Adversarial Examples Defense In Deep Learning Network For Image Classification

With the continuous improvement of the computing power of intelligent devices,machine learning and deep learning technologies have been rapidly developed and applied in many fields,and the security of neural network has gradually become a research hot spot.More and more adversarial examples attack algorithms and adversarial examples defense technologies are constantly updated and iterated since the vulnerability of neural network--the adversarial examples have been found and some attack effects have been achieved.In the field of image processing,ResNet is a kind of deep neural network which is widely used,and various adversarial examples algorithms for ResNet emerge one after another.The security of application of ResNet is greatly threatened.Aiming at the construction of ResNet,a new special structure based on global convolution denoising block is proposed in this paper,which improves the robustness of the ResNet in a variety of adversarial examples attack algorithms,and the performance of the new residual network structure is analyzed.In addition,aiming at the training mechanism of ResNet,this paper.also proposes an adversarial stability training framework,which improves the robustness of ResNet to the adversarial examples attack algorithm in the network training stage.The main innovation points and research achievements are as follows:(1)This paper proposes a special ResNet model based on global convolution denoising block,and the specific structure of the network is given.The global convolution network is combined with the noise reduction module,and the new ResNet structure is trained end-to-end at the same time.The performance of the original ResNet and the special ResNet based on global convolution denoising block is compared through experiments,and the effectiveness of the two networks against adversarial examples attack is analyzed.(2)This paper proposes an adversarial stability training framework for ResNet.In the training stage,the distortion examples and adversarial examples are fused,the adversarial training is carried out in batches,so as to improve the classification accuracy of ResNet for distortion examples and adversarial examples,and enhance the robustness of ResNet.