基于U-Net的对抗样本防御模型

对抗攻击是指对图像添加微小的扰动使深度神经网络以高置信度输出错误分类。提出一种对抗样本防御模型SE-ResU-Net，基于图像语义分割网络U-Net架构，引入残差模块和挤压激励模块，通过压缩和重建方式进行特征提取和图像还原，破坏对抗样本中的扰动结构。实验结果表明，SE-ResU-Net模型能对MI-FGSM、PGD、DeepFool、C&W攻击的对抗样本实施有效防御，在CIFAR10和Fashion-MNIST数据集上的防御成功率最高达到87.0%和93.2%，且具有较好的泛化性能。

Adversarial Example Defense Model Based on U-Net

Adversarial attack refers to adding a small disturbance to the image to make the deep neural network output the wrong classification with high confidence.An adversarial sample defense model named SE-ResU-Net is proposed, based on the image semantic segmentation network U-Net architecture, the residual module and the extrusion excitation module are introduced, and feature extraction and image restoration are performed through compression and reconstruction methods, destroying the perturbation structure in the adversarial sample.Experimental results show that SE-ResU-Net can effectively defend against MI-FGSM, PGD, DeepFool, and C&W attack adversarial samples.The defense success rate on CIFAR10 and Fashion-MNIST datasets is up to 87.0% and 93.2%, and has good generalization performance.