Research On Adversarial Examples Generation Method Based On Combined Image Information Entropy Distribution

Deep learning models,which consist of multiple neural network layers,have the ability to process large amounts of data and perform highly complex tasks.They have been widely used in fields such as computer vision,natural language processing,and speech recognition.As deep learning technology is increasingly being used in fields that require high levels of security,such as autonomous driving,medical image analysis,and facial recognition,the security of deep learning technology has begun to receive attention.Researchers have found that deep learning models are vulnerable to attacks from adversarial examples,which are created by adding specific perturbations to data in order to cause the model to output incorrect results.As image recognition is one of the most widely used applications of deep learning models,studying attack methods on image recognition models can promote a more comprehensive and healthy development of deep learning technology,making it easier for the market to accept and develop the technology rapidly.In the face of current research on adversarial examples that has not considered the issue of input image information distribution,this paper proposes a novel adversarial example generation method that combines image information entropy distribution.Subsequently,a method for rapidly calculating image information entropy distribution is proposed and applied to the fields of image classification and segmentation.Finally,this paper completes a prototype system for generating adversarial examples for image classification and segmentation models.Specifically,the main contributions of this paper are as follows:(1)For existing image recognition models,the issue of information distribution within images in adversarial attacks has not been taken into consideration.This paper proposes an adversarial sample generation method that combines image information entropy distribution.By calculating the information entropy of a certain size of the surrounding pixels,the information entropy distribution of the image can be constructed to obtain the distribution characteristics of the image in different regions.This method combines the local information entropy distribution information of the image for adversarial sample generation,which pays more attention to the structural features of the original image and generates higher quality adversarial examples.(2)In response to the problem of long computing time required for calculating the information entropy distribution when the image size is large in the dataset,this paper proposes an adversarial sample generation method based on fast calculation of information entropy distribution.This method combines coarse sampling and fine sampling methods to reduce the number of parameters when calculating and quickly calculate the image information entropy distribution,thus improving the applicability of the algorithm.The method first uses the holesampling method to perform coarse sampling on the image,quickly obtaining the approximate information entropy distribution information of the image;and then performs fine sampling on the image based on the obtained approximate information entropy distribution information to obtain more detailed information entropy distribution information.(3)A prototype system for generating adversarial examples for image classification and segmentation models has been designed and implemented.The system consists of three parts:user login,image recognition,and adversarial sample generation.Image recognition includes two applications: image classification and image segmentation.Adversarial sample generation adds adversarial perturbations to the image based on real-time model prediction results,allowing users to more intuitively experience adversarial attacks.To sum up,this paper explores adversarial sample attack technology from the perspective of deep neural network model attacks.It proposes an adversarial sample generation method that combines image information entropy distribution and verifies the attack effect of using this method to generate adversarial examples in the fields of image classification and image segmentation.