Research On Adversarial Defense Methods Based On Different Levels

The rapid development of deep learning technology makes it widely used in various fields,including basic reality applications and many security related task applications,which makes the deep learning model the target of attackers.The attacker customized the corresponding attack strategy according to the vulnerability of the deep learning model.This adversarial attack algorithm derived from the weaknesses exposed by the model poses a challenge to the development of the field of image classification.At the same time,it also provides an opportunity to further explore the deep neural network.Driven by attackers,more and more defense mechanisms are proposed to ensure the security of deep learning model.This paper proposes three defense methods from two levels of defense mechanism to reduce the adverse impact of adversarial attack on deep learning model.These three defense methods mainly use the basic principle of sparse representation and the structural advantages of Siamese network to improve the robustness of the model from the perspectives of input conversion and modifying the network structure.Specifically,the research contents of this paper mainly include:Firstly,according to the ideological route of preprocessing strategy,this paper explores how to improve the robustness of the model by performing a series of image transformation operations on the input image.This paper used the random sparsity strategy to eliminate the adversarial disturbance in the input image to the greatest extent,and then introduce whitening processing to reduce the adverse impact of random mechanism on the important features of the image.The experimental results fully prove that the random sparse defense proposed in this paper can achieve effective trade-off between image feature distortion and disturbance attenuation.Secondly,this paper proposes a defense strategy based on Defense-Siamese+ model.Since the adversarial disturbance limits the deployment of deep learning model in practical security sensitive applications,this paper attempts to find a strong enough network to resist the adversarial disturbance.Therefore,different from using the traditional input conversion method to eliminate the disturbance of the input image,this paper uses the structural characteristics of the Siamese network to improve the learning performance of the model on the intra class approximation and inter class difference in the process of model training.Then we design regularization contrast loss function to further enhance the defense ability of Siamese network model.In order to test the defense performance of this method,we use MNIST and Fashion-MNIST data sets to evaluate the defense effect of four attack algorithms on the Siamese network models of FCN,LeNet and AlexNet.The evaluation results show that the Defense-Siamese+ model provides a certain robustness against adversarial attacks without expensive adversarial training,and has a certain universality.Finally,combined with the two different levels of defense strategy,we propose SKNet-Siamese+ defense model to enhance the reliability of image classification model.In this strategy,we first use the double sparse method to convert the input samples,and then we improve the sub network of the Siamese network to make the best use of the structural characteristics of the Siamese network.The experimental results show that the SKNet-Siamese+ defense model not only improves the image quality,but also has cross attack portability.