Structural Analysis Optimization And Adversarial Attacks Research For Convolutional Neural Networks

In recent years,the field of deep learning has developed rapidly,and many excellent models/training algorithms have emerged in tasks such as image recognition and adversarial attacks,all of which are of course supported by massive computing power and large-scale datasets.How to effectively perform tasks such as image recognition and adversarial attacks on the basis of small samples and limited computing power is a key step for deep learning models to move from the lab to reality.Current research focuses on the theoretical structure of deep learning models,constructs better deep learning models by designing new model architectures and supplementing them with efficient training algorithms.However,this process often requires large amounts of computing power and data.To tackle this problem,focus on pre-trained models,structurally analyze the feature extraction behavior in pre-trained models,and identify the characteristics and key structures of pre-trained models.Then,based on model characteristics,complete the design of image recognition and adversarial attacks architecture on the basis of limited computing power and data volume.In this paper,taking ResNeXt model as an example,based on data enhancement technology,launch causal intervention to generate sequence data from non-sequential image data,and then use Wasserstein distance to analyze and locate the key structure of ResNeXt model:time-invariant stable structure by a small amount of data,and then use this structure to optimize image recognition/adversarial attacks techniques,then propose two research points of this paper:1,The design of convolutional neural network based on time-invariant stable structure.Find that the time-invariant stable structure is the key structure of the model which can extract useful information from the pictures.Accordingly,complete selective pruning with the time-invariant stable structure,and then construct a single-category perceptual feature extraction network which can distinguish between intra/inter-classes from a distributional perspective based on the Sharpe Ratio,and then uses the attention mechanism to fuse single-category perceptual features into multi-category perceptual features.Experiments on 100 classes of ImageNet dataset show that this method improves the accuracy from 78.50%to 84.72%.Moreover,the optimization process requires only 20 images per class,and avoids the massive computing power requirements by using the Sharpe ratio optimization.2,Adversarial attacks based on time-invariant stable structure.In this paper,the time-invariant stable structure is analyzed as the attack weakness of the deep learning model,and a new adversarial attacks method is designed for this weakness to disturb the time-invariant feature subspace and reduce the computing power requirement of the attack process.Compared with the C&W algorithm under the same experimental environment,the success rate of our method is 0.99,with a relative improvement of 5.32%;the average attack time of our method is 6.52s,with a relative reduction of 10.81%;the distortion of the adversarial sample is 0.50,with a relative reduction of 18.03%.