局部可视对抗扰动生成方法

深度神经网络极易受到局部可视对抗扰动的攻击.文中以生成对抗网络为基础,提出局部可视对抗扰动生成方法.首先,指定被攻击的分类网络作为判别器,并在训练过程中固定参数不变.再构建生成器模型,通过优化欺骗损失、多样性损失和距离损失,使生成器产生局部可视对抗扰动,并叠加在不同输入样本的任意位置上攻击分类网络.最后,提出类别比较法,分析局部可视对抗扰动的有效性.在公开的图像分类数据集上实验表明,文中方法攻击效果较好.

Generation of Localized and Visible Adversarial Perturbations

Deep neural network is susceptible to the disturbance of adversarial attacks.Based on the generative adversarial networks,a novel model of GAN for generating localized and visible adversarial perturbation(G 2LVAP)is proposed.Firstly,the attacked classification network is designated as a discriminator,and its parameters are fixed during the training process.The generator model is constructed to generate localized and visible adversarial perturbations by optimizing fooling loss,diversity loss and distance loss.The generated perturbations can be placed anywhere in different input examples to attack the classification network.Finally,a class comparison method is proposed to analyze the effectiveness of localized and visible adversarial perturbations.Experiments on public image classification datasets indicate that G 2LVAP produces a satisfactory attack effect.