Research Of Method On Generating Image Adversarial Samples Based On GAN

With the widespread application of deep learning technology,the issue of deep learning security has gradually drawn people's attention.Among them,the adversarial attack is the hottest spot in the field of deep learning security.The way to make attack in deep learning models effectively is an important method to analyze the security of deep learning models,as well as improves the robustness of deep learning models.The traditional adversarial attack methods always focus on calculating the perturbation of the original images.By using single-step calculation or iterative calculation,perturbation is performed on the original samples and then new adversarial samples are generated.In order to accelerate the generation speed of adversarial samples,reduce the amount of calculation and obtain higher success rate of adversarial attacks,the latest adversarial attack direction has turned to using neural network,especially the generative adversarial networks to generate adversarial samples.In this paper,we focused on the problems of traditional attack methods and studied adversarial attacks based on generative adversarial networks.Aming at the image classifier as attack target,we proposed a new unsupervised adversarial samples generation method.The main research results of this paper were as follows:(1)An adversarial attack method based on generating adversarial networks was proposed.This method exploited two unsupervised training stages with different targets,and a new loss function for the model was designed in the adversarial training stage.So that the GAN model can learn the distribution of the adversarial samples from random noise,and generate unrestricted adversarial samples in batches.The method of this paper has the highest attack success rate of 98.40%in the target model,the highest attack success rate of 29.40%when facing the defensed model,the highest attack success rate of 77.58%during the transferability test,and has faster generation speed.The experiments results showed that this method could successfully generate adversarial samples with higher attack success rate which were more difficult to defend.(2)An image quality improvement algorithm for generating adversarial samples task was proposed.The algorithm was inspired by the image style transfer task.The content feature extraction network was exploited to extract the features of the adversarial samples.Then a new sample quality constraint loss function was introduced to our task,which improved the adversarial training stage of the WGAN_GP_Adv model.The experiments illustrated that the improved adversarial attack method only lost 0.92%of the attack success rate for the same attack target,but reduce the target category feature expression in the adversarial samples effectively.In this case the quality of the adversarial samples generated by our model has achieved improvement.