Optimization Of Artificial Intelligence Algorithm With Adversarial Training

In recent years,artificial intelligence algorithms have been widely used in many security-related application scenarios.In such scenarios,the robustness of artificial intel-ligence models becomes extremely important.However,artificial intelligence,especially deep learning models,can cause inadequate training,excessive linearization,and other reasons,causing the model to produce incorrect recognition results for adversarial sam-ples,affecting the safety of artificial intelligence.The main means for researchers at home and abroad to solve the problem of adversarial samples is the adversarial training of the model or the optimization of the model network structure.The adversarial training of the model can passively defend against the attack of the sample,and the modification of the model network structure can have a better defense effect against the gradient-dependent attacks.However,these defense methods have the problem that a single defense method is difficult to defend against multiple adversarial sample generation algorithms.In order to enhance the universality of current defense methods,this thesis proposes an improved method of adversarial training.The research content of this thesis is mainly divided into two parts: In the first part,this thesis analyzes the five existing adversarial sample generation algorithms for image classifiers and finds that the disturbance noise generated by these five adversarial sample generation algorithms is concentrated in the smaller ones.In the range of perturbation,only a few pixels will produce large pixel perturbations,and these noises will disturb the recognition results of the classifier.We propose a genetic algorithm-based sensitive area search method for small pixel perturbations,and use samples in sensitive areas for adversarial training to test the effectiveness of the model's robustness improvement.In the second part,we find genetic algorithm-based adversarial training after testing.The adversarial sample generation algorithms that can generate small pixel disturbances such as FGSM,IFGSM,and Deep Fool have a defensive effect,but they still cannot effectively defend the JSMA and C&W adversarial sample generation algorithms.The analysis found that the defense ability against JSMA is weak because the algorithm will generate large pixel disturbances that are beyond the search range of the genetic algorithm,while for the C&W algorithm,it is because the disturbances generated by the algorithm is very small and inherited under the limit of the number of iterations algorithms can hardly find similar disturbances.In order to further improve the defense ability,this thesis improves the adversarial training based on genetic algorithms,and proposes a denoising optimization processing method for input data based on Denoising U-Net structure.Noise processing further improves the defense ability of genetic algorithm-based adversarial training against these two types of attack algorithms.Compared with traditional methods that use adversarial training to improve the robustness of the model,the method proposed in this thesis does not rely on model gra-dient information to a certain extent and can improve the model's defense ability against multiple attack algorithms.Finally,this thesis compares the defensive capabilities of the method against five adversarial sample generation algorithms,and compares it with the model enhancement method using distillation defense and PGD adversarial training.The results show that the proposed noise reduction countermeasure training method can fur-ther improve the robustness of the model,and reduce the attack success rate of various adversarial examples generation algorithms by 10% to 80%.