Research And Implementation On Defense Mothods Against Image Adversarial Examples

With the rapid development of computer performance and deep neural networks,artificial intelligence technology based on deep learning has made major breakthroughs and has been gradually implemented in industrial production environments.At the same time,the security problems of artificial intelligence have also emerged.Some studies have shown that the current deep neural network model has attack"vulnerabilities",that is,by adding well-designed perturbed adversarial samples to clean samples,it can make The deep network model outputs wrong classification results with high confidence,and the existence of adversarial examples makes the deep learning model feel threatened.information.At present,the mainstream adversarial sample defense methods are mainly based on supervised learning with labeled data,and there is currently less work on semi-supervised methods based on unlabeled data to implement defense against adversarial examples.At present,the robustness of image adversarial sample defense methods based on labeled data needs to be improved,and the defense effect of adversarial samples in the sample space close to the decision boundary is not ideal.However,although using additional labeled data to expand the sample space for defense is feasible,the cost is too high.In view of the above problems,this paper firstly conducts research on relatively cheap unlabeled data and its algorithm,and determines the role of the sample space of the unlabeled data correction model.On this basis,a noisy selftraining defense distillation algorithm based on unlabeled data is proposed.First,use unlabeled data to expand the model’s ability to represent the sample space,which can significantly reduce the cost with the same amount of labeled data.Then use the adjusted self-training method to jointly learn the features of the unlabeled data and the original data,and finally combine the defense distillation algorithm to defend against image adversarial examples.In this thesis,the convolutional neural network with WideResNet structure is used,which helps to improve the model’s ability to represent more data.Supervised training and semi-supervised selftraining with noise are performed on the CIFAR-10 dataset and TinyImages dataset,respectively.The distillation method and related methods are compared experimentally,and it is verified that this algorithm can significantly improve the defense ability of the model against adversarial samples.Based on this method,this thesis designs and implements an image adversarial sample defense system.The adversarial example defense system in this thesis is used on a client written based on Qt.The main modules of the system include an input data module,an adversarial sample attack module,and an adversarial sample defense module.This thesis introduces the frame composition of the system and the function of each module in detail.The usability and effectiveness of the system are verified by testing the image adversarial sample defense system.