基于自适应噪声添加的防御对抗样本的算法

深度神经网络容易受到对抗样本的攻击。为了解决这个问题,一些工作通过向图像中添加高斯噪声来训练网络,从而提高网络防御对抗样本的能力,但是该方法在添加噪声时并没有考虑到神经网络对图像中不同区域的敏感性是不同的。针对这一问题,提出了梯度指导噪声添加的对抗训练算法。该算法在训练网络时,根据图像中不同区域的敏感性向其添加自适应噪声,在敏感性较大的区域上添加较大的噪声抑制网络对图像变化的敏感程度,在敏感性较小的区域上添加较小的噪声提高其分类精度。在Cifar-10数据集上与现有算法进行比较,实验结果表明,该方法有效地提高了神经网络在分类对抗样本时的准确率。

Algorithm for defense adversarial example based on adaptive noise addition

Deep neural networks are vulnerable to the attack of adversarial examples.To solve this problem,some works trained networks by adding Gaussian noise to the image,thereby improving the ability of the network to defend adversarial examples.But the method did not consider the sensitivity of the network to different areas in the image when adding noise.To solve this problem,this paper proposed an adversarial training algorithm based on gradient guidance noise addition.When training the network,it added adaptive noise to different areas based on the sensitivity,added large noise to the more sensitive areas,suppressed the sensitivity of the network to image changes,added less noise to the less sensitive areas and improved the network classification accuracy.Compared with the existing algorithms on the Cifar-10 dataset,the experimental results show that the proposed method effectively improves the accuracy of neural networks when classifying adversarial examples.