基于图像熵联合重构的对抗样本检测方法
Adversarial examples detection based on image entropy and joint reconstruction
许剑南 1杨玉丽 1马垚 1于丹 1陈永乐1
作者信息
- 1. 太原理工大学信息与计算机学院,山西晋中 030600
- 折叠
摘要
为增强机器视觉领域深度神经网络模型的安全性,提出一种基于图像熵联合重构的对抗样本检测方法.利用正常样本和对抗样本在图像重构后,分类结果差异大小不同的原理进行对抗样本的检测.引入位深度缩减、空间平滑、图像压缩、平移、翻转、缩放6种图像重构方法,以图像熵作为重构参数选择的指标,利用KL散度序列训练二元检测器.对比实验结果表明,采用的方法相较于特征压缩法,对抗样本检测率得到提升,误检率有所降低.
Abstract
To strengthen the security of deep neural network in the field of machine vision,an adversarial examples detection method based on image entropy and joint reconstruction was proposed.The adversarial detection method was based on the princi-ple that the prediction distance differs for normal examples and adversarial examples after being reconstructed.Six reconstruction methods including bit depth reduction,spatial smoothing,compression,translation,flipping,scaling,were adopted.Image entropy was selected as an index for reconstruction parameters,and a binary detector was trained using KL divergence sequence.It is demonstrated that the method adopted achieves higher detection rates and lower false positive rates compared to feature squeezing in the contrast experiment.
关键词
深度神经网络/对抗样本/图像熵/图像重构/不一致序列/检测器/图像分类Key words
deep neural network/adversarial examples/image entropy/image reconstructions/inconsistency sequence/detec-tor/image classification引用本文复制引用
基金项目
山西省基础研究计划(201901D211076)
山西省基础研究计划(20210302123131)
山西省基础研究计划(20210302124395)
出版年
2024
NETL
NSTL
维普
万方数据