| Absolutely,through the improvement of big data technology and computing performance,deep learning technology has achieved breakthrough development in the fields of image classification,automatic driving,facial recognition and malware detection.However,the latest research shows that adding imperceptible disturbances to the sample data will cause the deep learning model to output erroneous prediction results with extremely high confidence,which seriously jeopardizes the safety of deep learning model applications.At present,the research on confrontation samples mainly focuses on white box attacks and single disturbance scenarios.The general disturbance under black box attacks has the characteristics of less knowledge required by the attacker and fast attack deployment.It is an attack method that is more in line with realistic scenarios.There is little research on the attack methods in this scenario.This paper mainly discusses the general perturbation generation method of the black box scene,and proposes a general perturbation generation scheme UP-GAN based on GAN.Use any image data set for training,and the training process only accesses the output of the deep learning model.UP-GAN can be deployed in target attack or non-target attack scenarios,and can also choose?1,?2,??various disturbance measurement methods for optimization.For other general perturbation schemes,UP-GAN can be deployed in the black box scenario and proposes a general perturbation generation model with migration.It proves that general perturbation is also possible to be migrated.The same general perturbation can attack multiple deep learning models.The use of the UP-GAN generated general perturbation attack adversarial training and the deep learning model after the defensive defense proves that the UP-GAN general perturbation scheme can defeat the mainstream deep learning defense scheme. |
PDF Full Text Request