Adversarial example defense algorithm for MNIST based on image reconstruction
With the popularization of deep learning, more and more attention has been paid to its security issues.The adversarial sample is to add a small disturbance to the original image, which can cause the deep learning model to misclassify the image, which seriously affects the performance of deep learnin...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2022-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021095 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529843179585536 |
|---|---|
| author | Zhongyuan QIN Zhaoxiang HE Tao LI Liquan CHEN |
| author_facet | Zhongyuan QIN Zhaoxiang HE Tao LI Liquan CHEN |
| author_sort | Zhongyuan QIN |
| collection | DOAJ |
| description | With the popularization of deep learning, more and more attention has been paid to its security issues.The adversarial sample is to add a small disturbance to the original image, which can cause the deep learning model to misclassify the image, which seriously affects the performance of deep learning technology.To address this challenge, the attack form and harm of the existing adversarial samples were analyzed.An adversarial examples defense method based on image reconstruction was proposed to effectively detect adversarial examples.The defense method used MNIST as the test data set.The core idea was image reconstruction, including central variance minimization and image quilting optimization.The central variance minimization was only processed for the central area of the image.The image quilting optimization incorporated the overlapping area into the patch block selection.Considered and took half the size of the patch as the overlap area.Using FGSM, BIM, DeepFool and C&W attack methods to generate adversarial samples to test the defense performance of the two methods, and compare with the existing three image reconstruction defense methods (cropping and scaling, bit depth compression and JPEG compression).The experimental results show that the central variance minimization and image quilting optimization algorithms proposed have a satisfied defense effect against the attacks of existing common adversarial samples.Image quilting optimization achieves over 75% classification accuracy for samples generated by the four attack algorithms, and the defense effect of minimizing central variance is around 70%.The three image reconstruction algorithms used for comparison have unstable defense effects on different attack algorithms, and the overall classification accuracy rate is less than 60%.The central variance minimization and image quilting optimization proposed achieve the purpose of effectively defending against adversarial samples.The experiments illustrate the defense effect of the proposed defense algorithm in different adversarial sample attack algorithms.The comparison between the reconstruction algorithm and the algorithm shows that the proposed scheme has good defense performance. |
| format | Article |
| id | doaj-art-f30a417a2d3c4c3e979db13ee0b9bb06 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2022-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-f30a417a2d3c4c3e979db13ee0b9bb062025-01-15T03:15:39ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2022-02-018869459571531Adversarial example defense algorithm for MNIST based on image reconstructionZhongyuan QINZhaoxiang HETao LILiquan CHENWith the popularization of deep learning, more and more attention has been paid to its security issues.The adversarial sample is to add a small disturbance to the original image, which can cause the deep learning model to misclassify the image, which seriously affects the performance of deep learning technology.To address this challenge, the attack form and harm of the existing adversarial samples were analyzed.An adversarial examples defense method based on image reconstruction was proposed to effectively detect adversarial examples.The defense method used MNIST as the test data set.The core idea was image reconstruction, including central variance minimization and image quilting optimization.The central variance minimization was only processed for the central area of the image.The image quilting optimization incorporated the overlapping area into the patch block selection.Considered and took half the size of the patch as the overlap area.Using FGSM, BIM, DeepFool and C&W attack methods to generate adversarial samples to test the defense performance of the two methods, and compare with the existing three image reconstruction defense methods (cropping and scaling, bit depth compression and JPEG compression).The experimental results show that the central variance minimization and image quilting optimization algorithms proposed have a satisfied defense effect against the attacks of existing common adversarial samples.Image quilting optimization achieves over 75% classification accuracy for samples generated by the four attack algorithms, and the defense effect of minimizing central variance is around 70%.The three image reconstruction algorithms used for comparison have unstable defense effects on different attack algorithms, and the overall classification accuracy rate is less than 60%.The central variance minimization and image quilting optimization proposed achieve the purpose of effectively defending against adversarial samples.The experiments illustrate the defense effect of the proposed defense algorithm in different adversarial sample attack algorithms.The comparison between the reconstruction algorithm and the algorithm shows that the proposed scheme has good defense performance.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021095adversarial exampleimage reconstructiondeep learningimage classification |
| spellingShingle | Zhongyuan QIN Zhaoxiang HE Tao LI Liquan CHEN Adversarial example defense algorithm for MNIST based on image reconstruction 网络与信息安全学报 adversarial example image reconstruction deep learning image classification |
| title | Adversarial example defense algorithm for MNIST based on image reconstruction |
| title_full | Adversarial example defense algorithm for MNIST based on image reconstruction |
| title_fullStr | Adversarial example defense algorithm for MNIST based on image reconstruction |
| title_full_unstemmed | Adversarial example defense algorithm for MNIST based on image reconstruction |
| title_short | Adversarial example defense algorithm for MNIST based on image reconstruction |
| title_sort | adversarial example defense algorithm for mnist based on image reconstruction |
| topic | adversarial example image reconstruction deep learning image classification |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021095 |
| work_keys_str_mv | AT zhongyuanqin adversarialexampledefensealgorithmformnistbasedonimagereconstruction AT zhaoxianghe adversarialexampledefensealgorithmformnistbasedonimagereconstruction AT taoli adversarialexampledefensealgorithmformnistbasedonimagereconstruction AT liquanchen adversarialexampledefensealgorithmformnistbasedonimagereconstruction |