[1]赵俊杰,王金伟.基于SmsGAN的对抗样本修复[J].郑州大学学报(工学版),2021,42(01):50-55.[doi:10.13705/j.issn.1671-6833.2021.01.008]
 ZHAO Junjie,WANG Jinwei,Recovery of Adversarial Examples Based on SmsGAN[J].Journal of Zhengzhou University (Engineering Science),2021,42(01):50-55.[doi:10.13705/j.issn.1671-6833.2021.01.008]
点击复制

基于SmsGAN的对抗样本修复()
分享到:

《郑州大学学报(工学版)》[ISSN:1671-6833/CN:41-1339/T]

卷:
42
期数:
2021年01期
页码:
50-55
栏目:
出版日期:
2021-03-14

文章信息/Info

Title:
Recovery of Adversarial Examples Based on SmsGAN
作者:
赵俊杰1王金伟12
1.南京信息工程大学 计算机与软件学院,江苏 南京 210044;2.中国科学院信息工程研究所 信息安全国家重点实验室,北京 100093
Author(s):
ZHAO Junjie1 WANG Jinwei1 2
1.School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing 210044, China;2.State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
关键词:
Keywords:
deep learning adversarial example image forensics example recovery GAN(generative adversarial network)
分类号:
TP183
DOI:
10.13705/j.issn.1671-6833.2021.01.008
文献标志码:
A
摘要:
对抗样本攻击对于深度卷积神经网络是一个极大的威胁,然而对抗样本本身具有脆弱性,使得其修复成为可能。随机多滤波特征统计生成对抗网络(SmsGAN)以随机多滤波特征统计网络(SmsNet)为判别器,并采用目标引导生成器。在SmsNet中,我们设计了用于获取特征图全局特性的特征统计层,并将每个卷积层输出的特征图直接送到特征统计层,从而实现了对抗样本的高精确度取证。生成器采用多尺度卷积核并行结构避免棋盘效应的产生,损失函数由判别损失和引导损失两部分组成,形成目标引导生成器。对抗样本经过下采样网络获取局部统计特征,再输入SmsGAN得到修复的样本。实验表明,采用SmsGAN修复对抗样本,在保证修复效果的同时可以保持高视觉质量。
Abstract:
Due to adversarial examples′ serious interference to the detection models based on deep learning, a recovery method of adversarial examples based on stochastic multihlter statistical generative adversarial network (SmsGAN) was proposed in this work. To achieve high-precision forensics of adversarial examples, this paper proposed the feature statistical layer in the stochastic multihlter statistical network (SmsNet). The feature map output from each convolution layer was directly transferred to the feature statistical layer to get global feature values. Stochastic multihlter statistical generative adversarial network (SmsGAN) used SmsNet as its discriminator, and its generator used a multi-scale convolution kernel parallel structure to avoid checkerboard artifacts. The generator′s loss function consisted of two parts, discriminative loss and guidance loss, to form a target guidance generator. The adversarial examples entered the down-sampling network to obtain local statistical features, and then these features were sent into SmsGAN for reconstruction to get denoised examples. Using SmsGAN to recover the adversarial examples, the recovery rate reached 91.3%, and the average PSNR reached more than 32. The visual quality was better than the traditional signal processing method, and the purpose of removing the anti-disturbance was achieved.

相似文献/References:

[1]张坚鑫,郭四稳,张国兰,等.基于多尺度特征融合的火灾检测模型[J].郑州大学学报(工学版),2021,42(05):13.[doi:10.13705/j.issn.1671-6833.2021.05.016]
 Zhang Jianxin,Guo Si Jing,Zhang Guolan,et al.Fire Detection Model Based on Multi-scale Feature Fusion[J].Journal of Zhengzhou University (Engineering Science),2021,42(01):13.[doi:10.13705/j.issn.1671-6833.2021.05.016]
[2]薛均晓,武雪程,王世豪,等.基于改进YOLOv4的自然人群口罩佩戴检测研究[J].郑州大学学报(工学版),2022,43(04):16.[doi:10.13705/j.issn.1671-6833.2022.04.020]
 XUE Junxiao,WU Xuecheng,WANG Shihao,et al.A Method on Mask Wearing Detection of Natural Population Based on Improved YOLOv4[J].Journal of Zhengzhou University (Engineering Science),2022,43(01):16.[doi:10.13705/j.issn.1671-6833.2022.04.020]

更新日期/Last Update: 2021-03-15