| In recent years,neural network has been welcomed by academia and industry because of its ability to learn large amounts of data.Neural network can be applied in fields such as voice and computer vision.In computer vision,the ability of a neural network to recognize a clean picture from the physical world can be completely disabled by adding tiny perturbations on clean picture.Applications of neural networks,including automatic drive and face recognition,are under great threat.Since 2013,the research on the adversarial examples has been carried out.How to generate more threatening adversarial examples and how to resist them has become a hot issue.However,the existing application and research on adversarial examples are mostly about classification network and improving the robustness of network,but there is not much research on the hidden information characteristics of adversarial examples.In this paper,a steganographic communication method based on adversarial examples is pro-posed based on three characteristics of adversarial examples.The three characteristics about adversarial examples are as follows: adversarial examples has the property of information hiding? It is difficult for the existing attack algorithms to produce the transferable adversarial examples? Generative neural networks also have adversarial examples.On this basis,this paper proposes a steganography which uses the noise of the adversarial examples itself as the carrier of information.Secondly,this paper presents an unbounded adversarial examples of the generative neural network,which can be used as a kind of ad-versarial examples steganography.Thirdly,aiming at the disadvantage of low adversarial examples transferability,this paper introduces the knowledge distillation into the attack al-gorithm based on gradient,which can improve the transferability of adversarial examples around 30% ? 50%. |
PDF Full Text Request