Font Size: a A A

Adversarial Defense Research Integrating RobGAN And Adversarial Domain Adaptation Network

Posted on:2024-05-08Degree:MasterType:Thesis
Country:ChinaCandidate:Y X AiFull Text:PDF
GTID:2568307106453154Subject:Cyberspace security
Abstract/Summary:
In recent years,with the rapid iteration of computer computing power,deep learning has made a huge leap forward.However,with its advantage appeared,its vulnerability was also found by people.In the field of image recognition and classification,adversarial attacks aim to add subtle perturbation that are invisible to the human to the sample,so as to form adversarial samples that can confuse the output of deep learning classifiers,which poses a huge security risk to the development of deep learning.For example,in the field of autonomous driving,if the car recognition system is subjected to adversarial attacks,it may cause the road sign "STOP" to be incorrectly recognized as other categories,which will cause traffic accidents and other problems.Therefore,it is particularly important to correctly identify the adversarial samples and carry out the research of adversarial defense.Adversarial learning is one of the core ideas to study adversarial defense,which has attracted plentiful researchers because of its good performance in defense effect.For example,two defense methods,adversarial training and RobGAN,show excellent performance in improving the robustness of the model,but both of them ignored the correlation between the original sample domain and the adversarial sample domain,which affects the defense effect.The purpose of adversarial domain adaptation is to find the correlation between the source domain and the target domain.Therefore,this paper considers combining RobGAN with adversarial domain adaptation for adversarial defense to further improve the robustness of the model.Follow was i focused on:1)This paper proposes a RobDANN defense model combining RobGAN and adversarial domain adaptation network.Adversarial domain adaptation network is introduced in RobDANN to replace the second-stage training module in RobGAN to learn the domain correlation features between the original samples in the source domain and the adversarial samples in the target domain.The experiments prove that RobDANN has good generalization ability based on different network structures such as Alex Net,VGG,Res Net,and compared with the three defense methods of adversarial training,RobGAN defense,and ISEAT.The experimental results presents that RobDANN has improved the recognition rate of adversarial samples.2)The attention mechanism is introduced into the RobDANN defense model to further propose an improved defense model Att-RobDANN.For extracting more significant transfer features,reduce the negative effects of counter disturbance features,the attention mechanism is added to the feature extractor module,and the feature extractor learns significant sample features and domain invariant features,After adding the attention mechanism,the final experimental results present that the defense effect is further improved.3)Finally,the Att-RobDANN defense model is applied to the image classification system,and an adversarial defense system is designed.Compared with other adversarial defense systems,the Att-RobDANN defense model can recognize adversarial samples and original samples without adding additional models.
Keywords/Search Tags:Adversarial example, Adversarial defense, DANN, GAN
Related items