| In recent years,with the breakthrough of computing resources and research in the field of deep learning,deep neural networks have gradually applied to various fields and have become increasingly important in reality.However,research on the security of deep learning has shown that adversarial examples pose a serious threat to neural networks.With improvements in adversarial attack algorithms,significant attack effects have been achieved on specific virtual datasets,researchers have started to shift their attention to their real-world applications.In summary,this article mainly explores and studies ways to enhance the application ability of adversarial examples in the real world.The specific research content is divided into two parts: on the one hand,an edge-based semantic adversarial attack algorithm is proposed to enhance the attack effect on robust models and make perturbations less perceptible,thereby enhancing the interpretability of adding perturbations.On the other hand,for fake videos spread in social platforms,a fake video adversarial attack algorithm with anti-video compression operation is proposed to enhance its potential threat in real scenarios.In the realm of semantic adversarial examples,most current attack algorithms generate adversarial perturbations for the entire image based on the loss function,rarely considering the semantic properties of the perturbations and the differences in perception in different regions of the image.On the other hand reducing the area of perturbation helps to reduce the artificial cost and difficulty of real-world applications.To address these issues,this article assumes that edges belong to robust features and uses the HED algorithm for edge extraction to obtain the edges of the image.After introducing image rotation data augmentation strategies and calculating the global adversarial perturbation,the edge mask is combined with the perturbation to constrain it to the edge region of the image,achieving an imperceptible effect.Experimental results show that the proposed attack algorithm can still increase the success rate of attacks on robust models while reducing perturbation by 50%.It also has universality when combined with various global adversarial attacks,and the edges of images can serve as a robust feature.In the realm of deepfake video adversarial examples.Although current adversarial example can evade model detection locally,videos circulated on social media platforms must undergo preprocessing and compression operations set by the platform in real scenarios.These operations can render the small perturbations added to the original video ineffective,revealing the limitations of current research in real-world scenarios.To address these issues,this article simulates the uploading operation of social media platforms by splitting the video into frames and adding noise simulated by U-Net networks for image preprocessing to the original images.Then,the images are compressed using a differentiable JPEG module based on a 95 quality coefficient,and finally,the adversarial perturbation is calculated via backpropagation and added to the face region,generating deepfake video adversarial examples with anti-compression capabilities.The experimental results show that the proposed deepfake video adversarial examples can resist video compression operations without increasing the amplitude of added perturbations.Figure [26] Table [21] Reference [87]... |
PDF Full Text Request