CGAN-based Adversarial Example Defense Method

Abstract

Abstract: Artificial Intelligence has been well applied in many fields at present. However, the classification of neural network model output errors can be achieved by adversarial example. It is of great significance to study how to improve the robustness of the neural network model while taking into account the efficiency of the algorithm operation. To solve the above problems, this paper proposes a defense method Defense-CGAN based on conditional countermeasure generation network. Firstly, the generator of CGAN is used to generate the reconstructed image according to the input noise and label information, and then the MSE is used to extract the image features before and after the reconstruction. The reconstructed image is selected and fed to the classifier for classification, so as to remove the antagonistic perturbation and realize defense of the adversarial example. Finally, a large number of experiments are carried out on the MNIST data set. The experimental results show that the proposed defense method is more versatile, can defend against various kinds of adversarial attacks, and the time consumption is low at the same time. Therefore, this method can be applied to the real scene with extremely strict time requirement.

Key words: adversarial examples, neural network, adversarial example defense, conditional generative adversarial network, deep learning

LI Shi-bao, CAO Da-peng, LIU Jian-hang. CGAN-based Adversarial Example Defense Method[J]. Computer and Modernization, 2021, 0(07): 65-70.

References

［1］ SZEGEDY C, ZAREMBA W, SUTSKEVER I, et al. Intriguing properties of neural networks［J］. arXiv preprint arXiv:1312.6199, 2013.
［2］ KINGMA D, BA J. Adam: A method for stochastic optimization［J］. arXiv preprint arXiv:1412.6980, 2014.
［3］ PAPERNOT N, MCDANIEL P, GOODFELLOW I. Transferability in machine learning: From phenomena to black-box attacks using adversarial samples［J］. arXiv preprint arXiv:1605.07277, 2016.
［4］ GOODFELLOW I J, SHLENS J, SZEGEDY C. Explaining and harnessing adversarial examples［J］. arXiv preprint arXiv:1412.6572, 2014.
［5］ HINTON G, VINYALS O, DEAN J. Distilling the knowledge in a neural network［J］. arXiv preprint arXiv:1503.02531, 2015.
［6］ PAPERNOT N, MCDANIEL P, WU X, et al. Distillation as a defense to adversarial perturbations against deep neural networks［C］// 2016 IEEE Symposium on Security and Privacy (SP). 2016:582-597.
［7］杨浚宇. 基于迭代自编码器的深度学习对抗样本防御方案［J］. 信息安全学报, 2019,4(6):34-44.
［8］ GONG Z T, WANG W L, KU W S. Adversarial and clean data are not twins［J］. arXiv preprint arXiv:1704.04960, 2017.
［9］ HENDRYCKS D, GIMPEL K. Early methods for detecting adversarial images［J］. arXiv preprint arXiv:1608.00530, 2016.
［10］WEI W Q, LIU L, LOPER M, et al. Cross-layer strategic ensemble defense against adversarial examples［C］// 2020 International Conference on Computing, Networking and Communications (ICNC). 2020:456-460.
［11］CHOW K H, WEI W Q, WU Y Z, et al. Denoising and verification cross-layer ensemble against black-box adversarial attacks［C］// 2019 IEEE International Conference on Big Data. 2019:1282-1291.
［12］SAMANGOUEI P, KABKAB M, CHELLAPPA R. Defense-GAN: Protecting classifiers against adversarial attacks using generative models［J］. arXiv preprint arXiv:1805.06605, 2018.
［13］TRAMR F, KURAKIN A, PAPERNOT N, et al. Ensemble adversarial training: Attacks and defenses［J］. arXiv preprint arXiv:1705.07204, 2017.
［14］TANAY T, GRIFFIN L. A boundary tilting persepective on the phenomenon of adversarial examples［J］. arXiv preprint arXiv:1608.07690, 2016.
［15］GOODFELLOW I J, POUGET-ABADIE J, MIRZA M, et al. Generative adversarial nets［C］// Proceedings of the 27th International Conference on Neural Information Processing Systems. 2014:2672-2680.
［16］MIRZA M, OSINDERO S. Conditional generative adversarial nets［J］. arXiv preprint arXiv:1411.1784, 2014.
［17］LIU L, WEI W Q, CHOW K H, et al. Deep neural network ensembles against deception: Ensemble diversity, accuracy and robustness［C］// Proceedings of the 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS). 2019:274-282.
［18］JANDIAL S, MANGLA P, VARSHNEY S, et al. AdvGAN++: Harnessing latent layers for adversary generation［C］// 2019 IEEE/CVF International Conference on Computer Vision Workshop (ICCVW). 2019:2045-2048.
［19］CARLINI N, WAGNER D. Towards evaluating the robustness of neural networks［C］// 2017 IEEE Symposium on Security and Privacy. 2017:39-57.
［20］TAORI R, KAMSETTY A, CHU B, et al. Targeted adversarial examples for black box audio systems［C］// 2019 IEEE Security and Privacy Workshops. 2019:15-20.
［21］PAPERNOT N, MCDANIEL P, GOODFELLOW I, et al. Practical black-box attacks against machine learning［C］// Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 2017:506-519.
［22］SZELISKI R. Computer Vision: Algorithms and Applications［M］. Springer Science & Business Media, 2010.
［23］LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition［J］. Proceedings of the IEEE, 1998,86(11):2278-2324.

[1]	HE Sida, CHEN Pinghua. Intent-based Lightweight Self-Attention Network for Sequential Recommendation [J]. Computer and Modernization, 2024, 0(12): 1-9.
[2]	ZHANG Xiaodong1, BAI Guangzhi1, LI Min1, LI Haoyang2. Oil and Gas Well Production Prediction Model Based on Empirical Wavelet Transform [J]. Computer and Modernization, 2024, 0(12): 53-58.
[3]	LIU Baobao, YANG Jingjing, TAO Lu, WANG Heying . DSMSC Based on Attention Mechanism for Remote Sensing Image Scene Classification [J]. Computer and Modernization, 2024, 0(12): 72-77.
[4]	CHEN Liang, LI Cheng, YI Wei, XIONG Wei, WANG Xiaofan, TANG Haidong. Helmet Wearing Detection in Electric Power Field Based on#br# Millimeter-wave Radar and Visual Fusion [J]. Computer and Modernization, 2024, 0(12): 100-107.
[5]	QI Xian, LIU Daming, CHANG Jiaxin. Multi-view 3D Reconstruction Based on Improved Self-attention Mechanism [J]. Computer and Modernization, 2024, 0(11): 106-112.
[6]	CHEN Kai1, LI Yiting1, 2, QUAN Huafeng1. A River Discarded Bottles Detection Method Based on Improved YOLOv8 [J]. Computer and Modernization, 2024, 0(11): 113-120.
[7]	YANG Jun1, HU Wei1, ZHU Wenfu2. Visual SLAM Loop Closure Detection Algorithm Based on Improved MobileNetV3 [J]. Computer and Modernization, 2024, 0(10): 21-26.
[8]	WANG Yingying, HAO Xiao. Fine-grained Image Classification Based on Res2Net and Recursive Gated Convolution [J]. Computer and Modernization, 2024, 0(10): 74-79.
[9]	SHI Xingyu1, LI Qiang2, ZHUANG Li3, LIANG Yi3, WANG Qiulin3, CHEN Kai3, WU Chenzhou3, CHANG Sheng1. Object Detection Models Distillation Technique for Industrial Deployment [J]. Computer and Modernization, 2024, 0(10): 93-99.
[10]	MA Yu, YANG Yong, REN Ge, Palidan Tuerxun. Automated Essay Scoring Method Based on GCN and Fine Tuned BERT [J]. Computer and Modernization, 2024, 0(09): 33-37.
[11]	ZHANG Ze1, ZHANG Jianquan2, 3, ZHOU Guopeng2, 3. Camera Module Defect Detection Based on Improved YOLOv8s [J]. Computer and Modernization, 2024, 0(09): 107-113.
[12]	CHENG Yazi1, LEI Liang1, 2, CHEN Han1, ZHAO Yiran1. Multi-scale Depth Fusion Monocular Depth Estimation Based on Transposed Attention [J]. Computer and Modernization, 2024, 0(09): 121-126.
[13]	CHENG Meng, LI Hao. Improved Deciduous Tree Nest Detection Method Based on YOLOv5s [J]. Computer and Modernization, 2024, 0(08): 24-29.
[14]	WANG Mengxi, LI Jun. Review of Fall Detection Technologies for Elderly [J]. Computer and Modernization, 2024, 0(08): 30-36.
[15]	SHI Xianwei1, FAN Xin2. Semantic Segmentation of Video Frame Scene Based on Lightweight [J]. Computer and Modernization, 2024, 0(08): 49-53.