二分类判别网络的对抗样本检测

在原始图像数据集中,添加特殊的细微扰动能形成对抗样本,经这类样本攻击的深度神经网络等模型可能以高置信度给出错误输出,然而当前大部分检测对抗样本的方法有许多前提条件,限制了其检测能力.针对这一问题,该文提出一个二分类判别网络模型,通过多层卷积神经网络来提取样本数据的主要特征; 应用特殊的判别目标函数,结合不同程度的噪声数据来训练并优化网络模型,以提高模型检测对抗样本的能力; 模型采用端到端的方式,可直接部署到目标模型的源样本中来检测对抗样本的存在,亦可进行大规模应用.实验结果表明:该模型的检测率优于其他相关模型.

The Adversarial Samples Detection with a Binary Discrimination Network

The deep neural network is vulnerable to the attack of adversarial samples that are generated by adding small but special perturbations to the original datasets,resulting in the network model giving error output with high confidence.Additionally,most of the detection methods of adversarial samples need to have many preconditions when detecting,and the whole detection ability is limited.Therefore,a binary discrimination network is proposed to effectively improve the detection rate of the adversarial samples,which extracts the main features of the sample data in the way of multi-layer convolution,trains the network with different levels of noise data,and continuously optimizes the network model with unique discriminant objective function.The model can be directly deployed to the source data of the target model to detect the presence of adversarial samples,and can be used on a large scale by an end-to-end way.Experimental results show that the detection rate of this model is better than that of other comparison models.