Adversarial Example Defense Method Based on Inverse Perturbation Fusing Generative Adversarial Network

ZHANG Shi-hui; ZHANG Xiao-wei; SONG Dan-dan; YANG Yong-liang; ZUO Dong-xu

doi:10.12263/DZXB.20220038

您当前的位置：

首页 >

文章列表页 >

Adversarial Example Defense Method Based on Inverse Perturbation Fusing Generative Adversarial Network

PAPERS | 更新时间：2025-12-08

- Adversarial Example Defense Method Based on Inverse Perturbation Fusing Generative Adversarial Network
- ACTA ELECTRONICA SINICA Vol. 51, Issue 4, Pages: 879-884(2023)
- 作者机构：
  
  1.燕山大学信息科学与工程学院，河北秦皇岛066004
  2.河北省计算机虚拟技术与系统集成重点实验室，河北秦皇岛066004
- 作者简介：
- 基金信息：
  
  Central Government Guided Local Funds for Science and Technology Development(216Z0301G);National Natural Science Foundation of China(61379065);Natural Science Foundation of Hebei Province(F2019203285)
- DOI：10.12263/DZXB.20220038
  CLC： TP391.4;TP183
- Received：05 January 2022，
  
  Revised：2022-09-06，
  
  Published：25 April 2023
- 稿件说明：
移动端阅览
张世辉,张晓微,宋丹丹等.基于逆扰动融合生成对抗网络的对抗样本防御方法[J].电子学报,2023,51(04):879-884.

ZHANG Shi-hui,ZHANG Xiao-wei,SONG Dan-dan,et al.Adversarial Example Defense Method Based on Inverse Perturbation Fusing Generative Adversarial Network[J].ACTA ELECTRONICA SINICA,2023,51(04):879-884.
张世辉,张晓微,宋丹丹等.基于逆扰动融合生成对抗网络的对抗样本防御方法[J].电子学报,2023,51(04):879-884. DOI： 10.12263/DZXB.20220038.

ZHANG Shi-hui,ZHANG Xiao-wei,SONG Dan-dan,et al.Adversarial Example Defense Method Based on Inverse Perturbation Fusing Generative Adversarial Network[J].ACTA ELECTRONICA SINICA,2023,51(04):879-884. DOI： 10.12263/DZXB.20220038.

摘要

为了有效抵御对抗样本误导深度神经网络模型，提出一种基于逆扰动融合生成对抗网络的对抗样本防御方法（Inverse Perturbation Fusing Generative Adversarial Network，IP-GAN）.充分利用对抗样本中的对抗扰动信息，确定以逆扰动作为对抗样本防御方法的研究出发点，并从高维特征空间进行有效性分析.IP-GAN方法借鉴生成对抗网络思想，以生成器架构作为逆扰动构造模型，依据对抗样本构造相应的逆扰动用于获取重构样本，并引入深度神经网络模型指导逆扰动优化方向，最终将重构样本输入至深度神经网络模型获取正确分类结果.实验结果表明，所构造的逆扰动可有效消除对抗扰动，辅助DNN模型正确识别并分类对抗样本，与现有最新防御方法相比，IP-GAN方法在MNIST和ImageNet数据集上防御成功率分别平均提高了0.86%和2.96%.

Abstract

In order to effectively resist the misleading of the adversarial examples for deep neural network models

an inverse perturbation fusion generative adversarial network (IP-GAN) is proposed. This method makes full use of the adversarial perturbation information in adversarial examples

takes inverse perturbation as the starting point of the adversarial example defense method

and analyzes the effectiveness from the high-dimensional feature space. Drawing on the idea of the generative adversarial network

the generator architecture is used as a construction model to generate the corresponding inverse perturbation based on adversarial examples to obtain the reconstructed examples. Then

the deep neural network model is introduced to guide the direction of inverse perturbation optimization

and input the reconstruction examples into the deep neural network model to obtain the correct classification results. The experimental results show that the inverse perturbation constructed can eliminate adversarial perturbations effectively

and assist the DNN model to identify and classify adversarial examples correctly. Compared with the state-of-the-art defense methods

the defense success rates of the IP-GAN method on MNIST and ImageNet datasets are increased by 0.86% and 2.96%

respectively.

关键词

Keywords

references

SZEGEDY C , ZAREMBA W , SUTSKEVER I , et al . Intriguing properties of neural networks [C ] // Proceedings of the International Conference on Learning Representations . Banff : ICLR , 2014 : 1 - 10 .

IRFAN M M , ALI S , YAQOOB I , et al . Towards deep learning: A review on adversarial attacks [C ] // 2021 International Conference on Artificial Intelligence . Islamabad : IEEE , 2021 : 91 - 96 .

邹军华 , 段晔鑫 , 任传伦 , 等 . 基于噪声初始化、Adam-Nesterov方法和准双曲动量方法的对抗样本生成方法 [J ] . 电子学报 , 2022 , 50 ( 1 ): 207 - 216 .

ZOU Jun-hua , DUAN Ye-xin , REN Chuan-lun , et al . Perturbation initialization, Adam-Nesterov and quasi-hyperbolic momentum for adversarial examples [J ] . Acta Electronica Sinica , 2022 , 50 ( 1 ): 207 - 216 . (in Chinese)

ZHANG J L , LI C . Adversarial examples: Opportunities and challenges [J ] . IEEE Transactions on Neural Networks and Learning Systems , 2020 , 31 ( 7 ): 2578 - 2593 .

SAMANGOUEI P , KABKAB M , CHELLAPA R . Defense-GAN: Protecting classifiers against adversarial attacks using generative models [C ] // Proceedings of the International Conference on Learning Representations . Vancouver : ICLR , 2018 : 1 - 12 .

GOODFELLOW I , POUGET-ABADIE J , MIRZA M , et al . Generative adversarial nets [J ] . Advances in Neural Information Processing Systems , 2014 , 3 : 2672 - 2680 .

JIN G Q , SHEN S W , ZHANG D M , et al . APE-GAN: Adversarial perturbation elimination with GAN [C ] // Proceedings of the IEEE Conference on International Conference on Acoustics, Speech, and Signal Processing . Brighton : IEEE , 2019 : 3842 - 3846 .

HLIHOR P , VOLPI R , MALAGÒ L . Evaluating the robustness of defense mechanisms based on autoencoder reconstructions against Carlini-Wagner adversarial attacks [C ] // Proceedings of the Northern Lights Deep Learning Workshop . UiT The Arctic University of Norway : Septentrio Academic Publishing , 2020 : 1 - 6 .

陈晋音 , 吴长安 , 郑海斌 , 等 . 基于通用逆扰动的对抗攻击防御方法 [J/OL ] . 自动化学报 , 2021 : 1 - 20 . DOI: 10.16383/j.aas.c201077 http://dx.doi.org/10.16383/j.aas.c201077 .

CHEN JIN-YIN , WU CHANG-AN , ZHENG HAI-BIN , et al . Universal inverse perturbation defense against adversarial attacks [J/OL ] . Acta Automatica Sinica , 2021 : 1 - 20 . DOI: 10.16383/j.aas.c201077. http://dx.doi.org/10.16383/j.aas.c201077. (in Chinese)

ZHENG H B , CHEN J Y , HANG D , et al . GRIP-GAN: An attack-free defense through general robust inverse perturbation [J/OL ] . IEEE Transactions on Dependable and Secure Computing , 2021 : 1 - 18 . DOI: 10.1109/TDSC.2021.3124337 http://dx.doi.org/10.1109/TDSC.2021.3124337 .

KURAKIN A , GOODFELLOW I J , BENGIO S . Adversarial examples in the physical world [C ] // Proceeding of the International Conference on Learning Representations . Toulon : ICLR , 2019 : 1 - 13 .

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Attention Mechanism Optimized Generative Adversarial Networks and Their Application in Sea Clutter Simulation

Robust Adversarial Defense Boundary-Based Speech Forgery Method Recognition

Land-Sea Clutter Image Enhancement and Detector Design for Sky-Wave Over-the-Horizon Radar

Refocusing for Three-Dimensional Rotating Ship Targets in SAR Images Based on Minimum Entropy Criteria and Generative Adversarial Network

Robust Physical Adversarial Camouflages for Image Classifiers

Related Author

ZHANG Su-kai

CHEN Peng

DONG Zi-ying

WANG Wei

ZHANG Qiang

ZHANG Xiong-wei

SUN Meng

YANG Ji-bin

Related Institution

School of Information Engineering, Chang’an University

Graduate School, Army Engineering University

School of Command and Control Engineering, Army Engineering University

Nanjing Research Institute of Electronics Technology

School of Communication and Information Engineering, Chongqing University of Posts and Telecommunications

⁰