Research Of Adversarial Example Generation Methods In Image Object Detection

With the development of artificial intelligence technology,object detection,as one of the important research contents in the field of computer vision,provides a foundation for object segmentation and image translation research.While deep learning technology has achieved great success in object detection tasks,the weaknesses of its models have gradually emerged.Adding an imperceptible disturbance to the image can cause the deep neural network model to output wrong results,which is the adversarial sample.Hence,studying the generation mechanism of adversarial examples is conducive to improving the robustness and security of the model.However,most of the studies on adversarial examples focus on classifiers and few on object detectors.Therefore,the focus of research is on the generation methods of adversarial examples in object detection systems.At present,the adversarial example generation methods have the following two problems.Firstly,traditional algorithms use gradient iteration methods to add disturbances along the gradient direction.Such methods often result in high time costs.Secondly,in the existing research,the type of adversarial attack is relatively single.Most of them are untargeted attacks,so it is impossible to generate targeted adversarial examples of specific error types.On the whole,two research contents are carried out as follows:1.A fast adversarial examples generation method based on Generative Adversarial Network(GAN)is proposed.In this method,the generation process of adversarial examples is defined as the GAN framework.The generator is based on Encoder-Decoder,the discriminator uses a Markovian discriminator.At the same time,four loss functions are designed and combined.Among them,the GAN loss function realizes the game between generator and discriminator,which realizes the image conversion process from clean samples to adversarial samples.The pixel loss function is a pixel-level constraint on the disturbance.The classification loss function uses adversarial labels to suppress the correct classification and promote the wrong classification.The location loss function further interferes with the regression of bounding box position.This algorithm is validated on open data sets and mainstream object detection models.The experimental results show that this method improves the success rate of attack slightly and reduces the generation time of adversarial examples significantly.Compared with the traditional algorithms,the m AP of the Faster R-CNN in this thesis is reduced to 4.02%,and the time is significantly shortened to 0.9s.Besides,the transferability of this algorithm is verified by the black box attack experiments2.A new problem of adversarial examples in object detection is proposed in this thesis,named misclassification attack.To solve this problem,the generation algorithm of targeted misclassification adversarial examples based on fast gradient iteration is proposed.By using the idea of increasing perturbation along the gradient direction,destroy the gradient of the loss function of object detectors for adversarial attacks.For this purpose,a general loss function is proposed for the mainstream object detectors.Under the premise that the position of the bounding box will not be significantly shifted,only changed the detection category of the object to realize the directional misclassification attack.In this thesis,a large number of experiments are carried out on public data sets and five types of object detectors,and the effectiveness of the algorithm is verified.The highest success rate of the targeted attack is 83.4%.