[1]曾利宏,张 巍*,滕少华.二分类判别网络的对抗样本检测[J].江西师范大学学报(自然科学版),2021,(03):285-291.[doi:10.16357/j.cnki.issn1000-5862.2021.03.10]
 ZENG Lihong,ZHANG Wei*,TENG Shaohua.The Adversarial Samples Detection with a Binary Discrimination Network[J].Journal of Jiangxi Normal University:Natural Science Edition,2021,(03):285-291.[doi:10.16357/j.cnki.issn1000-5862.2021.03.10]
点击复制

二分类判别网络的对抗样本检测()
分享到:

《江西师范大学学报》(自然科学版)[ISSN:1006-6977/CN:61-1281/TN]

卷:
期数:
2021年03期
页码:
285-291
栏目:
信息科学与技术
出版日期:
2021-06-10

文章信息/Info

Title:
The Adversarial Samples Detection with a Binary Discrimination Network
文章编号:
1000-5862(2021)03-0285-07
作者:
曾利宏张 巍*滕少华
广东工业大学计算机学院,广东 广州 510006
Author(s):
ZENG LihongZHANG Wei*TENG Shaohua
School of Computers,Guangdong University of Technology,Guangzhou Guangdong 510006,China
关键词:
二分类判别网络 深度神经网络 对抗样本 检测
Keywords:
binary discrimination network deep neural network adversarial samples detection
分类号:
TP 311
DOI:
10.16357/j.cnki.issn1000-5862.2021.03.10
文献标志码:
A
摘要:
在原始图像数据集中,添加特殊的细微扰动能形成对抗样本,经这类样本攻击的深度神经网络等模型可能以高置信度给出错误输出,然而当前大部分检测对抗样本的方法有许多前提条件,限制了其检测能力.针对这一问题,该文提出一个二分类判别网络模型,通过多层卷积神经网络来提取样本数据的主要特征; 应用特殊的判别目标函数,结合不同程度的噪声数据来训练并优化网络模型,以提高模型检测对抗样本的能力; 模型采用端到端的方式,可直接部署到目标模型的源样本中来检测对抗样本的存在,亦可进行大规模应用.实验结果表明:该模型的检测率优于其他相关模型.
Abstract:
The deep neural network is vulnerable to the attack of adversarial samples that are generated by adding small but special perturbations to the original datasets,resulting in the network model giving error output with high confidence.Additionally,most of the detection methods of adversarial samples need to have many preconditions when detecting,and the whole detection ability is limited.Therefore,a binary discrimination network is proposed to effectively improve the detection rate of the adversarial samples,which extracts the main features of the sample data in the way of multi-layer convolution,trains the network with different levels of noise data,and continuously optimizes the network model with unique discriminant objective function.The model can be directly deployed to the source data of the target model to detect the presence of adversarial samples,and can be used on a large scale by an end-to-end way.Experimental results show that the detection rate of this model is better than that of other comparison models.

参考文献/References:

[1] Szegedy C,Zaremba W,Sutskever I,et al.Intriguing properties of neural networks[EB/OL].[2020-06-17].https://arxiv.org/abs/1312.6199.
[2] Kurakin A,Goodfellow I,Bengio S.Adversarial examples in the physical world[EB/OL].[2020-06-17].https://arxiv.org/abs/1607.02533v4.
[3] Papernot N,McDaniel P,Jha S,et al.The limitations of deep learning in adversarial settings[EB/OL].[2020-06-17].https://arxiv.org/abs/1511.07528.
[4] Goodfellow I J,Shlens J,Szegedy C.Explaining and harnessing adversarial examples[EB/OL].[2020-06-17].https://arxiv.org/pdf/1412.6572.pdf.
[5] 张钹,朱军,苏航.迈向第三代人工智能[J].中国科学:信息科学,2020,50(9):1281-1302.
[6] 蒲元芳,张巍,滕少华,等.基于决策树的协同网络入侵检测[J].江西师范大学学报:自然科学版,2010,34(3):302-307.
[7] 易倩,滕少华,张巍.基于马氏距离的K均值聚类算法的入侵检测[J].江西师范大学学报:自然科学版,2012,36(3):284-287.
[8] Meng Dongyu,Chen Hao.Magnet:a two-pronged defense against adversarial examples[EB/OL].[2020-06-17].https://arxiv.org/abs/1705.09064v2.
[9] Metzen J,Jan H,Genewein T,et al.On detecting adversarial perturbations[EB/OL].[2020-06-17].https://arxiv.org/abs/1702.04267.
[10] Hendrycks D,Gimpel K.Early methods for detecting adversarial images[EB/OL].[2020-06-17].https://arxiv.org/pdf/1608.00530v2.pdf.
[11] Li Xin,Li Fuxin.Adversarial examples detection in deep networks with convolutional filter statistics[EB/OL].[2020-06-17].https://arxiv.org/abs/1612.07767.
[12] Xu Weilin,Evans D,Qi Yanjun.Feature squeezing:detecting adversarial examples in deep neural networks[EB/OL].[2020-06-17].https://arxiv.org/pdf/1704.01155.pdf.
[13] Liang Bin,Li Hongcheng,Su Miaoqiang,et al.Detecting adversarial image examples in deep networks with adaptive noise reduction[EB/OL].[2020-06-17].https://arxiv.org/pdf/1705.08378.pdf.
[14] Krizhevsky A,Sutskever I,Hinton G.Image net classification with deep convolutional neural networks[J].Communications of the ACM,2017,60(6):84-90.
[15] Lecun Y,Bottou L,Bengio Y,et al.Gradient-based learning applied to document recognition[J].Proceedings of the IEEE,1998,86(11):2278-2324.
[16] Ashmeet Lamba.CNN for Fashion MNIST Dataset[EB/OL].[2020-06-17].https://github.com/ashmeet13/FashionMNIST-CNN.
[17] He K,Zhang X,Ren S,et al.Deep residual learning for image recognition[EB/OL].[2020-06-17].https://ieeexplore.ieee.org/document/7780459.
[18] Rony J,Hafemann L G,Oliveira L S,et al.Decoupling direction and norm for efficient gradient-based l2 adversarial attacks and defenses[EB/OL].[2020-06-17].https://arxiv.org/pdf/1811.09600.pdf.
[19] Madry A,Makelov A,Schmidt L,et al.Towards deep learning models resistant to adversarial attacks[EB/OL].[2020-06-17].https://arxiv.org/pdf/1706.06083.pdf.
[20] Chen Pinyu,Sharma Y,Zhang Huan,et al.Ead:elastic-net attacks to deep neural networks via adversarial examples[EB/OL].[2020-06-17].https://arxiv.org/pdf/1709.04114.pdf.
[21] Powers D M.Evaluation:from precision,recall and F-measure to ROC,informedness,markedness and correlation[EB/OL].[2020-06-17].https://arxiv.org/abs/2010.16061v1.

备注/Memo

备注/Memo:
收稿日期:2020-05-17
基金项目:广东省重点领域研发计划(2020B010166006),国家自然科学基金(61972102),广东省教育厅课题(粤教高[2018]179号,粤教高函[2018]1号)和广州市科技计划(201903010107,201802030011,201802010026,201802010042,201604046017)资助项目.
通信作者:张 巍(1964—),女,江西南昌人,教授,主要从事大数据、数据挖掘和协同计算方面的研究.E-mail:weizhang@gdut.edu.cn
更新日期/Last Update: 2021-06-10