Research And Implementation Of Adversarial Defense Algorithm Based On Dwt And Svd

The image recognition technology represented by deep learning develops rapidly and is widely used in many fields such as face recognition,automatic driving,etc..Therefore,the security of neural network model has become an important research direction.One of the existing attack methods is to add imperceptible disturbances to the original image to form adversarial example,which can destroy the integrity of the model and make the deep neural network get the wrong classification result.Most of the existing defense methods are suitable for specific classifiers or some known attack methods,and the range of application is relatively small.To solve this problem,this paper proposes a new idea of adversarial example:by combining Discrete wavelet transform with singular value decomposition,adversarial example is decomposed first and then filtered,which greatly reduces the success rate of attack,the main work and achievements of this paper are as follows:1.Propose and implement a singular value decomposition based adversarial example.In this paper,through the investigation and study of the attack and defense algorithms of adversarial example,we find that the development of adversarial defense is influenced by the development of adversarial attack,and the defense is limited by the structural features of the model and the specific principle of the attack algorithm,therefore,it is difficult to achieve a certain universality.In this paper,based on the commonly used dimension reduction method-singular value decomposition,the image is singular value decomposition as a two-dimensional characteristic matrix,and a adversarial defense algorithm based on singular value decomposition is presented,it’s simple and quick to improve the classification accuracy of the depth model on the adversarial example.2.Propose and implement a adversarial example algorithm based on a combination of Discrete wavelet transform and singular value decomposition.On the basis of the result 1,the image is first decomposed by discrete wavelet to get the low and high frequency components of the image,and then the image features are filtered by singular value decomposition.Compared with the algorithm in 1,the complexity and computation amount are increased,but the defense effect is further enhanced,and can be chosen according to the actual situation in actual use.3.The defense performance of the two algorithms and the main factors that affect the defense performance of 1 and 2 algorithms are summarized.The experimental results show that the algorithms 1 and 2 have a certain degree of defensiveness to different attack methods.The suitable parameter selection methods of the two algorithms,as well as the influence of sample size,sample channel number and the structure of classification model on the defense effect are summarized.The proposed algorithm combines the Discrete wavelet transform and singular value decomposition operations into the adversarial example technology and achieves the desired results.