Keywords
Image classification
Adversarial attack
Submitted : 2024-10-28
Accepted : 2024-11-12
Published : 2024-11-27
Abstract
In view of the fact that adversarial examples can lead to high-confidence erroneous outputs of deep neural networks, this study aims to improve the safety of deep neural networks by distinguishing adversarial examples. A classification model based on filter residual network structure is used to accurately classify adversarial examples. The filter-based classification model includes residual network feature extraction and classification modules, which are iteratively optimized by an adversarial training strategy. Three mainstream adversarial attack methods are improved, and adversarial samples are generated on the Mini-ImageNet dataset. Subsequently, these samples are used to attack the EfficientNet and the filter-based classification model respectively, and the attack effects are compared. Experimental results show that the filter-based classification model has high classification accuracy when dealing with Mini-ImageNet adversarial examples. Adversarial training can effectively enhance the robustness of deep neural network models.
References
Li C, Cao YN, Peng YK, 2022, Research on Automatic Driving Target Detection Based on YOLOv5s. Journal of Physics: Conference Series, 2171(1): 012047.
Sainath TN, He YZ, Li B, et al., 2020, A Streaming on Device End-to-End Model Surpassing Server-Side Conventional Model Quality and Latency, International Conference on Acoustics, Speech and Signal Processing, Barcelona, 6059–6063.
Wang Q, 2021, Research on Image Recognition Technology Based on Convolution Neural Network, International Conference on Information Systems and Computer Aided Education, Dalian, 2628–2632.
Chen JF, Zhang WH, 2020, Research and Application of Deep Learning in Image Recognition. Electronics World, 2020(19): 48–49.
Krizhevsky A, Sutskever Hinton GE, 2017, ImageNet Classification with Deep Convolutional Neural Networks. J Communications of the ACM, 60(6): 84–90.
Chen QY, Huang Y, Sun R, et al., 2020, An Efficient Accelerator for Multiple Convolutions from the Sparsity Perspective. IEEE Transactions on Very Large Scale Integration (VLS) Systems, 28(6): 1540–1544.
Chen X, Weng J, Deng XL, et al., 2023, Feature Distillation in Deep Attention Network Against Adversarial Examples. IEEE Transactions on Neural Networks and Learning Systems, 34(7): 3691–3705.
Goodfellow IJ, Shlens J, Szegedy C, 2023, Explaining and Harnessing Adversarial Examples. arXiv. https://doi.org/10.48550/arXiv.1412.6572
Zantedeschi V, Nicolae MI, Rawat A, 2017, Efficient Defenses Against Adversarial Attacks. arXiv. https://doi.org/10.48550/arXiv.1707.06728
Li X, Li FX, 2017, Adversarial Examples Detection in Deep Networks with Convolutional Filter Statistics, International Conference on Computer Vision, Venice, 5775–5783.
Zhang CL, Ye ZC, Wang Y, et al., 2018, Detecting Adversarial Perturbations with Saliency, International Conference on Signal and Image Processing, Shenzhen, 271–275.
Lu JJ, Issaranon T, Forsyth D, 2017, SafetyNet: Detecting and Rejecting Adversarial Examples Robustly, International Conference on Computer Vision, Venice, 446–454.
Linardos P, Little S, McGuinness K, 2019, MediaEval 2019: Concealed FGSM Perturbations for Privacy Preservation. arXiv. https://doi.org/10.48550/arXiv.1910.11603
Moosavidezfoolis M, Fawzi A, Frossard P, 2023, DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks. arXiv. https://doi.org/10.48550/arXiv.1511.04599
McCaffrey J, 2014, Test Run: Distorting the MNIST Image Data Set. MSDN Magazine, 29(7): 66–69.
Wu DX, Xu J, Liu H, 2020, Analysis of the Influence of Stylized-CIFAR10 Dataset on ResNet, in Chen XF, Yan HY, Yan QB, et al., Machine learning for Cybersecurity, Springer, Cham, 416–426.
Mangla P, Jandial S, Varshney S, et al., 2023, AdvGAN+: Harnessing Latent Layers for Adversary Generation. arXiv. https://doi.org/10.48550/arXiv.1908.00706
Jabra MB, Koubaa A, Benidira B, et al., 2021, COVID-19 Diagnosis in Chest X-Rays Using Deep Learning and Majority Voting. Applied Sciences, 11(6): 2884.