基于复合生成对抗网络的对抗样本生成算法研究
作者:
作者单位:

暨南大学

作者简介:

通讯作者:

中图分类号:

TP273

基金项目:

广东省自然科学基金


Generative Adversarial Example Algorithm Based on Multiple GANs
Author:
Affiliation:

Jinan University

Fund Project:

Natural Science Foundation of Guangdong Province, P. R. China

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    对抗样本能作为训练数据辅助提高模型的表达能力, 还能够用来评估深度学习模型的稳健性. 然而, 通过在一个小的矩阵范数内扰乱原始数据点的生成方式, 使得对抗样本的规模受限于原始数据. 因此, 为了更高效地获得任意数量的对抗样本, 探索一种不受原始数据限制的对抗样本生成方式具有重要意义. 本文提出一种基于生成对抗网络的对抗样本生成模型 (Multiple Attack Generative adversarial networks, M-AttGAN), 模型设计为同时训练两组生成对抗网络来分别对原始数据样本分布和模型潜在空间下的扰动分布进行建模, 训练完成的 M-AttGAN 能够不受限制地高效生成带有扰动的对抗样本, 从而为对抗训练和提高深度神经网络的稳健性提供更多可能性. 通过 MNIST 和 CIFAT-10 数据集上的多组实验, 证明了利用生成对抗网络对数据分布良好的学习能力来进行对抗样本生成是可行的, 相较于常规攻击方法, M-AttGAN 不仅能够脱离原始数据的限制生成高质量的对抗样本, 而且样本具备良好的攻击性和攻击迁移能力.

    Abstract:

    Attack examples can not only be used as training data to improve the expressive ability of the model but also can be used to evaluate the robustness of the deep learning model. However, the size of the attack examples is limited to the original data by perturbing an existing data point within a small matrix norm. In order to obtain attack examples more efficiently, in this paper, we propose M-AttGAN, a new attack example generation model based on GAN, where the attackers are not restricted to original data. The proposed network is designed to train two pairs of GAN simultaneously to fit for the distribution of original data and the distribution of the perturbation in the GAN latent space. Once our model is trained, it can generate attack examples efficiently and without restrictions, providing more data for adversarial training and improving the robustness of neural networks. We adopt human evaluation and contrastive analysis with other state-of-the-art algorithms to prove that it is feasible to utilize GAN to attack example generation. Our experimental results on the MNIST and CIFAR-10 dataset show that our model not only generates high-quality attack examples breaking the limits of the original data but also has good aggression and attack migration competence.

    参考文献
    相似文献
    引证文献
引用本文
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2021-01-06
  • 最后修改日期:2021-11-17
  • 录用日期:2021-11-26
  • 在线发布日期: 2022-01-02
  • 出版日期: