Research On Key Technologies Of Proactive Defense For Adversarial Example

Artificial intelligence technologies,especially deep learning,have developed rapidly in recent years,and have made significant progress in many fields.However,the unexplainable black-box characteristic of deep learning models causes them to have endogenous security problems which are ineluctable.Attackers can use the weakness of the algorithms to construct adversarial examples that can deceive models and lead to wrong predictions,therefore achieving malicious purposes.The current passive adversarial defense methods are usually determinacy,monotonicity,and quiescent,causing them unable to effectively respond to diverse and adaptive adversarial attacks.On the other hand,proactive defense technologies aim to increase the difficulty and cost of attackers through random,redundant,heterogeneous,dynamic,and other mechanisms to improve the security of the system,which has been fully verified in the network security field.Therefore,the research on proactive defense technologies of adversarial examples is an important development direction to enhance the security of deep learning.Despite the research on proactive defense in the adversarial environment having made some breakthroughs,there are still some problems that need to be solved,especially in adversarial detection,adversarial recovery,and security framework.First,the existing adversarial detection technologies have several problems including static characters of the method,strong dependence on learned adversarial features,and poor flexibility of the detection module,therefore can not consider both universality and robustness.Secondly,adversarial recovery models with the same structures have similarities in model feature extraction leading to shared adversarial vulnerabilities.And existing adversarial recovery techniques lack ensemble learning and image fusion methods,which limit the recovery effect based on the reconstructed models.Thirdly,the current research on adversarial proactive defense framework is relatively lacking,which lacks a flexible and reliable security architecture for deep learning systems.To solve the above key problems,this paper constructs a proactive defense framework for different security requirements against adversarial examples.The main works are as follows:1.An adversarial detection method based on random and redundant mechanisms is proposed.By randomly masking and recovering partial pixel patches from the image,this method projects the adversarial perturbations onto the normal manifold and screens the adversarial examples according to the detection strategies and the prediction results of the reconstructed images and the input image.This method guarantees a stable and good detection ability in the face of all kinds of attack types and strengths.At the same time,due to the decoupling from the target module,it has a strong ability for defense migration,function expansion,and security requirements adjustment.2.An adversarial recovery method based on heterogeneous reconstruction models ensemble learning is proposed.This method uses the loss of mean square error based on pixel recovery and the loss of cross-entropy based on label recovery as learning objectives and dynamically adjusts the learning rate of benign and adversarial examples with the loss backward propagation ratio as a penalty during training.This method can train different heterogeneous reconstruction models without modifying their structures and can improve the ability of the ensembled models under different adversarial attack types and intensities.Additionally,it can balance well when recovering benign and adversarial examples and shows a certain defense migration ability with different target models.3.Based on the proactive defense methods mentioned above,a random,redundant,heterogeneous,and dynamic proactive defense framework against adversarial examples is proposed.This framework adds a target models pool to reduce the possibility of the protection model being exploited by attackers.Setting up a heterogeneous reconstruction models pool prevents attackers from discovering the patterns of adversarial recovery.The added function scheduling module enables the framework to switch between detection-based and recovery-based functions for different security needs.The experimental results show the feasibility and validity of the framework.