Research on integrated adversarial defense model based on image noise reduction
Xue Chenhao1,,Du Jinhao2,,Liu Yongrui1,Yang Jing1
(1National Computer Network Emergency Response Technical Team/Coordination Center of China(Shanxi), Taiyuan 030002, China; 2National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100083, China)
Abstract: The rapid development of deep learning makes it widely used in many fields such as image recognition and natural language processing. However, scholars have found that deep neural networks are easily deceived by adversarial examples, making them output wrong results with a high degree of confidence. The emergence of adversarial examples poses a great threat to systems with strict security requirements. This paper denoises the image at the lowlevel (LowLevel Feature) and highlevel features (HighLevel Feature) to improve the defense performance of the model. At the lower layer, a denoising autoencoder is trained, and the idea of integrated learning is used to combine autoencoder, Gaussian perturbation, and image mask reconstruction; the upper layer makes minor changes to ResNet18 and adds mean filtering. Experimental results show that the method proposed in this paper has better performance on the classification task of multiple data sets.
Key words : adversarial examples; integrated learning; denoising autoencoders; highlevel features