Research And Implementation Of Multi-resolution Migration Method For Image Recognition Attack And Defense

Deep learning promotes the rapid development of intelligent technique and is widely used in the field of vision to deal with some complex problems,among which image recognition is the core basic task.However,it is found that adversarial examples with noise disturbance can cause serious recognition errors in deep learning.In recent years,Adversarial Patch algorithm(Adversarial Patch)has proposed a novel adversarial example generation method,but in the practical application scenario,the Adversarial Patch algorithm does not have good multiresolution migration attack capability.The semantic information will have a serious distortion failure,when the adversarial patch scales with the image.In order to study and solve this problem,this paper proposes a multi-resolution migration attack method,and a corresponding defense method against this kind of attack is also proposed.The main research work and contributions of this paper are as follows:(1)Design and implementation of multi-resolution migration attack method.The idea of superpixel is introduced,and pixel block is used as the basic update unit of the patch.By using the redundancy of pixels in the pixel block,the loss of feature information during the scaling of the adversarial patch is reduced.Then,the ensemble model is used as the black-box indicator to optimize the update process of the patch to solve the problem of noise space shrinking caused by pixel block update.Finally,the attention mechanism is used to analyze and extract the feature region of the noise,and the redundant noise information is removed at the same time.The final SRA Patch(Scaling Resilient Adversarial Patch)is obtained.In addition,relevant comparison and ablation experiments are also designed and implemented in this paper.Compared with existing local noise attack methods,SRA Patch has good multi-resolution attack transferability.(2)Design and implementation of multi-resolution adversarial example defense method.The Grad-CAM module is used to locate and mark the adversarial patch region,and then noise processing is performed on the region based on the normalized gradient information to weaken the attack effect of the local noise.Finally,the comparison and ablation experiments are designed and implemented to prove that our method can effectively defend the multi-resolution adversarial examples.(3)This paper designs and implements a multi-resolution migration attack and defense system,which can visually display the results of multiresolution migration attack method and multi-resolution adversarial examples defense method.Users can upload local images to verify attack and defense methods in real time.Finally,the performance of our system is tested and evaluated.