A neural network model for adversarial defense based on deep learning

International Conference on Image Processing and Intelligent Control Pub Date : 2023-08-09 DOI:10.1117/12.3000789

Zhiying Wang, Yong Wang

{"title":"A neural network model for adversarial defense based on deep learning","authors":"Zhiying Wang, Yong Wang","doi":"10.1117/12.3000789","DOIUrl":null,"url":null,"abstract":"Deep learning has achieved great success in many fields, such as image classification and target detection. Adding small disturbance which is hard to be detected by the human eyes to original images can make the neural network output error results with high confidence. An image after adding small disturbance is an adversarial example. The existence of adversarial examples brings a huge security problem to deep learning. In order to effectively defend against adversarial examples attacks, an adversarial example defense method based on image reconstruction is proposed by analyzing the existing adversarial examples attack methods and defense methods. Our data set is based on ImageNet 1k data set, and some filtering and expansion are carried out. Four attack modes, FGSM, BIM, DeepFool and C&W are selected to test the defense method. Based on the EDSR network, multi-scale feature fusion module and subspace attention module are added. By capturing the global correlation information of the image, the disturbance can be removed, while the image texture details can be better preserved, and the defense performance can be improved. The experimental results show that the proposed method has good defense effect.","PeriodicalId":210802,"journal":{"name":"International Conference on Image Processing and Intelligent Control","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Image Processing and Intelligent Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1117/12.3000789","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Deep learning has achieved great success in many fields, such as image classification and target detection. Adding small disturbance which is hard to be detected by the human eyes to original images can make the neural network output error results with high confidence. An image after adding small disturbance is an adversarial example. The existence of adversarial examples brings a huge security problem to deep learning. In order to effectively defend against adversarial examples attacks, an adversarial example defense method based on image reconstruction is proposed by analyzing the existing adversarial examples attack methods and defense methods. Our data set is based on ImageNet 1k data set, and some filtering and expansion are carried out. Four attack modes, FGSM, BIM, DeepFool and C&W are selected to test the defense method. Based on the EDSR network, multi-scale feature fusion module and subspace attention module are added. By capturing the global correlation information of the image, the disturbance can be removed, while the image texture details can be better preserved, and the defense performance can be improved. The experimental results show that the proposed method has good defense effect.

查看原文本刊更多论文

基于深度学习的对抗防御神经网络模型

深度学习在图像分类、目标检测等领域取得了巨大的成功。在原始图像中加入人眼难以察觉的微小干扰，可以使神经网络输出的误差结果具有较高的置信度。加入小扰动后的图像是一个对抗性的例子。对抗性示例的存在给深度学习带来了巨大的安全问题。为了有效防御对抗性样例攻击，在分析现有对抗性样例攻击方法和防御方法的基础上，提出了一种基于图像重构的对抗性样例防御方法。我们的数据集基于ImageNet 1k数据集，并进行了一些过滤和扩展。选择FGSM、BIM、DeepFool和C&W四种攻击模式进行防御方法测试。在EDSR网络的基础上，增加了多尺度特征融合模块和子空间关注模块。通过捕获图像的全局相关信息，可以去除干扰，同时更好地保留图像纹理细节，提高防御性能。实验结果表明，该方法具有良好的防御效果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Conference on Image Processing and Intelligent Control

自引率

0.00%

发文量