Research And Implementation Of Adversarial Examples For Artificial Intelligence

In recent years,artificial intelligence ushered in the peak of development,machine learning as one of the core technologies of artificial intelligence,has been widely used in various fields.But machine learning is facing a lot of severe challenges of security problems now,and adversarial example attack is one of the most extensive attack methods.The research of adversarial example attack method is helpful to test and improve the robustness and security of machine learning algorithm.At present,many methods have been proposed to resist the adversarial example attack.But most of them need specific conditions and can not be applied in the real environment.On the one hand,the real environment is mostly black box scenes.The attacker can’t get the specific structure and parameters of the model.On the other hand,the adversarial examples need to be input into the algorithm model through the hardware acquisition device of the system after they are generated.The data quality damage will greatly affect the attack success rate.This paper aiming at the biometric recognition system in the field of artificial intelligence and studies how to generate high-quality face and voice adversarial examples,and migrate the them to the real environment to resist adversarial attacks,so as to verify the security and robustness of the existing face recognition systems、speech recognition systems and speaker recognition systems.The main work of this paper is as follows:(1)In view of the phenomenon that people usually wear masks in public places in the current epidemic situation,this paper proposes a adversarial example attack algorithm based on attention mechanism.Through the visual perception mechanism,the algorithm searches out the mask pattern area which is easy to be attacked,and then adds noise to make the classifier classification error,resulting in face recognition failure.In this paper,a face confrontation sample generation method based on adaboost is posed.By integrating multiple backbone networks and loss functions,high-quality face adversarial examples are generated quickly,which greatly improves the generation speed and the quality of adversarial examples.(2)In this paper,LFW data set and CASIA Webface face data set are used for model training and testing.The attack method based on attention mechanism and the attack method based on ensemble learning are used to generate face adversarial examples respectively.The commercial face recognition system interface is used for face recognition and live detection experiments,and the black box attack is realized.(3)In this paper,we propose a word level prosody feature extraction method based on BERT.It can not only extract the speech features of audio,but also represent the word level features,so as to better generate audio adversarial examples.In addition,for speech recognition system and speaker recognition system,this paper proposes content-based and speech-based adversarial example generation algorithms respectively,which can generate countermeasure audio that can deceive speech recognition system and speaker recognition system without being detected by human ears.(4)In this paper,the model is trained and tested on the Magic Data Chinese mobile recording audio corpus and S-CMDS Chinese data set.The generated adversarial examples are used to attack the commercial speech recognition system and speaker recognition system successfully,and the black box counter attack is realized.