Research And Implementation Of Deep Neural Network Image Adversarial Sample Detection Technology

In recent years,deep learning has shown remarkable performance in the field of computer vision.However,studies have shown that the addition of carefully designed subtle perturbations to images that are imperceptible to the human eye can cause image classifiers based on deep neural networks to give wrong prediction results.The existence of adversarial examples poses a great threat to the security of deep neural networks.In order to improve the security of deep neural network applications,the importance of researching detection techniques for adversarial examples has become increasingly prominent.At present,the mainstream adversarial sample detection method needs to rely on the middle layer features of the model,which has problems such as high training cost and poor scalability.Aiming at the above problems,this thesis studies the detection technology of adversarial samples.The main work includes:First,this thesis proposes an adversarial sample detection method based on Gaussian noise superposition,which does not need to rely on the middle layer features of the model and has good scalability.This detection method uses two image processing methods,input the original image and the images processed by two different methods into their corresponding classifiers,and judge whether the input is an adversarial sample according to whether the prediction results of the classifiers are consistent.Experimental results show that on the CIFAR-10 dataset,the detection accuracy rate reaches 94.29%,which is 15.32%and 1.98%higher than the classic model-based LID method and Mahalanobis method,respectively,and about 1.83%higher than the same type of LES method.The detection method has also achieved good detection results on the MNIST and GTSRB datasets.Secondly,based on the above research work,after investigating the existing adversarial sample attack and defense systems,and combining the requirements analysis results,this thesis forms the design of the deep neural network image adversarial sample detection system.The overall architecture design and module design define the hierarchical structure of the system and divide each functional module.Storage design and deployment design can ensure the consistency of cache and database in most cases,and support high-concurrency network request processing to a certain extent.Finally,based on the design work,this thesis implements the detection system,shows the interfaces corresponding to the front-end functions,and introduces the implementation of the classes and interfaces of the back-end modules.In addition,this thesis conducts functional and performance tests on the detection system.The core functions of the system include adversarial sample generation,perturbation visualization,adversarial sample detection and defense effect evaluation,etc.