Research On Defense Strategy Of Adversarial Attack Based On Clustering Algorithm

In recent years,convolutional neural networks have been widely used in data mining and security detection.However,while providing convenience,convolutional neural networks are also very susceptible to adversarial attacks,which can cause neural network classifiers to misclassify the original image.Once a malicious attacker applies it to securitysensitive areas,such as face recognition systems,unmanned driving engineering,and security monitoring,it will have extremely serious consequences for society and individuals.The current defensive adversarial attack models for different tonal images(including gray images and color images)are not effective in improving classification accuracy.In view of the above problems,this paper proposes two defense adversarial attack strategies based on clustering algorithms,thereby improving the robustness of the convolutional neural network model.The details are as follows:(1)Image classification mainly uses convolutional neural networks to learn the main features of images,so as to achieve the purpose of improving classification accuracy.The gray image has a single color,but once the added disturbance affects the main features of the image,it will cause classification errors,which ultimately reduces the classification accuracy.Therefore,a gray image based on K-means algorithm defense against attack model.The main idea is to concatenate the clustering models after generating the adversarial sample model,and use K-means clustering to reconstruct the pixel values in the image according to the clustering result for each scrambled gray image,by dividing the disturbance points into the most recent class,the effect of disturbance points on image features is eliminated.Experimental results show that this defense strategy can effectively improve the model classification accuracy in the MNIST handwritten digital dataset image classification task.(2)The images in the real scene are mainly color images,which are more complex in color display than gray images.The defense strategy based on the gray image cannot be directly applied to the color image.The biggest obstacle is that the k value of the K-means algorithm cannot be selected.This paper proposes a K-means++-based defensive adversarial attack model,which effectively solves the problem of incorrect clustering and difficulty in determining k value due to improper initial point selection.Finally,a more general defense strategy is constructed.Experimental results show that this defense strategy can effectively improve the classification accuracy of the model for different network models and different attack algorithms in the image classification task of the CIFAR-10 dataset.