Research And Application Of Transferable Adversarial Sample Generation Technology In Object Detection Task

In recent years,object detection technology has been widely used in important fields such as security,transportation,and industrial manufacturing.With the development of deep learning,the detection accuracy and efficiency of object detection models based on neural networks have been greatly improved.While deep learning algorithms have good generalization,they also expose their vulnerabilities,and the emergence of adversarial samples has caused many algorithm models,including target detection,to face serious security threats.Studying the generation method of transferable adversarial samples in complex decision-making tasks will arouse the vigilance of researchers in related fields to the security of algorithm models,accelerate the research process of more extensive adversarial defense methods,and provide a reference for enhancing the robustness of algorithm models.Therefore,based on the effectiveness and transferability of adversarial samples in object detection tasks,this thesis conducts research on the generation method of adversarial samples.The main work includes:(1)For the current object detection adversarial sample generation method only targets a single type of model,resulting in poor transferability,propose a global perturbation integrated model neighbor gradient sample generation method.Combined with classification and regression problems,the gradient information of neighbor samples is introduced to correct the adversarial gradient under a single disturbance,and at the same time,the common gradient of different models is fused to The adversarial examples in the public space are generated,and the effectiveness of the algorithm is verified by comparative experiments.(2)Aiming at the problem that weak perturbations generated under global perturbations are easily erased,resulting in insufficient versatility of adversarial samples,propose a general patch space transform generation method for part locations.Combined with general perturbation technology,the migration of adversarial patches is analyzed from the perspective of image data enhancement,and an adversarial transformation network capable of mapping advanced spatial transformations is constructed using the algorithm in(1),and the optimal generation method of adversarial patches is found through ablation experiments,which is conducive to fast generating effective adversarial examples.(3)Develop a migration sample generation system for object detection.The system integrates(1)and(2)adversarial sample generation algorithms and various object detection models,data sets,etc.,and provides external adversarial sample generation services and sample detection evaluation under different model parameters.At the same time,the system has good scalability to cope with the continuous expansion of generation algorithms and models.This thesis conducts research on adversarial sample generation in the field of object detection,proposes two generation methods under global and local perturbations,and develops and tests an intelligent system that integrates sample generation,evaluation,and visualization.The results show that the global perturbation of the VOC dataset can increase the attack success rate by 24% under migration,while the local patch of the INRIA dataset can reach 99% attack success rate on YOLOv3,and retain 54% attack success rate under the migration of the Faster RCNN model.Therefore,the adversarial samples generated by the two methods in this thesis generally have stronger adversarial effectiveness and transferability,and provide technical support for the development of adversarial sample defense and model robustness evaluation.