Research On Image Adversarial Examples Generation For Deep Neural Networks

With the rapid popularization of artificial intelligence technology represented by deep neural network,the security problems brought by deep neural network gradually emerge.Adversarial example is one of the biggest security threats of deep neural network,and it is a hot topic in academic research.In recent years,scholars at home and abroad have proposed a variety of methods to attacks deep neural networks.In the query-based black-box attack scenario,although the current attack method has achieved a high attack success rate,it focuses on using the query results to estimate the gradient.How to efficiently use the query results and further reduce the query of the target model is still worth further exploration.Visual perception is another key index to evaluate the adversarial examples.How to efficiently use the query results while generating adversarial examples with better visual quality is also the difficulty of current research.Based on this,the research contents of this thesis are as follows:(1)We propose a GAN based adversarial examples generation model,DDSG-GAN.On the basis of GAN(generative adversarial networks),the structure of dual discriminators and single generator is designed to generate adversarial examples.The generator is used to generate the adversarial perturbation of the original image.The two discriminators constrain the generated perturbation in two different directions: the first constrains the validity of the perturbation,and the second constrains the insensibility of the perturbation.The trained two discriminators can be used as the surrogate model of the target model and the classifier to identify the authenticity of the image,which can reduce the image distortion while ensuring the attack.In order to reduce the query of the target model,the training process of the surrogate model is divided into two stages: pre-training and fine-tuning.In the pre-training stage,only the original images are used to train it.In the fine-tuning stage,add the real-time generated adversarial examples to fine-tune it.The experimental results on the open image dataset show that the generated adversarial examples can effectively attack the image classification model based on the deep neural networks,and greatly reduce the number of queries to the target model.(2)We propose an adversarial examples generation model DRLKR based on deep reinforcement learning.The model is mainly composed of three parts.First,in order to reduce the visual perception of adversarial examples and to limit the added range of perturbation,the original pixel value is divided into key area matrix and non-key area matrix.Then,the key region matrix is extracted by the autoencoder,and the image pixels are converted into feature vectors.Finally,based on deep reinforcement learning,set up specific actions and reward mechanisms,and learn a group of best strategies to construct adversarial examples in the feature space.The model only adds perturbation to the local areas of the original image.The experimental results on the open image dataset show that the visual perception of the generated adversarial examples is significantly reduced,and the attack success rate remains at a high level.