| In recent years,with the rapid development of neural network technology,not only the explosive growth of its own technology,but also its application is more and more extensive.Convolutional neural network has achieved remarkable success in machine recognition,natural language processing and other fields.In the field of machine vision,more and more products landed,such as automatic driving,railway station vision,speech face recognition,face payment and so on,greatly facilitating people's life.Recently,however,scholars have found adversarial examples for convolutional neural networks.By adding some small perturbations that are difficult to recognize in images,convolutional neural networks will make errors.This characteristic of convolutional neural network brings great security risks to its use.The aim of adversarial examples is to find as little perturbations as possible to add into the original image,which can lead the target neural network make errors.Since the discovery of adversarial examples,many scholars have devoted themselves to the research of adversarial examples,hoping to enhance the robustness of neural networks by studying adversarial examples.However,there is no effective product to defense adversarial example in the industry at present.Understanding the current demand and situation,this paper puts forward an adversarial example defense model based on integrated detection,the model can effectively defend against adversarial examples,and then design and implement an adversarial example detection system based on the defense model.The main work of this paper is as follows:(1)Using FGSM,BIM,DEEPFOOL,JSMA and CW algorithms to attack MNIST data sets,test the attack performance of different algorithms and different parameters.(2)Putting forward an adversarial example defense model based on integrated detection,and then carries out defense detection experiments on the common adversarial example attack algorithms.Experiments obtains a good adversarial example detection rate and very low recall rate.After the second attack on the model,it is proved that compared with the traditional two-class adversarial example classifier,the integrated detection defense model is more difficult to be attacked by second attack,and the model is robust to the secondary attack.(3)Based on the proposed adversarial example defense model,under the micro-service architecture design principle,a micro-service-based adversarial examples detection system for image recognition is designed and implemented.The system mainly includes integrated detection service,core processing service,log service,service registration and management service,and gateway service,using Docker Swarm to load balance.At the same time,a lightweight REST-style API is released for third parties using.Third-party users can protect their image recognition model by blocking the adversarial examples by using the adversarial example defense system this paper designed. |
PDF Full Text Request