Research On Key Technologies Of Adversarial Sample Generation In Deep Learning Networks

As artificial intelligence technology is more and more widely used in people's lives,deep learning network research,one of the important branches of artificial intelligence technology,has also become the focus of scientific research.While deep learning networks have demonstrated or even surpassed human performance in the field of image recognition and classification,they also exposed certain security issues.Researchers only need to add well-designed perturbations to the input images to generate adversarial examples to deceive deep learning models,so that they can output incorrect classification results with high confidence.Research on the adversarial sample generation technology of deep learning networks can help people better understand the structure and classification logic of deep learning network models,and find the root causes of misjudgment and missed judgments.On the other hand,it can stimulate deep learning algorithms to continue to optimize and Development,to promote the application of deep learning networks to a wider range of fields and to further improve its performance.This thesis aims to promote the improvement and robustness of deep learning network models by studying adversarial sample generation technology.First of all,this article is inspired by the work in the field of neural network interpretability,and designs a new adversarial sample generation algorithm.This algorithm can effectively overcome the shortcomings of currently commonly used adversarial sample generation algorithms.Then,we further explore the application direction of the algorithm.The main contents of this thesis are as follows:1.This thesis proposes the effective region gradient algorithm ERGA(Effective Region Gradient Algorithm)based on effective region selection.Unlike common adversarial sample generation algorithms that only consider global pixel perturbation,the method proposed in this paper selects more effective regions,thereby having a higher attack success rate and efficiency while changing fewer pixels.In addition,the algorithm also optimizes the generation process of counter disturbances,overcomes the uncertainty of the gradient update direction and amplitude in the iterative process,and repeatedly optimizes the parameters and hyperparameters generated by the deep learning network countermeasure samples to improve the countermeasure samples The overall efficiency of the generation.2.This thesis comprehensively evaluates the performance of the proposed algorithm and compares it with existing algorithms.This article first uses the common adversarial sample generation algorithm and the ERGA algorithm to generate more than 50,000 adversarial samples.Then evaluate the performance indicators of the attack success rate,concealment,robustness and generation speed of these algorithms under black box and white box conditions.Finally,the migration capabilities of these algorithms under common deep learning models are further studied,and their effectiveness is verified on multiple public data sets,and the characteristics and advantages and disadvantages of different algorithms are compared and analyzed.3.This thesis proposes a human-machine recognition method based on adversarial samples.This article first analyzes the shortcomings of the traditional verification code mechanism,and then uses the characteristics of the adversarial sample technology in the deep learning network model to finally design a human-machine recognition method that uses the adversarial sample picture as the image verification code.This method can identify illegal scripts logged in using computer programs with high accuracy,and is difficult to be cracked and broken by attackers.It has high security and proposes a new direction for the application of counter-sample technology.