Design Of Attack Algorithm For Traffic Sign Detection Based On Generative Adversarial Network

Under the complex external environment with explosive growth of data in the market and the market environment with the continuous improvement and promotion of the technical performance of electronic computer devices,a new wave of artificial intelligence research has spawned.As an important component of modern artificial intelligence,deep neural network technology is used in various fields such as target detection,image recognition,speech recognition,autonomous driving technology,and medical and health care,have achieved good breakthroughs and innovations.However,studies have shown that neural networks are extremely vulnerable to adversarial sample attacks,leading to misjudgments.Adding a small disturbance will make the neural network invalid on a type of sample or even the entire data set.The existence of adversarial samples seriously affects the application range of neural networks.In scenarios with high security requirements,neural networks must ensure high robustness.How to effectively counter attacks on deep learning models is an important prerequisite for analyzing the security of deep neural networks and improving the robustness of deep neural networks.The traditional counter attack method is to calculate the disturbance of the original input image,and perturb the original image through a single-step or iterative calculation method to generate counter samples.However,traditional adversarial sample generation methods have problems,such as slow generation speed and large amount of calculation.In order to solve this problem,a new adversarial attack direction is adopted,and a generative adversarial network is used to generate adversarial samples.Aiming at the problems of traditional adversarial sample generation methods,this thesis studies the adversarial sample generation method based on the generative adversarial network,takes the image classification model as the attack target,and proposes a new unsupervised method of adversarial sample generation.The main research work of this paper is as follows:1)Use the GTSRB German traffic sign data set to complete the target model training,perform a simple preprocessing operation on the original data set,use the Darknet-53 neural network to complete the feature extraction operation of the traffic sign,and then use the YOLOv3 target detection algorithm to extract the The feature information of the target category can be identified and classified and predicted,and finally the detection of traffic signs can be realized.2)A GAN-based adversarial sample generation method is proposed.This method uses two unsupervised models of different targets for training.The network structure consists of a generator model,a discriminator model and a target model to be attacked.A conditional information c is added to the input.The function of this added information is to make the training of the generated confrontation network directional,so that the model can converge faster during the training process.After the continuous confrontation training of the generator and the discriminator,the GAN model is finally able to learn from random noise and generate confrontation samples.When the adversarial sample is successfully generated,it is sent to the target model to be attacked.The target model is a target detection model trained on original data,which can classify images of the same category as the original data.3)For more intuitive and comprehensive verification of the algorithm results and the advanced nature of the algorithm,this paper focuses on two classical methods for generating confrontation samples,named FGSM and Deepfool attack algorithms.It is verified through experiments that in the case of the same number of training rounds,for the classic generation of adversarial sample algorithms,the algorithm in this paper has a higher attack efficiency and a faster generation of adversarial samples.