Research On D-D Model Defending Adversarial Examples Based On Deep Residual Learning De-noising

In recent years,with the rapid development of deep learning,artificial intelligence has ushered in a new development climax,especially in the fields of image recognition,natural language processing and speech processing.However,deep learning algorithms,models,and data sets still face many security threats,such as adversarial examples attacks.The simple argument adversarial examples attacks is to add imperceptible perturbations to the dataset's data,causing classifier misclassification.At present,the defense of adversarial examples is concentrated on the improvement of the classification model,and the effect is general.Many models are gradually being attacked by the new algorithm of adversarial examples.This paper avoids the improvement of the robustness of the model.Through preprocessing the denoising of the classifier image that needs classification,the deep learning image denoising is applied to the defense of adversarial examples attacks.The work of this article mainly includes the following aspects:Due to the particularity of the noise of adversarial examples,this paper uses deep convolutional neural network to denoise the image,use the deep network to learn the noise characteristics,and improve the denoising effect.Due to the traditional deep learning network,as the number of network layers increases,there will be problems such as loss of image details.Using residuals to learn the law of reverse learning noise can solve the problem of gradient diffusion of deep learning and use BN layer and Relu layer to improve the efficiency of model training.The D-D model was proposed to increase the success rate of the defense of adversarial examples through the superposition of two different defense models of the countermeasures,and the effectiveness of the proposed method adversarial examples defense was verified through theory and experiments.The 1-SSIM loss function is used to solve the problem of image blurring caused by de-noising of deep residual network.The L2 and 1-SSIM combined loss function is proposed to balance the image de-noising and image de-noising effects.through experiments:(1)Training the optimal parameters of the deep residual network,and comparing the results with other denoising models.This method has better denoising effect.(2)Modify the original DnCNN loss function based on residual learning model,solve the original model denoising fuzzy and other issues,improve the denoising effect.(3)The D-D defense system can effectively improve the defense of adversarial examples attacks and has good robustness against the attacks of adversarial examples.