Research On Defense Adversarial Sample Based On GAN And Detection Mechanism

The deep neural network can reach a very high level in the field of image classification,but the deep model produces high confidence error results when dealing with the adversarial examples.Adversarial example is the addition of elaborate perturbations to a normal sample,subtle perturbations that are almost impossible for humans to detect directly.The addition of perturbations will cause the network to produce wrong output.With the rapid development of neural networks,the problem of adversarial example has attracted much attention.At present,the research on the problem of adversarial examples generation has been very successful,and the generation of adversarial examples can reduce the accuracy of depth model to nearly 0%.However,the study of defense adversarial examples is slow.The traditional defense algorithms can only defend the adversarial examples generated by specific methods.Most defense models also reduce the identification accuracy of normal samples.In this paper the defense adversarial examples are studies,the main work is as follows:(1)A method of defense adversarial examples based on detection mechanism is proposed.This method uses the difference between the data manifold of the normal sample and the data manifold of the adversarial sample to detect the counter sample.It is impossible for this detection method to completely detect all the adversarial examples.Considering the overall defense effect,it focuses on repairing the images detected as adversarial examples,and at the same time,it makes slight changes to the images detected as normal samples.(2)A GAN-based defense adversarial examples method is proposed.In this method,both the normal samples and the adversarial examples are input into the GAN at the same time.It is hoped that the generator model can learn the distribution of the normal samples,eliminate the adversarial perturbation in the antagonistic samples,and achieve the effect of defending the adversarial examples.During the construction of GAN,there is no special setting for the attack algorithm of generating adversarial examples and improve the universality of the model.(3)Finally,in order to prove the effectiveness of the two algorithms proposed in this paper on the defense adversarial examples,it is verified on several classical data sets.A large number of experimental results show that,compared with the previous models,the proposed method can reduce the influence of the traditional defense network on the normal samples,and efficiently defend various adversarial examples.