基于生成对抗网络的多目标类别对抗样本生成算法

计算机科学 ›› 2022, Vol. 49 ›› Issue (2): 83-91.doi: 10.11896/jsjkx.210800130

• 计算机视觉:理论与应用 • 上一篇下一篇

基于生成对抗网络的多目标类别对抗样本生成算法

李建, 郭延明, 于天元, 武与伦, 王翔汉, 老松杨

国防科技大学系统工程学院长沙410073

收稿日期:2021-08-15 修回日期:2021-10-12 出版日期:2022-02-15 发布日期:2022-02-23
通讯作者: 郭延明(guoyanming@nudt.edu.cn)
作者简介:li_jian@nudt.edu.cn

Multi-target Category Adversarial Example Generating Algorithm Based on GAN

LI Jian, GUO Yan-ming, YU Tian-yuan, WU Yu-lun, WANG Xiang-han, LAO Song-yang

College of Systems Engineering,National University of Defense Technology,Changsha 410073,China

Received:2021-08-15 Revised:2021-10-12 Online:2022-02-15 Published:2022-02-23
About author:LI Jian,born in 1996,postgraduate.His main research interests include compu-ter vision and deep learning.
GUO Yan-ming,born in 1989,associate professor.His main research interests include computer vision,natural language processing and deep learning.

摘要/Abstract

摘要： 深度神经网络在很多领域表现出色,但是研究表明其很容易受到对抗样本的攻击。目前针对神经网络进行攻击的算法众多,但绝大多数攻击算法的攻击速度较慢,因此快速生成对抗样本逐渐成为对抗样本领域的研究重点。AdvGAN是一种使用网络攻击网络的算法,生成对抗样本的速度极快,但是当进行有目标攻击时,其要为每个目标训练一个网络,使攻击的效率较低。针对上述问题,提出了一种基于生成对抗网络的多目标攻击网络MTA,在进行攻击时MTA仅需要训练一次就可以完成多目标攻击并快速生成对抗样本。实验结果表明,MTA在CIFAR10和MNIST数据集上有目标攻击的成功率高于AdvGAN。文中还做了对抗样本的迁移实验和防御背景下的攻击实验,结果表明,MTA生成的对抗样本的迁移性比其他多目标攻击算法更强,而且在防御背景下攻击成功率更高。

关键词: 对抗攻击, 对抗样本, 多目标攻击, 神经网络, 生成对抗网络

Abstract: Although deep neural networks perform well in many areas,research shows that deep neural networks are vulnerable to attacks from adversarial examples.There are many algorithms for attacking neural networks,but the attack speed of most attack algorithms is slow.Therefore,the rapid generation of adversarial examples has gradually become the focus of research in the area of adversarial examples.AdvGAN is an algorithm that uses the network to attack another network,which can generate adversarial samples extremely faster than other methods.However,when carrying out a targeted attack,AdvGAN needs to train a network for each target,so the efficiency of the attack is low.In this article,we propose a multi-target attack network(MTA) based on the generative adversarial network,which can complete multi-target attacks and quickly generate adversarial examples by training only once.Experiments show that MTA has a higher success rate for targeted attacks on the CIFAR10 and MNIST datasets than AdvGAN.We have also done adversarial sample transfer experiments and attack experiments under defense.The results show that the transferability of the adversarial examples generated by MTA is stronger than other multi-target attack algorithms,and our MTA method also has a higher attack success rate under defense.

Key words: Adversarial attack, Adversarial example, Generative adversarial network, Multi-target attack, Neural network

中图分类号:

TP183

李建, 郭延明, 于天元, 武与伦, 王翔汉, 老松杨. 基于生成对抗网络的多目标类别对抗样本生成算法[J]. 计算机科学, 2022, 49(2): 83-91. https://doi.org/10.11896/jsjkx.210800130

LI Jian, GUO Yan-ming, YU Tian-yuan, WU Yu-lun, WANG Xiang-han, LAO Song-yang. Multi-target Category Adversarial Example Generating Algorithm Based on GAN[J]. Computer Science, 2022, 49(2): 83-91. https://doi.org/10.11896/jsjkx.210800130

参考文献

[1]SZEGEDY C,ZARENBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[C]//International Conference on Learning Representations.2014.
[2]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining andharnessing adversarial examples[C]//International Conference on Learning Representations.2015.
[3]CARLINI N,WAGNER D.Towards evaluating the robustness of neural networks[C]//IEEE Symposium on Security and Privacy (SP).IEEE,2017:39-57.
[4]MOOSAVIDEZFOOLI S M,FAWZI A,FROSSARD P.Deep-fool:A simple and accurate method to fool deep neural networks[C]//Conference on Computer Vision and Pattern Recognition (CVPR).IEEE,2016:2574-2582.
[5]CHEN P Y,ZHANG H,SHARMA Y,et al.Zoo:Zeroth orderoptimization based black-box attacks to deep neural networks without training substitute models[C]//Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security.2017:15-26.
[6]XIAO C,LI B,ZHU J Y,et al.Generating Adversarial Exampleswith Adversarial Networks[C]//Proceedings of the 27th International Joint Conference on Artificial Intelligence.2018:3905-3911.
[7]LI B,XIE J Z.Study on the Prediction of Imbalanced Bank Customer Churn Based on Generative Adversarial Network[J].Journal of Chongqing University of Technology(Natural Science),2021,35(8):136-143.
[8]MADRY A,MAKELOV A,SCHMIDT L,et al.Towards DeepLearning Models Resistant to Adversarial Attacks[C]//International Conference on Learning Representations.2017.
[9]KURAKIN A,GOODFELLOW I,BENGIO S.Adversarialexamples in the physical world[C]//International Conference on Learning Representations Workshop.2017.
[10]RONY J,HAFEMANN L G,OLIVEIRA L S,et al.Decoupling direction and norm for efficient gradient-based l2 adversarial attacks and defenses[C]//Proceedings of the IEEE/CVF Confe-rence on Computer Vision and Pattern Recognition.IEEE,2019:4322-4330.
[11]BRENDEL W,RAUBER J,BETHGE M.Decision-based adversarial attacks:Reliable attacks against black-box machine lear-ning models[C]//International Conference on Learning Representations.2018.
[12]CHENG M,LE T,CHEN P Y,et al.Query-efficient hard-label black-box attack:An optimization-based approach[C]//International Conference on Learning Representations.2019.
[13]CHENG M,SINGH S,CHEN P,et al.Sign-opt:A query-efficient hard-label adversarial attack[C]//International Conference on Learning Representations.2020.
[14]XU W,EVANS D,QI Y.Feature squeezing:Detecting adversa-rial examples in deep neural networks[C]//Network and Distri-buted System Security Symposium.2018.
[15]MENG D,CHEN H.Magnet:a two-pronged defense against adversarial examples[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security.2017:135-147.
[16]TRAMÈR F,KURAKIN A,PAPERNOT N,et al.Ensembleadversarial training:Attacks and defenses[C]//International Conference on Learning Representations.2018.
[17]DAS N,SHANBHOGUE M,CHEN S T.Keeping the Bad Guys Out:Protecting and Vaccinating Deep Learning with JPEG Compression[J].arXiv:1705.02900,2017.
[18]RAFF E,SYLVESTER J,FORSYTH S,et al.Barrage of Random Transforms for Adversarially Robust Defense[C]//Confe-rence on Computer Vision and Pattern Recognition (CVPR).IEEE,2019:6521-6530.
[19]JEDDI A,SHAFIEE M J,KARG M,et al.Learn2perturb:an end-to-end feature perturbation learning to improve adversarial robustness[C]//Conference on Computer Vision and Pattern Recognition (CVPR).IEEE,2020:1241-1250.
[20]JIANG Z,CHEN T,CHEN T,et al.Robust Pre-Training by Adversarial Contrastive Learning[C]//Advances in Neural Information Processing Systems.2020.
[21]KIM M,TACK J,HWANG S J,et al.Adversarial self-supervised contrastive learning [C]//Advances in Neural Information Processing Systems.2020.
[22]BAI Y,ZENG Y,JIANG Y,et al.Improving adversarial robustness via channel-wise activation suppressing [C]//International Conference on Learning Representations.2021.

相关文章 15

[1]	宁晗阳, 马苗, 杨波, 刘士昌. 密码学智能化研究进展与分析 Research Progress and Analysis on Intelligent Cryptology 计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053
[2]	张佳, 董守斌. 基于评论方面级用户偏好迁移的跨领域推荐算法 Cross-domain Recommendation Based on Review Aspect-level User Preference Transfer 计算机科学, 2022, 49(9): 41-47. https://doi.org/10.11896/jsjkx.220200131
[3]	周芳泉, 成卫青. 基于全局增强图神经网络的序列推荐 Sequence Recommendation Based on Global Enhanced Graph Neural Network 计算机科学, 2022, 49(9): 55-63. https://doi.org/10.11896/jsjkx.210700085
[4]	周乐员, 张剑华, 袁甜甜, 陈胜勇. 多层注意力机制融合的序列到序列中国连续手语识别和翻译 Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion 计算机科学, 2022, 49(9): 155-161. https://doi.org/10.11896/jsjkx.210800026
[5]	李宗民, 张玉鹏, 刘玉杰, 李华. 基于可变形图卷积的点云表征学习 Deformable Graph Convolutional Networks Based Point Cloud Representation Learning 计算机科学, 2022, 49(8): 273-278. https://doi.org/10.11896/jsjkx.210900023
[6]	郝志荣, 陈龙, 黄嘉成. 面向文本分类的类别区分式通用对抗攻击方法 Class Discriminative Universal Adversarial Attack for Text Classification 计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077
[7]	王润安, 邹兆年. 基于物理操作级模型的查询执行时间预测方法 Query Performance Prediction Based on Physical Operation-level Models 计算机科学, 2022, 49(8): 49-55. https://doi.org/10.11896/jsjkx.210700074
[8]	陈泳全, 姜瑛. 基于卷积神经网络的APP用户行为分析方法 Analysis Method of APP User Behavior Based on Convolutional Neural Network 计算机科学, 2022, 49(8): 78-85. https://doi.org/10.11896/jsjkx.210700121
[9]	朱承璋, 黄嘉儿, 肖亚龙, 王晗, 邹北骥. 基于注意力机制的医学影像深度哈希检索算法 Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism 计算机科学, 2022, 49(8): 113-119. https://doi.org/10.11896/jsjkx.210700153
[10]	孙奇, 吉根林, 张杰. 基于非局部注意力生成对抗网络的视频异常事件检测方法 Non-local Attention Based Generative Adversarial Network for Video Abnormal Event Detection 计算机科学, 2022, 49(8): 172-177. https://doi.org/10.11896/jsjkx.210600061
[11]	檀莹莹, 王俊丽, 张超波. 基于图卷积神经网络的文本分类方法研究综述 Review of Text Classification Methods Based on Graph Convolutional Network 计算机科学, 2022, 49(8): 205-216. https://doi.org/10.11896/jsjkx.210800064
[12]	闫佳丹, 贾彩燕. 基于双图神经网络信息融合的文本分类方法 Text Classification Method Based on Information Fusion of Dual-graph Neural Network 计算机科学, 2022, 49(8): 230-236. https://doi.org/10.11896/jsjkx.210600042
[13]	金方焱, 王秀利. 融合RACNN和BiLSTM的金融领域事件隐式因果关系抽取 Implicit Causality Extraction of Financial Events Integrating RACNN and BiLSTM 计算机科学, 2022, 49(7): 179-186. https://doi.org/10.11896/jsjkx.210500190
[14]	彭双, 伍江江, 陈浩, 杜春, 李军. 基于注意力神经网络的对地观测卫星星上自主任务规划方法 Satellite Onboard Observation Task Planning Based on Attention Neural Network 计算机科学, 2022, 49(7): 242-247. https://doi.org/10.11896/jsjkx.210500093
[15]	费星瑞, 谢逸. 基于HMM-NN的用户点击流识别 Click Streams Recognition for Web Users Based on HMM-NN 计算机科学, 2022, 49(7): 340-349. https://doi.org/10.11896/jsjkx.210600127

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed