| At present,data enhancement has made a lot of substantial progress in standard training,but has not produced significant results in adversarial training,and compared with standard training,the adversarial training of deep neural network requires more data.Therefore,it is very important to find an efficient and suitable data enhancement method for confrontation training.At the same time,the sensitivity of deep neural networks to adversarial attacks,namely the limitation of the adversarial disturbance boundary,promotes the research of building stability models in a larger disturbance range.To solve the above problems,based on deep learning convolutional neural network,this paper conducts in-depth research on data enhancement and boundary robustness of adversarial training.The main research contents are as follows:Firstly,the research background and significance of this topic are briefly described,the current domestic and foreign research status in the field of confrontational training is analyzed,the main problems facing the current confrontational training is described,and the distance algorithm used to constrain the confrontational attack is briefly introduced,and the main research objectives and directions of this paper are introduced.Secondly,in view of the lack of data in confrontational training and the inapplicability of ordinary enhancement,it is proposed to use a variety of data enhancement methods to expand training data,specifically using the combination of standard enhancement and complex enhancement,and using JS divergence loss to encourage the joint learning of different enhancement,so that standard enhancement to guide the learning of complex enhancement.Finally,the batch normalization layer is used to prevent gradient explosion and disappearance,accelerate the network convergence speed and improve the accuracy of the model.Thirdly,aiming at the problem of low robustness of confrontation training model,an efficient two-step defense strategy is proposed.This method improves the training efficiency of the confrontation defense method by reducing the number of attack steps while ensuring the accuracy of the model.With the help of cosine learning rate table and random weight smoothing,the stability and convergence of the model training are enhanced to a certain extent.Finally,in order to improve the disturbance boundary of countermeasure training,the stability of the countermeasure model is achieved in a larger range,so that the model can resist the disturbance that can be sensed but does not change the human(or Oracle)prediction.This chapter proposes a new defense method,Oracle Consistent Adversarial training,which aligns the predictions of the network with those of Oracle during adversarial training.It is further proved that image contrast is proportional to the maximum disturbance boundary predicted by the model label.That is,the higher the range of disturbance the high-contrast image can withstand. |
PDF Full Text Request