Research On Defense Method Against Adversarial Examples Based On Born Again Neural Networks

With the development of artificial intelligence,human extremely relies on neural network.It can help complete image recognition,speech recognition,content audit,intelligent recommendation and other tasks,with the advantages of high accuracy,high speed,low cost and so on.Recent studies have shown that the attacker can make the neural network prediction completely wrong by adding subtle disturbances on the test samples along the direction of increasing the loss function.The newly generated samples are called adversarial examples,which seriously impact the security of the neural network model.Therefore,it is urgent to carry out the research on defense methods to help the model predict correctly.To solve this problem,the main contents of this paper are as follows:Firse,this paper studies the causes and distribution of adversarial examples,investigates the principle and process of adversarial examples generation methods,and analyzes the mechanism and effect of adversarial defense methods,so as to pave the way for future research.Secondly,a defense method based on Born-Again neural networks is proposed to improve the adversarial robustness of the model.This method is divided into two modules: data module and model module.At the data level,efficient feature squeezing method is selected to complete data denoising.At the model level,a defense model based on Born-Again neural networks is proposed,which combines the idea of BornAgain neural network to complete model training,and combines random smoothing to complete sample testing.The importance of each module is proved by ablation experiments with common image classification data sets.The classification effect of the combined defense method is tested,and the effectiveness of this method is proved by comparing with other defense methods.Third,design and implement an adversarial examples defense experimental platform,which provides the functions of selecting data Set,setting adversarial examples generation method,setting feature squeezing method,uploading or training defense model,setting model test method,and presenting test results to users in the form of accuracy.The results show that the defense method based on Born-Again neural networks proposed in this paper can greatly improve the adversarial robustness of the model and correctly predict adversarial examples.The experimental platform can meet the needs of users and complete the research of adversarial defense.