Research On Adversarial Examples Recognition And Restoration Method Based On Convergence Learning

Adversarial example is used to attack the machine learning model by adding a well-designed,undetectable disturbance or noise to the real example to obtain a completely different error result than the real example.The adversarial example is no difference in appearance from the real example,but it can attack the stateof-the-art machine learning model,resulting in erroneous results.The existence of adversarial example has a great impact on the application of systems supporting deep learning model in scenarios with high security requirements.More and more scholars have conducted in-depth researches on the generation and defense of adversarial example,and are dedicated to revealing the causes of adversarial example and the methods to defend against it.Existing defense methods against adversarial example usually need to modify the training processes or change the structure of the network model or add external models,which usually requires a lot of computation and training overhead.In this thesis,we generate an excellent-performance neural network by training on the MNIST dataset,and replicate it by means of fine-tuning,so as to obtain models with the same network structure but only different parameters of the full connection layer.In the process of fine-tuning,only the full connection layer is trained,which requires very little computation and training overhead.we first obtain the ensemble model by using minimal overhead,and using it to identify the adversarial example by detecting the output distribution of examples.Then we restore the identified adversarial example to obtain the real label of adversarial example.In the experiment,the mainstream adversarial example generation methods are used to attack the ensemble model and detect the recognition and restoration performance of the ensemble model.Experiments show that the proposed ensemble model has good detection performance for the adversarial example generated by mainstream attack algorithms.By choosing appropriate restoration methods,our ensemble model can restore and recognize adversarial example with high confidence.