| With the continuous development of Deep Learning technology,Artificial Intelli-gence(AI)began to penetrate into thousands of households and played a very important role in various fields.However,while artificial intelligence is convenient for people's life,they are fac-ing many serious problems due to their own shortcomings.Among them,the adversarial attack has brought great trouble to the application of artificial intelligence because of its simplicity and high success rate.According to the attacker's different knowledge of target model,the adversarial attack can be divided into white-box attack and black-box attack.In the white-box attack,the attacker can enter the model,obtain the gradient and other key information,construct subtle perturbation according to the gradient information and add them to the original samples,so as to generate highly aggressive adversarial examples.Although adversarial training has become the best choice to defend against such attacks,it still has some defects in the trade-off between maintaining the original accuracy and improving the adversarial accuracy.In the black-box attack,the query-based attack has strong practical significance.Attacker continuously fine-tune the attack examples accord-ing to the feedback of the target model and the optimization algorithm through continuous query of the target model,until a high attack success rate is achieved.To Defend against such attacks,building an intrusion detection system have good results,but the current scheme still has great room for improvement in efficiency and accuracy.In order to meet the above challenges,this thesis further studies the defense technol-ogy for adversarial examples,and proposes two defense schemes for two different attack scenarios:1.Specific adversarial training scheme based on PGD attack.Based on the analysis of the shortcomings of traditional PGD adversarial training,this scheme points out that it is unreasonable to use fixed perturbation and hard label in the training process.A binary search algorithm based on momentum is proposed to generate specific data points,and an improved label smoothing method is used to generate specific labels. Experiments show that this scheme has more advantages than the existing work in maintaining the original accuracy and improving the confrontation accuracy.2.Intrusion detection system against black box attack.This scheme constructs an ef-ficient intrusion detection system based on triple loss.The system receives three inputs and can accurately judge whether there are two identical images in the input.At the same time,different detection algorithms are designed according to differ-ent types of attackers.Experiments show that this scheme can effectively detect potential attackers and maintain low storage overhead. |
PDF Full Text Request