Research On Generation Technology Of Adversarial Samples Based On Internet Of Vehicles

With the gradual maturity of artificial intelligence technology,the rapid development of smart transportation and driverless driving,the Internet of Vehicles industry is showing a booming trend.The integration of comprehensive network links such as vehicles and clouds,vehicles and vehicles,vehicles and roads,and vehicles and people is becoming more and more integrated,and the security challenges that follow are more severe.Among the many security issues of the Internet of Vehicles,the attack methods used by the attackers are becoming more and more abundant,showing a variety of manifestations for different fields.In recent years,adversarial sample technology,as a brand-new attack method,is gradually appearing in people’s field of vision.Adversarial examples are generated by artificially adding some small perturbations to clean samples.Although human recognition will not be affected by adversarial examples,the model can misclassify them with high confidence.Introducing adversarial sample attacks into the Internet of Vehicles scenario through artificial intelligence technology may cause serious security incidents and pose a serious threat to the application of artificial intelligence in the field of Internet of Vehicles.The current research on adversarial examples is mainly concentrated in the field of computer vision,and its research in the field of Internet of Vehicles security is still in its infancy.Therefore,by carrying out research on the generation of adversarial samples in Internet of Vehicles security,it can provide ideas for analyzing and solving problems for the subsequent construction of effective adversarial sample defense technologies.Aiming at the defects and deficiencies of existing black-box adversarial sample generation methods,this paper focuses on the gradient optimization and migration of adversarial samples,and conducts in-depth research and discussion on the basis of the existing research on adversarial sample generation algorithms.Therefore,this paper has done the following work:(1)Propose an adversarial example generation algorithm(NAE)based on Nesterov momentum gradient optimization.The traditional iteration-based adversarial example generation algorithm has the problem that the generated adversarial perturbation tends to fall into the local extremum region during the iterative process,resulting in "overfitting" of the generated adversarial examples.The NAE algorithm proposed in this paper introduces the Nesterov momentum gradient optimization method.This gradient optimization algorithm can calculate the gradient of the future position according to the accumulated momentum,and superimpose it into the update amount of the adversarial sample parameters,so that the adversarial samples can be updated during the update process.To a certain extent,it avoids falling into the situation of poor local extremum,and effectively improves the attack performance of adversarial samples.(2)Propose an adversarial example generation algorithm(RNT-NAE)based on RNT(Random Transform)data enhancement.The RNT data enhancement algorithm is used to randomly transform the original samples according to the transformation probability during the training process,but the content of the image is not changed.Then input the data-enhanced samples into the NAE algorithm framework to generate the final adversarial samples,so as to improve the migration of adversarial samples and achieve more efficient black-box attacks.(3)The proposed NAE algorithm and RNT-NAE algorithm are simulated and verified by using public data sets.The feasibility and effectiveness of the adversarial sample algorithm proposed in this paper are verified by comparative analysis from the aspects of attack effect,attack ability and hyperparameter influence.