| 基于生成对抗网络的对抗样本集成防御 |
| |
| 引用本文: | 曹天杰,余志坤,祁韵妍,杨睿,张凤荣,陈秀清. 基于生成对抗网络的对抗样本集成防御[J]. 四川大学学报(工程科学版), 2022, 54(2): 56-64 |
| |
| 作者姓名: | 曹天杰 余志坤 祁韵妍 杨睿 张凤荣 陈秀清 |
| |
| 作者单位: | 中国矿业大学 计算机科学与技术学院,中国矿业大学计算机科学与技术学院,中国矿业大学计算机科学与技术学院,中国矿业大学 计算机科学与技术学院,中国矿业大学计算机科学与技术学院,徐州医科大学 医学信息与工程学院 |
| |
| 基金项目: | 中国博士后科学基金资助项目(2020T130098ZX);江苏省博士后科研计划资助项目(1701061B);国家自然科学基金(61972400) |
| |
| 摘 要: | 针对现有对抗样本防御方法防御能力不足、时间消耗过高等问题,参考生成对抗网络与集成学习在对抗样本研究中的优势,本文提出一种基于生成对抗网络的对抗样本集成防御方法.该方法使用生成对抗网络训练多个能够消除对抗样本表面对抗扰动的生成器,使用集成学习方法将多个生成器进行集成作为最终的防御.该方法的生成对抗网络由生成器和判别器组成...
|
| 关 键 词: | 对抗样本 对抗样本防御 推理模型 生成对抗网络 |
| 收稿时间: | 2021-02-26 |
| 修稿时间: | 2021-10-08 |
Ensemble Adversarial Example Defense Based on Generative Adversarial Network |
| |
| CAO Tianjie,YU Zhikun,QI Yunyan,YANG Rui,ZHANG Fengrong,CHEN Xiuqing. Ensemble Adversarial Example Defense Based on Generative Adversarial Network[J]. Journal of Sichuan University (Engineering Science Edition), 2022, 54(2): 56-64 |
| |
| Authors: | CAO Tianjie YU Zhikun QI Yunyan YANG Rui ZHANG Fengrong CHEN Xiuqing |
| |
| Affiliation: | Department of Computer Science and Technology,China University of Mining and Technology,School of Computer Science and Technology,China University of Mining and Technology,School of Computer Science and Technology,China University of Mining and Technology,School of Computer Science and Technology,China University of Mining and Technology,School of Computer Science and Technology, China University of Mining and Technology,School of Medicine Information and Engineering,XuZhou Medical University,XuZhou |
| |
| Abstract: | Given the bottlenecks of existing adversarial example defense schemes, such as insufficient defense capability and high time consumption, an ensemble adversarial example defense scheme based on the generative adversarial network was proposed in this paper, by taking the advantages of the generative adversarial network and the ensemble learning in adversarial example research. In the scheme, a generative adversarial network was used to train multiple generators that can eliminate adversarial perturbations on the surfaces of adversarial examples, and the ensemble learning was used to integrate multiple generators as the final defense. The generative adversarial network was composed of generator and discriminator. While the generator takes adversarial examples as inputs and its purpose is to eliminate adversarial perturbations on the surface of adversarial examples, the discriminator takes benign examples and examples after eliminating the adversarial perturbations as inputs and its purpose is to distinguish them. The generator and discriminator were trained alternately, and the generator reaches to its best when the discriminator cannot distinguish them. The averaging method was adopted by the integration defense adopts as the integration strategy to learn from each other. Furthermore, the ability of a single defense is improved by averaging the defense results of multiple generators. The time consumption of defense was reduced by pre-training generators and the defense ability was improved by integrating multiple generators. Finally, the time consumption and defense ability of the proposed scheme was verified on the MNIST and CIFAR10 dataset. With the classification accuracy as the evaluation index, the defense ability of the proposed scheme on six kinds of adversarial examples was verified, and compared with seven existing defense schemes. Results showed that the proposed scheme can defend against multiple adversarial examples with very low time consumption, and its defense ability is better than the existing defense schemes. |
| |
| Keywords: | adversarial example adversarial example defense inference model generative adversarial network |
|
| 点击此处可从《四川大学学报(工程科学版)》浏览原始摘要信息 |
|
点击此处可从《四川大学学报(工程科学版)》下载全文 |
|
