Research And Implementation Of Adversarial Attack And Defense Technology For Traffic Sign Recognition

Traffic sign recognition is an important research field of computer image processing and has a wide range of application values,because traffic signs can provide drivers with important road information,such as speed limits,no-passing,directions,etc.,so it is possible to accurately identify traffic signs It is very important to ensure driving safety and improve traffic efficiency.In the past few years,with the rise of deep learning technology,the field of traffic sign recognition has also made great progress,especially the traffic sign recognition technology based on deep neural network has been widely used in the fields of automatic driving,intelligent traffic management,etc..However,various attack methods represented by adversarial attacks have also brought more and more security risks to traffic sign recognition algorithms and systems.Adversarial attack means that the attacker adds small perturbations that are not easy to distinguish in the original input data according to the attack algorithm,and the generated adversarial samples have the characteristics of high false recognition rate and strong concealment.In the case of adversarial samples as input,the recognition model will output wrong classification results,and such wrong results will cause huge safety hazards in the field of automatic driving.This thesis aims to study the adversarial attack and defense technology in the traffic sign recognition system,and provide guarantee for the security and reliability of the traffic sign recognition system.Combining the attention mechanism,the traffic sign recognition model Res Net50＿CB was established,and the white-box adversarial attack technology for the traffic sign recognition model was studied and analyzed.Finally,the adversarial attack defense method based on FGSM adversarial training was studied and improved,and the traffic sign recognition model was improved.To identify the defense capability of the model against FGSM attacks,the specific research contents are as follows:(1)Design and train the Res Net50＿CB traffic sign recognition model.Firstly,the Chinese traffic sign dataset(CTSRD)is selected and reconstructed into a new dataset containing 35 categories,and then the dataset is processed using data augmentation techniques.Then,a traffic sign recognition model combining CBAM hybrid attention mechanism and Res Net50 network was constructed,and a recognition rate of 96.89% was achieved on the new data set(CTSRD＿35).Compared with the original Res Net50 model,the recognition rate was increased by 2.06%.(2)Research and analyze the white-box adversarial attack of the traffic sign recognition model.Implemented various types of white-box adversarial attacks on the traffic sign recognition model and its data sets,realized the Fast Gradient Descent(FGSM)attack based on gradient optimization,the Deep Fooling Algorithm(Deep Foo L)attack based on decision boundary analysis and visibility extreme High Adversarial Patch attack.The attack effect of different attack methods on the overall data set in different situations is analyzed,and the C&W attack based on direct optimization is realized.(3)Use the adversarial training method to train the Resnet50＿CB network to improve its ability to defend against FGSM adversarial attacks.This paper uses the FGSM confrontation training method,the improved Random-FGSM confrontation training method and the PGD confrontation training method to train the recognition model Resnet50＿CB.Among them,the improved Random-FGSM adversarial learning method can increase the richness of the adversarial samples generated by the FGSM attack during the training process,so that when the trained model faces the FGSM adversarial attack,the recognition rate is about 2.59%higher than that of the original FGSM adversarial training method.(4)Developed a visualization tool that combines traffic sign recognition and adversarial attack algorithms,which can recognize traffic signs and generate adversarial samples in real time.