TY - GEN
T1 - Research on adversarial robustness properties of image classification networks based on deep vision
AU - Li, Qiaoyi
AU - Wang, Zhengjie
AU - Zhang, Xiaoning
AU - Du, Hongbao
AU - Xu, Bai
AU - Li, Yang
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023.
PY - 2023
Y1 - 2023
N2 - In response to the problem of significant performance decline of existing deep learning-based intelligent recognition algorithms under adversarial sample attack conditions, this research investigates the intrinsic mechanisms and description methods of adversarial samples. Quantitative linear characteristic analysis is conducted on sub-operations of convolutional neural networks, a model is established to compute the incremental output corresponding to perturbed inputs of suboperations, and the internal mechanism of adversarial sample generation is explored. Using the fast gradient descent method, sensitivity coefficients and offset coefficients are introduced in RestNet networks to establish a relationship model between input perturbations and outputs. The linear characteristics in high-dimensional space are demonstrated to be the cause of adversarial sample generation. Finally, using the projection gradient descent method, a relationship model is established between the number of iterations and outputs to solve the mapping relationship between sensitivity coefficients and the number of iteration attacks. This provides guidance for the design of deep learning attack-defense algorithms.
AB - In response to the problem of significant performance decline of existing deep learning-based intelligent recognition algorithms under adversarial sample attack conditions, this research investigates the intrinsic mechanisms and description methods of adversarial samples. Quantitative linear characteristic analysis is conducted on sub-operations of convolutional neural networks, a model is established to compute the incremental output corresponding to perturbed inputs of suboperations, and the internal mechanism of adversarial sample generation is explored. Using the fast gradient descent method, sensitivity coefficients and offset coefficients are introduced in RestNet networks to establish a relationship model between input perturbations and outputs. The linear characteristics in high-dimensional space are demonstrated to be the cause of adversarial sample generation. Finally, using the projection gradient descent method, a relationship model is established between the number of iterations and outputs to solve the mapping relationship between sensitivity coefficients and the number of iteration attacks. This provides guidance for the design of deep learning attack-defense algorithms.
KW - Adversarial examples
KW - Deep learning
KW - Fast gradient descent method
KW - Projection gradient descent method
UR - http://www.scopus.com/inward/record.url?scp=85175085164&partnerID=8YFLogxK
U2 - 10.1007/978-981-99-6882-4_75
DO - 10.1007/978-981-99-6882-4_75
M3 - Conference contribution
AN - SCOPUS:85175085164
SN - 9789819968817
T3 - Lecture Notes in Electrical Engineering
SP - 937
EP - 950
BT - Proceedings of 2023 Chinese Intelligent Systems Conference - Volume II
A2 - Jia, Yingmin
A2 - Zhang, Weicun
A2 - Fu, Yongling
A2 - Wang, Jiqiang
PB - Springer Science and Business Media Deutschland GmbH
T2 - 19th Chinese Intelligent Systems Conference, CISC 2023
Y2 - 14 October 2023 through 15 October 2023
ER -