Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (4): 88-95.doi: 10.11896/jsjkx.211100164

• Computer Graphics & Multimedia • Previous Articles     Next Articles

Adversarial Examples Generation Method Based on Image Color Random Transformation

BAI Zhixu, WANG Hengjun, GUO Kexiang   

  1. Strategic Support Force Information Engineering University,Zhengzhou 450001,China
  • Received:2021-11-15 Revised:2022-06-15 Online:2023-04-15 Published:2023-04-06
  • About author:BAI Zhixu,born in 1992,postgraduate.His main research interests include artificial intelligence and adversarial examples.
    WANG Hengjun,born in 1973.Ph.D,associate professor.His main research interests include intelligent information processing,natural language processing and machine learning.

PDF (PC)

310

Abstract: Although deep neural networks(DNNs) have good performance in most classification tasks,they are vulnerable to adversarial examples,making the security of DNNs questionable.Research designs to generate strongly aggressive adversarial examples can help improve the security and robustness of DNNs.Among the methods for generating adversarial examples,black-box attacks are more practical than white-box attacks,which need to rely on model structural parameters.Black-box attacks are gene-rally based on iterative methods to generate adversarial examples,which are less migratory,leading to a generally low success rate of their black-box attacks.To address this problem,introducing data enhancement techniques in the process of countermeasure example generation to randomly change the color of the original image within a limited range can effectively improve the migration of countermeasure examples,thus increasing the success rate of countermeasure example black box attacks.This method is validated through adversarial attack experiments on ImageNet dataset with normal network and adversarial training network,and the experimental results indicate that the method can effectively improve the mobility of the generated adversarial examples.

Key words: Deep neural network, Adversarial example, White-box attack, Black-box attack, Migration

CLC Number: 

  • TP393.08
[1]SZEGEDY C,LIU W,JIA Y,et al.Going deeper with convolutions[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2015:1-9.
[2]BAI Z X,WANG H J.An adversarial sample generation method based on improved genetic algorithm[J/OL].Computer Engineering:1-15.[2022-10-26].DOI:10.19678/j.issn.1000-3428.0065260.
[3]MA Y K,WU L F,JIAN M,et al.An adversarial example ge-neration algorithm for face live detection[J].Journal of Software,2019,30(2):279-290.
[4]MADRY A,MAKELOV A,SCHMIDT L,et al.Towards deep learning models resistant to adversarial attacks[J].arXiv:1706.06083,2017.
[5]GUO C,RANA M,CISSE M,et al.Countering adversarial images using input transformations[J].arXiv:1711.00117,2017.
[6]SAMANGOUEI P,KABKAB M,CHELLAPPA R.Defense-gan:Protecting classifiers against adversarial attacks using ge-nerative models[J].arXiv:1805.06605,2018.
[7]XIE C,ZHANG Z,ZHOU Y,et al.Improving transferability of adversarial examples with input diversity[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition.2019:2730-2739.
[8]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013.
[9]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2014.
[10]KURAKIN A,GOODFELLOW I,BENGIO S.Adversarialexamples in the physical world[J].arXiv:1607.02533,2016.
[11]DONG Y,LIAO F,PANG T,et al.Boosting adversarial attacks with momentum[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2018:9185-9193.
[12]DONG Y,PANG T,SU H,et al.Evading defenses to transferable adversarial examples by translation invariant attacks[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition.2019:4312-4321.
[13]LIN J,SONG C,HE K,et al.Nesterov accelerated gradient and scale invariance for adversarial attacks[J].arXiv:1908.06281,2019.
[14]BAI Z X,WANG H J,GUO K X.A review of adversarial example techniques based on deep neural networks[J/OL].Compu-ter Engineering and Applications.[2021-11-01].http://kns.cnki.net/kcms/detail/11.2127.tp.20211008.1826.002.html.
[15]SIMONYAN K,ZISSERMAN A.Very deep convolutional networks for large-scale image recognition[J].arXiv:1409.1556.2014.
[16]FU Y,ZHENG Y,HUANG H,et al.Hyperspectral image super-resolution with a Mosaic RGB image[J].IEEE Transactions on Image Process,2018,27:5539-5552.
[17]SZEGEDY C,VANHOUCKE V,IOFFE S,et al.Rethinking the inception architecture for computer vision[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition(CVPR).Las Vegas,NV,USA,2016:2818-2826.
[18]SZEGEDY C,IOFFE S,VANHOUCKE V,et al.Inception-v4,inception-ResNet and the impact of residual connections on learning[C]//Proceedings of The Thirty-First AAAI Confe-rence on Artificial Intelligence.San Francisco,California,USA,2017.
[19]HE K,ZHANG X,REN S,et al.Identity mappings in deep residual networks[C]//Proceedings of the European Conference on Computer Vision 2016.Cham,2016:630-645.
[20]TRAMÈR F,KURAKIN A,PAPERNOT N,et al.Ensembleadversarial training:Attacks and defenses[OL].https://arxiv.org/abs/1705.07204.
[1] YIN Haitao, WANG Tianyou. Image Denoising Algorithm Based on Deep Multi-scale Convolution Sparse Coding [J]. Computer Science, 2023, 50(4): 133-140.
[2] RAO Dan, SHI Hongwei. Study on Air Traffic Flow Recognition and Anomaly Detection Based on Deep Clustering [J]. Computer Science, 2023, 50(3): 121-128.
[3] WANG Xiangwei, HAN Rui, Chi Harold LIU. Hierarchical Memory Pool Based Edge Semi-supervised Continual Learning Method [J]. Computer Science, 2023, 50(2): 23-31.
[4] LIU Xing-guang, ZHOU Li, LIU Yan, ZHANG Xiao-ying, TAN Xiang, WEI Ji-bo. Construction and Distribution Method of REM Based on Edge Intelligence [J]. Computer Science, 2022, 49(9): 236-241.
[5] GUO Zheng-wei, FU Ze-wen, LI Ning, BAI Lan. Study on Acceleration Algorithm for Raw Data Simulation of High Resolution Squint Spotlight SAR [J]. Computer Science, 2022, 49(8): 178-183.
[6] WU Zi-bin, YAN Qiao. Projected Gradient Descent Algorithm with Momentum [J]. Computer Science, 2022, 49(6A): 178-183.
[7] WEI Hui, CHEN Ze-mao, ZHANG Li-qiang. Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns [J]. Computer Science, 2022, 49(6): 350-355.
[8] GAO Jie, LIU Sha, HUANG Ze-qiang, ZHENG Tian-yu, LIU Xin, QI Feng-bin. Deep Neural Network Operator Acceleration Library Optimization Based on Domestic Many-core Processor [J]. Computer Science, 2022, 49(5): 355-362.
[9] JIAO Xiang, WEI Xiang-lin, XUE Yu, WANG Chao, DUAN Qiang. Automatic Modulation Recognition Based on Deep Learning [J]. Computer Science, 2022, 49(5): 266-278.
[10] LI Jian, GUO Yan-ming, YU Tian-yuan, WU Yu-lun, WANG Xiang-han, LAO Song-yang. Multi-target Category Adversarial Example Generating Algorithm Based on GAN [J]. Computer Science, 2022, 49(2): 83-91.
[11] CHEN Meng-xuan, ZHANG Zhen-yong, JI Shou-ling, WEI Gui-yi, SHAO Jun. Survey of Research Progress on Adversarial Examples in Images [J]. Computer Science, 2022, 49(2): 92-106.
[12] WU Yun-han, BAI Guang-wei, SHEN Hang. Multi-dimensional Resource Dynamic Allocation Algorithm for Internet of Vehicles Based on Federated Learning [J]. Computer Science, 2022, 49(12): 59-65.
[13] ZHAO Hong, CHANG You-kang, WANG Wei-jie. Survey of Adversarial Attacks and Defense Methods for Deep Neural Networks [J]. Computer Science, 2022, 49(11A): 210900163-11.
[14] YANG Hao, YAN Qiao. Adversarial Character CAPTCHA Generation Method Based on Differential Evolution Algorithm [J]. Computer Science, 2022, 49(11A): 211100074-5.
[15] QIAN Dong-wei, CUI Yang-guang, WEI Tong-quan. Secondary Modeling of Pollutant Concentration Prediction Based on Deep Neural Networks with Federal Learning [J]. Computer Science, 2022, 49(11A): 211200084-5.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.