基于数据增强的集成滤波对抗防御方法
An ensemble filtering adversarial defense approach based data augmentation
方贤进 1薛明均 1李志伟1
作者信息
- 1. 安徽理工大学 计算机科学与工程学院,安徽 淮南 232001
- 折叠
摘要
深度神经网络(Deep neural networks,DNNs)具有强大的表达能力,能够从海量异构数据中学习到高层次和抽象的表示,然而DNNs在应用中易受到对抗样本攻击,从而给DNNs的应用带来严重的安全威胁.针对现有防御方法只适用于特定攻击算法以及需要大量的原始对抗样本等问题,本文提出一种基于数据增强的集成对抗防御方法.首先通过数据增强方法来扩充对抗样本的数据量和多样性,以解决需要大量对抗样本的弊端;其次集成多种图像滤波方法,对对抗样本进行输入变换,实现防御效果具有通用性.实验以MNIST,CIFAR-10 数据集为基础,实验结果证明了方法的有效性.
Abstract
Deep neural networks(DNNs)have strong expressive power and can learn high level and abstract repre-sentations from massive heterogeneous data.However,DNNs are susceptible to adversarial sample attacks in applica-tions,posing serious security threats to their applications.This paper proposes an integrated adversarial defense ap-proach based on data augmentation to address the issues of the existing defense methods,only applicable to specific at-tack algorithms and requiring a large number of original adversarial samples.Firstly,by using data augmentation meth-ods to expand the data volume and diversity of adversarial samples,the drawbacks of requiring a large number of adver-sarial samples can be addressed;Next,multiple image filtering methods are integrated to perform input transformation on adversarial samples,achieving universal defense effectiveness.The experiment is based on the MNIST and CIFAR-10 datasets,and the experimental results demonstrate the effectiveness of the proposed method.
关键词
对抗防御/对抗样本/图像滤波/数据增强Key words
adversarial defense/adversarial samples/image filter/data augmentation引用本文复制引用
基金项目
2018年安徽省科技重大专项项目(18030901025)
出版年
2024
NETL
NSTL
万方数据