Towards Studying The Adversarial Techniques In Deep Computer Vision

With the rapid development of deep learning,the application based on deep learning in the society become popular.Especially in the field of computer vision,products in many key areas came out,such as autonomous driving,face recognition,and image content detection.However,in recent years,adversarial technologies in computer vision have gradually emerged,such as fooling the models by adversarial examples,and fooling eyes by the Deepfake,causing huge threats to the development of deep learning in the field of vision.The existence of adversarial technologies in computer vision makes people no longer believe in the decision-making of the model,and it also raises huge doubts about the deep learning applications.Therefore,the in-depth study of adversarial technologies in computer vision has important scientific significance and social valueThe existing researches on adversarial technologies in computer vision still have many prob-lems such as the inefficient attack generation algorithm,the poor generalization and robustness of the detection algorithm.In this dissertation,a comprehensive study of adversarial technologies is carried out in response to these problems.First,this dissertation summarizes the generation and de-tection technologies of adversarial examples,and analyzes the deepfake face technologies.Then,this dissertation takes the adversarial samples as the research background,studies how to efficiently generate adversarial samples for cloud-based image applications,studies how to develop the adver-sarial examples detection algorithm with higher detection rate and better generalization,studies the deepfake face detection algorithm with good generalization,and studies how to apply the adver-sarial examples technologies to improve the robustness of the detection algorithm.The research contents and contributions of this dissertation are as followsThe first part summarizes the related development of adversarial technologies in computer vision.First of all,it reviews the generation and detection algorithms on adversarial examples,then it introduces the deepfake face technologies.This part provides technical support for the subsequent research of adversarial technologiesThe second part proposes an algorithm for generating adversarial samples based on the real-world cloud-based image applications.To solve the problems that the existing generation algorithm relying on too many resources,this research proposes four kinds of black-box adversarial exam-ples generation algorithms,which have been tested on mainstream cloud platforms such as Baidu Cloud,Alibaba Cloud and Google Cloud,etc.The experimental results show that our methods have achieved a high attack success rate,even reaching 100%in some scenarios,and the average number of queries does not exceed 3,000The third part proposes an algorithm for detecting adversarial examples based on spatial map-ping.Aiming at solving the problems that existing detection algorithms rely on specific adversarial examples,a generalized adversarial sample detection algorithm based on spatial mapping is pro-posed in this research.By utilizing 19 spatial mapping methods with different parameters,the algorithm tries to capture the common features of the adversarial samples.After testing on the large data set(e.g.,ImageNet),the results show that the TPR of detecting adversarial examples from different types can be as high as 98%when the FPR is lower than 1%The fourth part proposes a deepfake face detection algorithm based on multi-task learning,and studies how to improve the robustness of the detection algorithm through adversarial examples Aiming at solving the poor generalization of existing deepfake face detection algorithms,a multi-task learning framework based on image patches is proposed.After testing on public datasets and YouTube datasets,the detection rate on same-origin datasets and the generalization on cross-origin datasets surpass the existing algorithms.Finally,the adversarial examples technique is applied to test the robustness of the deepfake face detector,and the robustness of the detector is greatly improved through the adversarial training technique.