Research On Generation Of Adversarial Examples Based On Swarm Evolutionary Algorithm

In recent years,with the rapid development of artificial intelligence technology and the substantial increase in computer computing power,machine learning algorithms,especially deep learning algorithms,have begun to be widely used in our production and life.The most common application scenarios include face recognition,autopilot,malicious application detection,and intelligent voice interaction.Just as there are security issues in traditional software development,machine learning algorithms also have security issues.However,in the current research of machine learning development,most developers and researchers have put their insights on improving the “intelligence” of the machine,and few people pay attention to the “security” of the algorithm.When these machine learning algorithms are applied in important scenarios such as automatic driving and voice control,the security of the algorithm may even be related to the safety of the user's life and property.Adversarial examples are one of the most serious machine learning algorithm security issues.A well-constructed adversarial example can directly mislead the judgment of the algorithm,resulting in immeasurable serious consequences.Therefore,the research on the security of machine learning algorithms,especially the research of adversarial example attacks,has important social significance and application value.This dissertation first systematically investigates the machine learning security problem represented by the adversarial attack,analyzes the common adversarial attack methods,and summarizes the current status.This dissertation takes the generation method of adversarial examples as the research topic,and hopes to provide ideas for how to defend adversarial attacks through the research of attack technology.Combining the efficient and flexible search characteristics of the swarm intelligent evolution algorithm,it focuses on how to carry out black-box adversarial examples for image data,how to confuse network traffic detection model based on adversarial example technology,how to generate adversarial examples for Android applications,and how to construct adversarial examples for audio data.The main research contents of each part of this dissertation are as follows:The first part reviews the existing generation techniques of adversarial examples,compares the advantages and disadvantages of each method,and gives suggestions for further research work in this field.Secondly,it summarizes the swarm intelligence evolution algorithm,summarizes the general framework flow and characteristics of the swarm intelligence evolution algorithm,and explains the reasons why such algorithms are suitable for constructing adversarial examples.Finally,considering the problem that the traditional swarm intelligence evolution algorithm is slow and easy to fall into local optimum,an improved genetic algorithm based on t-distribution is proposed.The improved genetic algorithm has the characteristics of fast convergence and high search efficiency.The research content of this part provides a theoretical basis and technical support for the subsequent research on the generation technologies of adversarial examples.The second part proposes a new generation method of adversarial examples for image data.This research aims at the problem of high model dependence,low structural efficiency and poor robustness of traditional image adversarial examples in the construction process.An image generation method based on a swarm evolution algorithm is proposed.This study achieved a 100% attack success rate on test data sets such as MNIST,CIFAR-10,and ImageNet.At the same time,the network model enhanced by the “distillation defense” method also achieved an attack rate of 100%.In the third part,a genetic-algorithm-based generation method of traffic adversarial examples is proposed.By migrating the adversarial problem in deep learning,for a broader machine learning detection model,the adversarial example is used to do traffic confusion and mislead the detection model.In the CNN-based traffic detection model and the Profile HMM website fingerprint detection model,the generated adversarial examples can change the discrimination results of the two detection models without knowing the parameters of the detection models,and successfully achieve the purpose of traffic confusion.Compared with the traditional traffic confusion method,this method has a higher success rate.The fourth part proposes a generation method of adversarial examples for Android applications.Unlike image adversarial examples,Android applications are essentially discrete binary strings,so you can't directly use the method from the image domain.In order to solve this problem,this study proposes a genetic-algorithm-based generation method of adversarial examples for Android application,which can construct corresponding adversarial examples without affecting the normal operation of the Android application itself and retaining all functions.The experimental results show that the approach can generate adversarial examples for Android applications against the black-box detection model,and the success rate is close to 100%.The fifth part proposes a generation method of adversarial examples for audio data.Studies have shown that learning-based automatic speech recognition models are also threatened by adversarial examples,and further research on audio adversarial examples is one of the necessary ways to prevent potential attack threats.Although some scholars have conducted research in this area,the effectiveness and robustness of audio adversarial examples are still unsatisfactory.This study proposes an audio adversarial attack method based on weighting and microsampling,and also applies a noise reduction method to the construction of the loss function,so that the generated audio adversarial example is less likely to be resolved.Experiments show that this method can generate low noise,high robust audio adversarial examples at the minute time-consuming level.