On the Influence of Negative Pictures on Classification Network Based on Adversaria Samples
After converting the original sample pictures(positive pictures)to negative images,the retained objects'critical category information can be classified by humans,but the general neural network models are weak to recognize negative images.In artificial intelligence,researchers are more interested in the performance of the models on the original images,and there is little research work on negative image samples.To explore the effect of negative image features on model learning,using the visualization of feature maps and comparison of recognition ability in different scenes,three models trained by positive samples set,negative samples set,and mixed samples set are investigated for three image datasets:MNIST,CIFAR10,and ImageNet.The positive and negative samples were found to be consistent in the feature space of the model,enabling the network to fit both positive and negative images.From the accuracy point of view,the addition of negative samples adjusts the deep feature space of the network,resulting in uniform confidence output of positive and negative images for each class and a more compact distribution of samples within categories.From the perspective of adversarial robustness,models that learn positive and negative picture features show symmetry in adversarial perturbations;moreover,models trained with negative samples can resist transfer attacks of general models to a certain extent.
万方数据
维普
