助:
    国家自然科学基金(61672205);河北省自然科学基金(F2017201020);河北大学高层次人才科研启动项目(521100222002)

Robust Anomaly Detection Based on Adversarial Samples and AutoEncoder

LI Shasha, XING Hongjie   

  1. Hebei Key Laboratory of Machine Learning and Computational Intelligence,College of Mathematics and Information Science,Hebei University,Baoding,Hebei 071002,China
  • Received:2023-03-18 Revised:2023-07-09 Online:2024-05-15 Published:2024-05-08
  • About author:LI Shasha,born in 1996,postgraduate.Her main research interests include novelty detection,autoencoder and deep learning.
    XING Hongjie,born in 1976,Ph.D,professor,Ph.D supervisor.His main research interests include kernel me-thods,neural networks,novelty detection,and ensemble learning.
  • Supported by:
    National Natural Science Foundation of China(61672205),Natural Science Foundation of Hebei Province,China(F2017201020) and High-Level Talents Research Start-Up Project of Hebei University(521100222002).

PDF (PC)

297

摘要: 基于自编码器的异常检测方法仅利用正常样本进行训练,因此可以有效地重构正常样本,但不能较好地对异常样本进行重构。另外,当基于自编码器的异常检测方法受到对抗攻击时,往往会取得错误的检测结果。为了解决上述问题,提出了一种基于对抗样本和自编码器的鲁棒异常检测(Robust Anomaly Detection Based on Adversarial Samples and AutoEncoder,RAD-ASAE)方法。RAD-ASAE由两个参数共享的编码器和一个解码器构成。首先,对正常样本施加微小的扰动以生成对抗样本,利用正常样本和对抗样本同时对模型进行训练,以提高模型的对抗鲁棒性;其次,在样本空间中最小化对抗样本的重构误差以及正常样本与对抗样本的重构样本之间的均方误差,同时在潜在空间中最小化正常样本和对抗样本的潜在特征之间的均方误差,以提高自编码器的重构能力。在MNIST,Fashion-MNIST,CIFAR-10数据集上进行实验,结果表明,与7种相关方法相比,RAD-ASAE展现了更优的异常检测性能。

关键词: 自编码器, 对抗样本, 异常检测, 对抗攻击, 鲁棒性

Abstract: The anomaly detection method based on AutoEncoder only uses normal samples for training,so it can effectively reconstruct normal samples,but cannot reconstruct abnormal samples.In addition,when the anomaly detection method based on AutoEncoder is attacked by adversarial attacks,it often obtains wrong detection results.In order to solve the above problems,robust anomaly detection based on adversarial samples and AutoEncoder(RAD-ASAE) method is proposed.RAD-ASAE consists of two parameter-shared encoders and a decoder.First,the normal sample is perturbed slightly to generate the adversarial sample,and normal samples and adversarial samples are used to train the model at the same time to improve the adversarial robustness of the model.Second,the reconstruction error of the adversarial samples is minimized in the sample space,and the mean square error between the normal samples and the reconstructed samples of the adversarial samples is minimized.At the same time,the mean square error between the latent features of the normal samples and the adversarial samples is minimized in the latent space to improve the reconstruction ability of the AutoEncoder.Experimental results on MNIST,Fashion-MNIST and CIFAR-10 show that RAD-ASAE demonstrates better detection performance in comparison with 7 related methods.

Key words: AutoEncoder, Adversarial samples, Anomaly detection, Adversarial attack, Robustness

中图分类号: 

  • TP391.4
[1]WELLER-FAHY D J,BORGHETTI B J,SODEMANN A A.A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection [J].IEEE Communications Surveys & Tutorials,2014,17(1):70-91.
[2]GEBREMESKEL G B,YI C,HE Z,et al.Combined Data Mining Techniques Based Patient Data Outlier Detection for Healthcare Safety [J].International Journal of Intelligent Computing and Cybernetics,2016,9(1):42-68.
[3]RAMOTSOELA D,ABU-MAHFOUZ A,HANCKE G.A Survey of Anomaly Detection in Industrial Wireless Sensor Networks With Critical Water System Infrastructure as a Case Study [J].Sensors,2018,18(8):2491.
[4]PIMENTEL M A F,CLIFTON D A,Clifton L,et al.A Review of Novelty Detection [J].Signal Processing,2014,99:215-249.
[5]ILONEN J,PAALANEN P,KAMARAINEN J K,et al.Gaus-sian Mixture Pdf in One-Class Classification:Computing and Utilizing Confidence Values [C]//Proceedings of the 18th International Conference on Pattern Recognition.Hong Kong:IEEE,2006,2:577-580.
[6]ZHANG B W,LIU Z,SANG G M.Anomaly Detection Algo-rithm Based on Kernel Density Fluctuation [J].Computer Engineering and Applications,2021,57(12):132-136.
[7]DING P L.Anomaly Detection Based on K-Nearest NeighborIsolation Forest [J].Computer system application,2023,32(2):199-206.
[8]FAN R,LI N.K-means Clustering Anomaly Detection Method Based on Feature Selection [J].Network Security Technology and Application,2018(4):25-26.
[9]TURKOZ M,KIM S,SON Y,et al.Generalized Support Vector Data Description for Anomaly Detection [J].Pattern Recognition,2020,100:107-119.
[10]KITTIDACHANAN K,MINSAN W,PORNNOPPARATH D,et al.Anomaly Detection Based on GS-OCSVM Classification [C]//Proceedings of the International Conference on Know-ledge and Smart Technology.Phuket:IEEE,2020:64-69.
[11]SINGH S,MARKOU M.An Approach to Novelty DetectionApplied to the Classification of Image Regions [J].IEEE Tran-sactions on Knowledge and Data Engineering,2004,16(4):396-407.
[12]LI W,WANG Y.A Robust Supervised Subspace Learning Approach for Output-Relevant Prediction and Detection Against Outliers [J].Journal of Process Control,2021,106:184-194.
[13]CALLEGARI C,GIORDANO S,PAGANO M.An Information-Theoretic Method for the Detection of Anomalies in Network Traffic [J].Computers & Security,2017,70:351-365.
[14]HINTON G E,SALAKHUTDINOV R R.Reducing the Dimensionality of Data With Neural Networks [J].Science,2006,313(5786):504-507.
[15]GONG D,TAN M,ZHANG Y,et al.Blind Image Deconvolution by Automatic Gradient Activation [C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.Las Vegas:IEEE,2016:1827-1836.
[16]XIA Y,CAO X,WEN F,et al.Learning Discriminative Reconstructions for Unsupervised Outlier Removal [C]//Proceedings of the IEEE International Conference on Computer Vision.Boston:IEEE,2015:1511-1519.
[17]GONG D,LIU L,LE V,et al.Memorizing Normality to Detect Anomaly:Memory-Augmented Deep Autoencoder for Unsupervised Anomaly Detection [C]//Proceedings of the IEEE International Conference on Computer Vision.Seoul:IEEE,2019:1705-1714.
[18]AN J,CHO S.Variational Autoencoder Based Anomaly Detection Using Reconstruction Probability [J].Special lecture on IE,2015,2(1):1-18.
[19]ZHOU C,PAFFENROTH R C.Anomaly Detection With Ro-bust Deep Autoencoders[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.Halifax:IEEE,2017:665-674.
[20]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing,Properties of Neural Networks[C]//Proceedings of the International Conference on Learning Representations.Banff:IEEE:2014.
[21]GOODFELLOW I,SHLENS J,SZEGEDY C.Explaining andHarnessing Adversarial Examples[C]//Proceedings of the International Conference on Learning Representations.San Diego:IEEE,2015.
[22]SALEHI M,ARYA A,PAJOUM B,et al.Arae:Adversarially Robust Training of Autoencoders Improves Novelty Detection [J].Neural Networks,2021,144:726-736.
[23]ROBBINS H,MONRO S.A Stochastic Approximation Method [J].The Annals of Mathematical Statistics,1951,22(3):400-407.
[24]YAN J L,XU Y,ZHANG S C,et al.A Survey of Adversarial Sample Attack and Defense Research on Image Classification Models [J].Computer Engineering and Application,2022,58(23):24-41.
[25]KURAKIN A,GOODFELLOW I J,BENGIO S.Adversarial Examples in the Physical World [M]//Artificial Intelligence Safety and Security.Chapman and Hall/CRC,2018:99-112.
[26]XIAO Y,PUN C M.Improving Adversarial Attacks on Deep Neural Networks Via Constricted Gradient-Based Perturbations[J].Information Sciences,2021,571:104-132.
[27]MADRY A.MAKELOV A,SCHMIDT L,et al.Towards Deep Learning Models Resistant to Adversarial Attacks [C]//Proceedings of the International Conference on Learning Representations.Vancouver:IEEE,2018.
[28]CARLINI N,WAGNER D.Towards Evaluating the Robustness of Neural Networks [C]//2017 IEEE Symposium on Security and Privacy.San Jose:IEEE,2017:39-57.
[29]LIN C,HAN S,ZHU J,et al.Sensitive Region-Aware Black-Box Adversarial Attacks[J].Information Sciences,2023,637:118929.
[30]PAPERNOT N,MCDANIEL P,GOODFELLOW I,et al.Practical Black-Box Attacks Against Machine Learning [C]//Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security.Dallas:ACM,2017:506-519.
[31]ZHOU W,HOU X,CHEN Y,et al.Transferable Adversarial Perturbations [C]//Proceedings of the European Conference on Computer Vision.Munich:Springer,2018:452-467.
[32]ZHAO H,CHANG Y K,WANG W J.Overview of Adversarial Attacks And Defense Methods of Deep Neural Networks [J].Computer Science,2022,49(S2):662-672.
[33]LIAO F,LIANG M,DONG Y,et al.Defense Against Adversa-rial Attacks Using High-Level Representation Guided Denoiser [C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.Salt Lake City,IEEE:2018:1778-1787.
[34]LIU S J,ZHANG Z X,ZHANG Q J.Adversarial Sample Defense Algorithm Based on Adversarial Training and Image Denoising [J].Computer Engineering and Design,2022,43(11):3093-3100.
[35]JIA X,WEI X,CAO X,et al.Comdefend:An Efficient Image Compression Model to Defend Adversarial Examples [C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.Long Beach:IEEE,2019:6084-6092.
[36]PRAKASH A,MORAN N,GARBER S,et al.Deflecting Adversarial Attacks With Pixel Deflection [C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.Salt Lake City:IEEE,2018:8571-8580.
[37]JIA X,ZHANG Y,WU B,et al.LAS-AT:Adversarial Training With Learnable Attack Strategy [C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.New Orleans:IEEE,2022:13398-13408.
[38]PAPERNOT N,MCDANIEL P,WU X,et al.Distillation as aDefense to Adversarial Perturbations Against Deep Neural Networks [C]//Proceedings of the IEEE Symposium on Security and Privacy.San Jose:IEEE,2016:582-597.
[39]SAMANGOUEI P,KABKAB M,CHELLAPPA R.Defense-gan:Protecting Classifiers Against Adversarial Attacks Using Generative Models [C]//Proceedings of the International Conference on Learning Representations.Stockholm:ACM,2018.
[40]MENG D,CHEN H.Magnet:A Two-Pronged Defense Against Adversarial Examples [C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security.Dallas:ACM,2017:135-147.
[41]CHEN R,CHEN J,ZHENG H,et al.Salient Feature Extractorfor Adversarial Defense on Deep Neural Networks[J].Information Sciences,2022,600:118-143.
[42]DENG L.The Mnist Database of Handwritten Digit Images for Machine Learning Research [best of the web[J].IEEE Signal Processing Magazine,2012,29(6):141-142.
[43]XIAO H,RASUL K,VOLLGRAF R.Fashion-Mnist:A NovelImage Dataset for Benchmarking Machine Learning Algorithms [J].arXiv:1708.07747,2017.
[44]THAKKAR V,TEWARY S,CHAKRABORTY C.Batch Normalization in Convolutional Neural Networks-A Comparative Study With CIFAR-10 Data [C]//Proceedings of the International Conference on Emerging Applications of Information Technology.Islamabad:IEEE,2018:1-5.
[45]LIU F T,TING K M,ZHOU Z H.Isolation Forest [C]//Proceedings of the EEE International Conference on Data Mining.Pisa:IEEE,2008:413-422.
[46]RUFF L,VANDERMEULEN R,GOERNITZ N,et al.DeepOne-Class Classification [C]//Proceedings of the International Conference on Machine Learning.Stockholm:ACM,2018:4393-4402.
[47]SCHLEGL T,SEEBÖCK P,WALDSTEIN S M,et al.F-anogan:Fast Unsupervised Anomaly Detection With Generative Adversarial Networks [J].Medical Image Analysis,2019,54:30-44.
[48]AKCAY S,ATAPOUR-ABARGHOUEI A,BRECKON T P.Ganomaly:Semi-Supervised Anomaly Detection Via Adversarial Training [C]//Proceedings of the Asian Conference on Compu-ter Vision.Perth:Springer,2019:622-637.
[49]ZONG B,SONG Q,MIN M R,et al.Deep Autoencoding Gau-ssian Mixture Model for Unsupervised Anomaly Detection [C]//Proceedings of the International Conference on Learning Representations.Vancouver:IEEE,2018.
[50]HE K,ZHANG X,REN S,et al.Delving Deep into Rectifiers:Surpassing Human-Level Performance on Imagenet Classification [C]//Proceedings of the IEEE International Conference on Computer Vision.Santiago:IEEE,2015:1026-1034.
[51]DIEDERIK K AND JIMMY B.Adam:A Method for Stochastic Optimization [C]//Proceedings of the International Conference on Learning Representations(ICLR).San Diego:IEEE,2015.
[52]FAWCETT T.An Introduction to Roc Analysis [J].PatternRecognition Letters,2006,27(8):861-874.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发