Research On Defense Against Adversarial Examples Based On Deep Neural Network

As a revolutionary technology,deep learning not only brings huge economic and social benefits,but also has serious security problems.Adding elaborate small disturbances to test samples can make neural network output wrong classification.Therefore,it is of great significance for the practical application of artificial intelligence to study the anti sample detection and defense algorithm.In this paper,target model recognition tags are applied to defense and detection fields for the first time,and the tag information is combined with Conditional Generation Antagonism Network(CGAN).Aiming at the problem that the existing antagonism sample defense algorithms can not take into account the defense success rate and defense efficiency at the same time,a CGAN based antagonism sample defense method is proposed.Aiming at the problem of weak adaptability of existing counter sample detection algorithms,a counter sample detection method based on feature processing and CGAN is proposed.The main research results are as follows:1.Aiming at the problem of low universality of existing counter sample defense algorithms,this paper proposes a counter sample defense method Defense-CGAN-R based on CGAN,which can generate specific images without interference.First,the original input sample is fed to the target classifier to get its classification label.Then,the CGAN network generator is used to generate the reconstructed image according to the random noise and its classification label.Finally,the mean square error of the image before and after reconstruction is calculated,and the reconstructed image is selected and fed to the target classification,so as to remove the confrontational disturbance and realize the defense against the sample.2.Aiming at the problem that the existing counter sample detection algorithms can only be applied to specific target models and counter sample attack algorithms,this paper proposes a counter sample detection method Defense-CGAN-D based on feature processing and CGAN by using the denoising characteristics of feature processing and CGAN.Firstly,the original samples are de noised by feature processing,and then the substitute samples generated by CGAN are selected by using the label information and mean variance given by the classifier.Finally,the original input samples are judged to be counter samples according to the threshold.3.Based on Py Charm platform,an experimental environment for Defense-CGAN detection and defense methods is built using Python language.The experimental results show that the detection and defense algorithms presented in this paper have good performance under different models of anti-sample attack algorithms.Compared with many anti-sample detection and defense algorithms,the defense effect is better,the versatility is wide,the portability is strong,the algorithm is not dependent on the neural network structure for defense work,the complexity is low,and the high defense is guaranteed.At the same time,the success rate greatly reduces the time consumption,and more in line with the actual application scenario.