| 面向对抗样本攻击的移动目标防御 |
| |
| 作者姓名: | 王滨 陈靓 钱亚冠 郭艳凯 邵琦琦 王佳敏 |
| |
| 作者单位: | 1. 浙江科技学院大数据学院,浙江 杭州 310023;2. 浙江大学电气工程学院,浙江 杭州 310058;3. 海康威视数字技术有限公司网络与信息安全实验室,浙江 杭州 310058 |
| |
| 基金项目: | 2019年度杭州市领军型创新团队项目;国家重点研发计划(2018YFB2100400);国家电网公司总部科技项目(5700-202019187A-0-0-00) |
| |
| 摘 要: | 深度神经网络已被成功应用于图像分类,但研究表明深度神经网络容易受到对抗样本的攻击。提出一种移动目标防御方法,通过 Bayes-Stackelberg 博弈策略动态切换模型,使攻击者无法持续获得一致信息,从而阻断其构建对抗样本。成员模型的差异性是提高移动目标防御效果的关键,将成员模型之间的梯度一致性作为度量,构建新的损失函数进行训练,可有效提高成员模型之间的差异性。实验结果表明,所提出的方法能够提高图像分类系统的移动目标防御性能,显著降低对抗样本的攻击成功率。
|
| 关 键 词: | 对抗样本 移动目标防御 Bayes-Stackelberg博弈 |
Moving target defense against adversarial attacks |
| |
| Authors: | Bin WANG Liang CHEN Yaguan QIAN Yankai GUO Qiqi SHAO Jiamin WANG |
| |
| Affiliation: | 1. College of Science, Zhejiang University of Science and Technology, Hangzhou 310023, China;2. College of Electrical Engineering, Zhejiang University, Hangzhou 310058, China;3. Network and Information Security Laboratory, Hangzhou Hikvision Digital Technology Co., LTD, Hangzhou 310058, China |
| |
| Abstract: | Deep neural network has been successfully applied to image classification, but recent research work shows that deep neural network is vulnerable to adversarial attacks.A moving target defense method was proposed by means of dynamic switching model with a Bayes-Stackelberg game strategy, which could prevent an attacker from continuously obtaining consistent information and thus blocked its construction of adversarial examples.To improve the defense effect of the proposed method, the gradient consistency among the member models was taken as a measure to construct a new loss function in training for improving the difference among the member models.Experimental results show that the proposed method can improve the moving target defense performance of the image classification system and significantly reduce the attack success rate against the adversarial examples. |
| |
| Keywords: | adversarial examples moving target defense Bayes-Stackelberg game |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
