Research On Adversarial Examples Generation Methods For Image Classification Tasks

In the field of deep learning-based image classification,the aim of adversarial example generation is to make deep neural networks misclassify and thus verify the robustness and security of the attacked network.As an important branch of artificial intelligence,adversarial example generation methods play an important role in the safe implementation of many vision tasks.Currently,the task of generating adversarial examples is challenging because existing adversarial example generation methods usually do not have access to information about the target network under attack and do not have frequent access to the target network.To address the shortcomings of existing adversarial example generation methods,we analyse the current state of research at home and abroad and combine the working characteristics of deep neural networks to conduct an in-depth study on how to better generate adversarial examples.Firstly,a brief introduction to the image classification task scenario and the deep neural network under attack for the proposed adversarial example generation method,and a description of the application scenario of the proposed method.Secondly,in order to solve the problem of adversarial example generation for small-sized examples in a NoBox attack environment,the characteristics of different levels of feature maps extracted by existing deep neural networks for image classification tasks are used as a starting point to explore the adversarial example generation method based on feature map fusion.The effect of different weighted feature maps on the final classification results is analysed,and an attention mechanism is introduced to assign weights to the feature maps extracted by each convolutional layer.A base network is constructed for selecting high-weight feature maps,and the selected feature maps are modified using random pixel point values to generate perturbation feature maps for each layer.Fusing the perturbation feature maps at each level to generate the adversarial perturbations and adding them to the original input examples to generate the adversarial examples.Thirdly,in order to solve the problem of generating adversarial examples for large-size examples in a NoBox attack environment,a key feature-based adversarial example generation method is designed by analysing the similarities and differences of the features extracted from the convolutional layers in different existing deep neural networks.Multiple mask examples are generated based on the original input examples using random pixel discard,and multiple mask examples are used to calculate the aggregated gradient and generate global perturbed images based on the selected convolutional layers in the source deep neural network.Fusing the heat map generated based on the original input examples with the global perturbed images to generate the adversarial examples.Finally,parameter selection experiments and comparative analysis with other methods based on CIFAR-10,MNIST and Image Net datasets to verify the effectiveness of the two adversarial example generation methods proposed in this paper.