Research And System Implementation Of Deep Learning Based Adversarial Example Generation Algorithm

With the rapid growth of the Internet,the number of images and short videos has exploded,a trend that has driven the development of deep hash retrieval technology.However,large-scale retrieval may capture the online behavior and activities of users,such as some social media collecting images posted by users to social platforms.Such behavioral surveillance may be for purposes such as advertising or personalized recommendations,but may cause discomfort to users or be perceived as an invasion of privacy.Protecting privacy is protecting the interests and security of users,some studies have shown that adversarial examples can be used to protect private user information in images from being retrieved by deep learning models.In this context,this thesis investigates the current problem of adversarial example generation technology in the field of deep hash retrieval,and designs and implements an adversarial example generation system to help users generate adversarial examples of images to protect privacy.The research in this thesis is mainly as follows:In terms of local adversarial perturbation generation,a method for generating universal adversarial patches based on the EOT(Expectation Over Transformation)framework is proposed in order to solve the problems of scenario limitations and weak transferability of existing adversarial patch generation methods in the field of deep hash retrieval.The method uses voting to select the most representative hash codes of the target retrieval category,transforming the set-to-set problem into a set-to-point problem and reducing the computational effort.The pixel values of the adversarial patches are updated after applying position transformations and rotations to the adversarial patches in multiple scenes,and the adversarial patches obtained after iterative training have strong generalization ability.In order to obtain the adversarial patches with stronger transferability,the method of integrating multiple models as alternative models is proposed,and the expectations of the alternative models are used to train the adversarial patches.The experimental results show that the above method can significantly improve the transferability and generalization of the adversarial patches.In terms of global adversarial perturbation generation,an adversarial example generation method based on GAN(Generative adversarial network)framework is proposed to address the shortcomings of existing adversarial example generation algorithms for deep hash retrieval in terms of the number of iterations,time consumption,visual effect and targeted attack capability.The method uses an improved GAN loss function,namely RGAN loss,to improve the visual effect of the adversarial examples.At the same time,triplet loss function is used to distant the distance between the adversarial example and the original example in Hamming space and to close the distance between the adversarial example and the target class example,so as to improve the directed attack ability of the adversarial example.The experimental results show that the method of generating adversarial examples based on the GAN framework has the advantages of short generation time,strong directed attack capability and good visual effect,and is suitable for practical scenarios with high real-time requirements.Based on these adversarial example generation algorithms,an adversarial example generation system is designed and implemented in this thesis.The system includes functions such as deep hash retrieval,local adversarial patch generation and global adversarial perturbation generation.Test results show that the system can effectively generate adversarial examples to avoid users’ information from being retrieved and to protect users’ privacy.