共查询到20条相似文献,搜索用时 0 毫秒
1.
While malicious samples are widely found in many application fields of machine learning, suitable countermeasures have been investigated in the field of adversarial machine learning. Due to the importance and popularity of Support Vector Machines (SVMs), we first describe the evasion attack against SVM classification and then propose a defense strategy in this paper. The evasion attack utilizes the classification surface of SVM to iteratively find the minimal perturbations that mislead the nonlinear classifier. Specially, we propose what is called a vulnerability function to measure the vulnerability of the SVM classifiers. Utilizing this vulnerability function, we put forward an effective defense strategy based on the kernel optimization of SVMs with Gaussian kernel against the evasion attack. Our defense method is verified to be very effective on the benchmark datasets, and the SVM classifier becomes more robust after using our kernel optimization scheme. 相似文献
2.
This paper proposes a novel model for saliency detection using the adversarial learning networks, in which the generator is used to generate the saliency map and the discriminator is deployed to guide the training process of overall network. Concretely, the training procedure of our model consists of three steps including the training of generator, the training of discriminator, and the training throughout the overall network. The key point of training process lies in the discriminator, which is designed to provide the feedback information for the acceleration of the generator and the refinement of saliency map. Therefore, during the training stage of overall network, the output of the generator, i.e. the coarse saliency map, is fed into the discriminator, yielding the corresponding feedback information. Following this way, we can obtain the final generator with a higher performance. For testing, the obtained generator is employed to perform saliency detection. Extensive experiments on four challenging saliency detection datasets show that our model not only achieves the favorable performance against the state-of-the-art saliency models, but also possesses the faster convergence speed when training the proposed model. 相似文献
3.
《Digital Communications & Networks》2022,8(6):1040-1047
In recent years, we have witnessed a surge in mobile devices such as smartphones, tablets, smart watches, etc., most of which are based on the Android operating system. However, because these Android-based mobile devices are becoming increasingly popular, they are now the primary target of mobile malware, which could lead to both privacy leakage and property loss. To address the rapidly deteriorating security issues caused by mobile malware, various research efforts have been made to develop novel and effective detection mechanisms to identify and combat them. Nevertheless, in order to avoid being caught by these malware detection mechanisms, malware authors are inclined to initiate adversarial example attacks by tampering with mobile applications. In this paper, several types of adversarial example attacks are investigated and a feasible approach is proposed to fight against them. First, we look at adversarial example attacks on the Android system and prior solutions that have been proposed to address these attacks. Then, we specifically focus on the data poisoning attack and evasion attack models, which may mutate various application features, such as API calls, permissions and the class label, to produce adversarial examples. Then, we propose and design a malware detection approach that is resistant to adversarial examples. To observe and investigate how the malware detection system is influenced by the adversarial example attacks, we conduct experiments on some real Android application datasets which are composed of both malware and benign applications. Experimental results clearly indicate that the performance of Android malware detection is severely degraded when facing adversarial example attacks. 相似文献
4.
In this paper, we propose a solution to transform spatially variant blurry images into the photo-realistic sharp manifold. Image deblurring task is valuable and challenging in computer vision. However, existing learning-based methods cannot produce images with clear edges and fine details, which exhibit significant challenges for generated-based loss functions used in existing methods. Instead of only designing architectures and loss functions for generators, we propose a generative adversarial network (GAN) framework based on an edge adversarial mechanism and a partial weight sharing network. In order to propel the entire network to learn image edges information consciously, we propose an edge reconstruction loss function and an edge adversarial loss function to restrict the generator and the discriminator respectively. We further introduce a partial weight sharing structure, the sharp features from clean images encourage the recovery of image details of deblurred images. The proposed partial weight sharing structure improves image details effectively. Experimental results show that our method is able to generate photo-realistic sharp images from real-world blurring images and outperforms state-of-the-art methods. 相似文献
5.
In this paper, we present a novel adversarial embedding scheme named Steganalytic Feature based Adversarial Embedding (SFAE), which is elaborately designed in a non-data-driven style. Firstly, a novel DCTR based adversary is designed to generate adversarial stego images which can not only resist feature based steganalysis but also deep learning based steganalysis. Specifically, our adversary consists of an end-to-end neural network structure, while its inner weights are set according to DCTR rather than learned from datasets. Secondly, we use the minimum distance to the cover in steganalytic space as the criterion to select the optimal adversarial stego image, rather than fooling the adversary. Last but not least, we present two SFAE implementations to adapt to different cases. One is Iterative SFAE, which needs to calculate gradients multiple times. Iterative SFAE is more secure but has higher complexity. It fits the case that the steganographer has adequate computing resources. Another implementation is Oneshot SFAE, which can calculate gradients once. Oneshot SFAE trades the security for lower complexity. It fits the steganographer that has stricter requirements for running time. Experiments demonstrate that SFAE is effective to improve the security of conventional steganographic schemes against the state-of-the-art steganalysis including both feature based steganalysis and deep learning based steganalysis. 相似文献
6.
Underwater images play an essential role in acquiring and understanding underwater information. High-quality underwater images can guarantee the reliability of underwater intelligent systems. Unfortunately, underwater images are characterized by low contrast, color casts, blurring, low light, and uneven illumination, which severely affects the perception and processing of underwater information. To improve the quality of acquired underwater images, numerous methods have been proposed, particularly with the emergence of deep learning technologies. However, the performance of underwater image enhancement methods is still unsatisfactory due to lacking sufficient training data and effective network structures. In this paper, we solve this problem based on a conditional generative adversarial network (cGAN), where the clear underwater image is achieved by a multi-scale generator. Besides, we employ a dual discriminator to grab local and global semantic information, which enforces the generated results by the multi-scale generator realistic and natural. Experiments on real-world and synthetic underwater images demonstrate that the proposed method performs favorable against the state-of-the-art underwater image enhancement methods. 相似文献
7.
针对医学超声图像的分辨率低而导致视觉效果差的问题,使用基于神经网络的图像超分辨率(SR)重建方法提升医学超声图像的分辨率。采用针对自然图像超分辨率重建的生成对抗网络(SRGAN)作为基本方法,通过减少2个输入通道和删除1个残差块对该网络的结构进行更改,并且改进网络损失函数,新增模糊处理数据集,使该网络适应医学超声图像所具备的灰度图像、散斑纹理单一等特点,从而重建出放大4倍的边缘清晰没有伪影的医学超声图像。将改进SRGAN与原始SRGAN的结果相比,峰值信噪比(PSNR)和结构相似性(SSIM)分别有1.792 dB和3.907%的提升;与传统双立方插值的结果相比,PSNR和SSIM分别有2.172 dB和8.732%的提升。 相似文献
8.
针对不同谱段图像获取代价不同的问题,提出一种基于生成对抗网络的图像转换方法。转换过程以肉眼可分辨范围内图像轮廓不变为出发点。首先,通过成对的训练数据对生成器和判别器进行交替训练,不断对损失函数进行优化,直到模型达到纳什平衡。然后用测试数据对上述训练好的模型进行检测,查看转换效果,并从主观观察和客观上计算平均绝对误差和均方误差角度评价转换效果。通过上述过程最终实现不同谱段图像之间的转换。其中,生成器借鉴U-Net架构;判别器采用传统卷积神经网络架构;损失函数方面增加L1损失来保证图像转换前后高、低频特征的完整性。以红外图像与可见光图像之间的转换为例进行实验,结果表明,通过本文设计的生成对抗网络,可以较好地实现红外图像与可见光图像之间的转换。 相似文献
9.
纹理合成是计算机图形学、计算机视觉和图像处理领域的研究热点之一。传统的纹理合成方法往往通过提取有效的特征样式或统计量并在该特征信息的约束下生成随机图像来实现。对抗生成网络作为一种较新的深度网络形式,通过生成器和判别器的对抗训练能够随机生成与观测数据具有相同分布的新数据。鉴于此,提出了一种基于对抗生成网络的纹理合成方法。该算法的优点是不需要经过多次迭代就能够生成更真实纹理图像,且生成图像在视觉上与观测纹理图像一致的同时具有一定随机性。一系列针对随机纹理和结构性纹理的合成实验验证了该算法的有效性。 相似文献
10.
11.
Conventional face image generation using generative adversarial networks (GAN) is limited by the quality of generated images since generator and discriminator use the same backpropagation network. In this paper, we discuss algorithms that can improve the quality of generated images, that is, high-quality face image generation. In order to achieve stability of network, we replace MLP with convolutional neural network (CNN) and remove pooling layers. We conduct comprehensive experiments on LFW, CelebA datasets and experimental results show the effectiveness of our proposed method. 相似文献
12.
作为深度学习技术的核心算法,深度神经网络容易对添加了微小扰动的对抗样本产生错误的判断,这种情况的出现对深度学习模型的安全性带来了新的挑战。深度学习模型对对抗样本的抵抗能力被称为鲁棒性,为了进一步提升经过对抗训练算法训练的模型的鲁棒性,该文提出一种基于信息瓶颈的深度学习模型对抗训练算法。其中,信息瓶颈以信息论为基础,描述了深度学习的过程,使深度学习模型能够更快地收敛。所提算法使用信息瓶颈理论提出的优化目标推导出的结论,将模型中输入到线性分类层的张量加入损失函数,通过样本交叉训练的方式将干净样本与对抗样本输入模型时得到的高层特征对齐,使模型在训练过程中能够更好地学习输入样本与其真实标签的关系,最终对对抗样本具有良好的鲁棒性。实验结果表明,所提算法对多种对抗攻击均具有良好的鲁棒性,并且在不同的数据集与模型中具有泛化能力。 相似文献
13.
胶囊网络(Capsule Network,CapsNet)通过运用胶囊取代传统神经元,能有效解决卷积神经网络(Conventional Neural Network,CNN)中位置信息缺失的问题,近年来在图像分类中受到了极大的关注.由于胶囊网络的研究尚处于起步阶段,因此目前大多数胶囊网络研究成果在复杂数据集上表现的分类... 相似文献
14.
本文针对仅有少量带标签样本时如何提高大量未标 注样本分类的的鲁棒性和准确性问题,提出一种 基于改进的半监督生成对抗网络(semi-supvised generative adversarial networks,SGAN) 的乳腺癌图像分类方法。该方法在输出层使用Softmax 函数 替代 Sigmoid 函数实现多分类。首先将随机向量输入到生成网络中,生成伪样本并标记为伪样本 类进行训 练。接着将真实标签样本、真实无标签样本和伪样本输入到判别网络中,输出为不同类概率 值;然后采 用半监督训练方法反向传播更新参数;最后实现对乳腺癌病理图像的分类,标注样本数量分 别为25、 50和200,最终准 确率达到95.5%。实验结果表明,当标注 样本有限时,本文算法的准确 率具有良好 的鲁棒性。本文算法相比于使用卷积神经网络和迁移学习(tranfer learning,TL)等分类方法准确率有了显著提高。 相似文献
15.
对于小样本电磁信号识别,数据增强是一种最为直观的对策。利用生成对抗网络(GAN)产生虚假信号样本,设计粗粒度和细粒度筛选机制对生成信号进行筛选,剔除质量较差的生成信号,实现训练样本集的有效扩充。为验证所提数据增强算法的有效性,在RADIOML2016.04C数据集上进行测试。实验结果表明,本文所提方法对小样本电磁信号识别准确率有较好的提升效果。 相似文献
16.
17.
分布式电源由于其出力存在不确定性的特点对配电网的规划有着明显的影响,为使规划结果更加合理,需对其出力的不确定性进行建模。首先利用改进的条件生成对抗网络模型对风电和光伏出力的不确定性进行建模,在模型中加入月份标签信息以生成具有时序特性的风电和光伏出力场景,并通过K-means聚类方法对生成的大量场景进行聚类。其次,建立了以年综合费用最小为目标的分布式电源优化配置模型,通过二阶锥松弛方法将模型转换为混合整数二阶锥规划问题快速求解。最后,通过IEEE 33节点算例系统验证构建模型的有效性。 相似文献
18.
19.
This paper proposes AMEA-GAN, an attention mechanism enhancement algorithm. It is cycle consistency-based generative adversarial networks for single image dehazing, which follows the mechanism of the human retina and to a great extent guarantees the color authenticity of enhanced images. To address the color distortion and fog artifacts in real-world images caused by most image dehazing methods, we refer to the human visual neurons and use the attention mechanism of similar Horizontal cell and Amazon cell in the retina to improve the structure of the generator adversarial networks. By introducing our proposed attention mechanism, the effect of haze removal becomes more natural without leaving any artifacts, especially in the dense fog area. We also use an improved symmetrical structure of FUNIE-GAN to improve the visual color perception or the color authenticity of the enhanced image and to produce a better visual effect. Experimental results show that our proposed model generates satisfactory results, that is, the output image of AMEA-GAN bears a strong sense of reality. Compared with state-of-the-art methods, AMEA-GAN not only dehazes images taken in daytime scenes but also can enhance images taken in nighttime scenes and even optical remote sensing imagery. 相似文献
20.
胶囊网络是一类有别于卷积神经网络的新型网络模型。该文尝试提高其泛化性和精准性:首先,利用变分路由来缓解经典路由对先验信息依赖性强、易导致模型过拟合的问题。通过使用高斯混合模型(GMM)来拟合低级矩阵胶囊,并利用变分法求取近似分布,避免了参数最大似然点估计的误差,用置信度评估来获得泛化性能的提高;其次,考虑到实际数据大多无标签或者标注困难,构建互信息评价标准的胶囊自编码器,实现特征参数的有效筛选。即通过引入局部编码器,只保留胶囊中对原始输入识别最有效的特征,在减轻网络负担的同时提高了其分类识别的精准性。该文的方法在MNIST, FashionMNIST, CIFAR-10和CIFAR-100等数据集上进行了对比测试,实验结果表明:该文方法对比经典胶囊网络,其性能得到显著改善。 相似文献