Research On Attack And Defense Algorithms Of Adversarial Samples Based On GAN

In recent years,deep neural networks have achieved many results in image classification and recognition,natural language processing,unsupervised learning and other fields,and have played an important role in key safety fields such as malicious software detection,unmanned driving,and aircraft collision avoidance detection.effect.However,deep neural networks are easily affected by adversarial samples and produce false judgments.Therefore,the problem of adversarial sample defense has become a major challenge in the field of artificial intelligence security.Studying adversarial examples will not only cause potential threats by attacking or misleading deep neural networks,from another perspective,it can also enhance the robustness of the model by training the model.Therefore,studying the generation of adversarial samples is as important as adversarial defense.However,most of the current methods to study the security of deep neural networks separate the research on the adversarial attack and the adversarial defense,or for the generation of adversarial samples,or for adversarial defense,it is difficult to promote each other and improve together in the same method.At the same time,most of the existing defense methods are aimed at a single attack method,and it is difficult to universally improve the defense performance of the model.Therefore,researching an integrated offensive and defensive model that can simultaneously improve the quality of generated adversarial samples and efficiently improve the classifier's ability to defend against multiple adversarial attacks is a new research direction in the field of adversarial attack and defense.It is of great significance to generate adversarial networks to improve the robustness of deep neural networks.Inspired by the idea of generating confrontation networks,this topic uses the advantages of GAN in simulating real data distribution and combines confrontation training to carry out research on confrontation attacks and defense problems.The main work is as follows:(1)This paper proposes an offensive and defensive integrated method of adversarial GAN based on the attention mechanism,which combines adversarial training and generating adversarial networks to make adversarial attacks on the classification neural network(discriminator network)in the case of white box.The framework uses the deep potential features of the original image as the prior knowledge for the generation of adversarial examples,uses the generator to generate fake samples to conduct adversarial training on the discriminator network,and jointly optimizes the generator and discriminator in the case of adversarial attacks.With the constant confrontation of the generator,the generator promotes the improvement of the defensive performance of the discriminator,and the discriminator accelerates the training speed of the generator,and realizes mutual promotion and mutual improvement within the same framework.Experiments on the CIFAR-10 data set and Image Net subset,the algorithm achieved 88.37% and 39.31% classification accuracy on the two data sets,respectively,which is greater than the Rob-GAN defense model under different attack intensities Promote.(2)A defensive generative confrontation network based on k-WTA is designed,optimized for the existing offensive and defensive integrated framework,and the activation function of the generator in the model is replaced by the commonly used Re LU with k-Winner-Take-All The(k-WTA)activation function prevents the gradient information of the network model from being used through undefined gradients,thereby effectively resisting gradient-based adversarial attacks.Applying this activation function to model training can be used to predict gradient-based adversarial attacks.The processing part constrains each other to further improve the robustness of the discriminator in the model,and is verified by experiments on the CIFAR-10 data set.