基于复合生成对抗网络的对抗样本生成算法研究
CSTR:
作者:
作者单位:

1. 暨南大学 智能科学与工程学院,广东 珠海 509070;2. 暨南大学 信息科学技术学院,广州 510632

作者简介:

通讯作者:

E-mail: tzhangbing@jnu.edu.cn.

中图分类号:

TP273

基金项目:

广东省自然科学基金项目(2020A151501718).


Research on generative adversarial example algorithm based on multiple GANs
Author:
Affiliation:

1. School of Intelligent Systems Science and Engineering,Jinan University,Zhuhai 509070,China;2. College of Information Science and Technology,Jinan University,Guangzhou 510632,China

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    对抗样本能够作为训练数据辅助提高模型的表达能力,还能够评估深度学习模型的稳健性.然而,通过在一个小的矩阵范数内扰乱原始数据点的生成方式,使得对抗样本的规模受限于原始数据.为了更高效地获得任意数量的对抗样本,探索一种不受原始数据限制的对抗样本生成方式具有重要意义.鉴于此,提出一种基于生成对抗网络的对抗样本生成模型(multiple attack generative adversarial networks, M-AttGAN).首先,将模型设计为同时训练2组生成对抗网络,分别对原始数据样本分布和模型潜在空间下的扰动分布进行建模;然后,训练完成的M-AttGAN能够不受限制地高效生成带有扰动的对抗样本,为对抗训练和提高深度神经网络的稳健性提供更多可能性;最后,通过MNIST和CIFAT-10数据集上的多组实验,验证利用生成对抗网络对数据分布良好的学习能力进行对抗样本生成是可行的.实验结果表明,相较于常规攻击方法,M-AttGAN不仅能够脱离原始数据的限制生成高质量的对抗样本,而且样本具备良好的攻击性和攻击迁移能力.

    Abstract:

    Attack examples can not only be used as training data to improve the expressive ability of the model but also can be used to evaluate the robustness of the deep learning model. However, the size of the attack examples is limited to the original data by perturbing an existing data point within a small matrix norm. In order to obtain attack examples more efficiently, a multiple attack generative adversarial networks(M-AttGAN) is proposed, where the attackers are not restricted to original data. The proposed network is designed to train two pairs of GANs simultaneously to fit for the distribution of original data and the distribution of the perturbation in the GANs latent space. The trained model, can generate attack examples efficiently without restrictions, and provide more data for adversarial training and improve the robustness of neural networks. We adopt human evaluation and contrastive analysis with other state-of-the-art algorithms to prove that it is feasible to utilize GANs to attack example generation. Experimental results on the MNIST and CIFAR-10 dataset show that the proposed model not only generates high-quality attack examples breaking the limits of the original data, but also has good aggression and attack migration competence.

    参考文献
    相似文献
    引证文献
引用本文

孔锐,蔡佳纯,黄钢,等.基于复合生成对抗网络的对抗样本生成算法研究[J].控制与决策,2023,38(2):528-536

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:
  • 最后修改日期:
  • 录用日期:
  • 在线发布日期: 2023-01-29
  • 出版日期: 2023-02-20
文章二维码