Research on adversarial robustness properties of image classification networks based on deep vision

Qiaoyi Li, Zhengjie Wang, Xiaoning Zhang, Hongbao Du, Bai Xu*, Yang Li

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

In response to the problem of significant performance decline of existing deep learning-based intelligent recognition algorithms under adversarial sample attack conditions, this research investigates the intrinsic mechanisms and description methods of adversarial samples. Quantitative linear characteristic analysis is conducted on sub-operations of convolutional neural networks, a model is established to compute the incremental output corresponding to perturbed inputs of suboperations, and the internal mechanism of adversarial sample generation is explored. Using the fast gradient descent method, sensitivity coefficients and offset coefficients are introduced in RestNet networks to establish a relationship model between input perturbations and outputs. The linear characteristics in high-dimensional space are demonstrated to be the cause of adversarial sample generation. Finally, using the projection gradient descent method, a relationship model is established between the number of iterations and outputs to solve the mapping relationship between sensitivity coefficients and the number of iteration attacks. This provides guidance for the design of deep learning attack-defense algorithms.

Original languageEnglish
Title of host publicationProceedings of 2023 Chinese Intelligent Systems Conference - Volume II
EditorsYingmin Jia, Weicun Zhang, Yongling Fu, Jiqiang Wang
PublisherSpringer Science and Business Media Deutschland GmbH
Pages937-950
Number of pages14
ISBN (Print)9789819968817
DOIs
Publication statusPublished - 2023
Event19th Chinese Intelligent Systems Conference, CISC 2023 - Ningbo, China
Duration: 14 Oct 202315 Oct 2023

Publication series

NameLecture Notes in Electrical Engineering
Volume1090 LNEE
ISSN (Print)1876-1100
ISSN (Electronic)1876-1119

Conference

Conference19th Chinese Intelligent Systems Conference, CISC 2023
Country/TerritoryChina
CityNingbo
Period14/10/2315/10/23

Keywords

  • Adversarial examples
  • Deep learning
  • Fast gradient descent method
  • Projection gradient descent method

Fingerprint

Dive into the research topics of 'Research on adversarial robustness properties of image classification networks based on deep vision'. Together they form a unique fingerprint.

Cite this