摘要
对抗样本的存在容易误导深度学习模型输出错误的预测,严重影响深度学习模型的稳健性。为了提高模型的鲁棒性,抵御对样样本的干扰,以深度图像分类网络为研究对象,提出了基于域自适的鲁棒图像分类方法。首先,通过分析干净图像和对抗样本的数据分布特点,使用域自适应学习方法对齐干净图像和对抗样本的特征空间。其次,将干净图像和对抗样本分别作为源域和目标域,构建生成对抗分类网络,最后,构造对抗学习的线性损失函数优化网络。采用l_(∞)范数和l_(2)范数约束的对抗样本验证所提算法,相较于标准训练和对抗训练算法,在MNIST-M数据集上,所提算法的标准准确率提高了4.3%和1.23%。在CIFAR-10数据集上提高了1.23%和20.45%。同时,在3种对抗样本上的鲁棒准确率均提高超过10%。在遥感场景分类SIRI-WHU数据集上鲁棒准确率达到79.6%。实验结果表明:所提算法能有效提高图像分类模型的标准准确率和鲁棒准确率,使模型在面对对抗样本扰动时表现出更强的鲁棒性。
The existence of adversarial examples can easily mislead deep learning models into making incorrect predictions,severely affecting the robustness of these models.To enhance the robustness of models and resist interference from adversarial samples,a domain adaptive robust image classification method was proposed.Firstly,by analyzing the distribution characteristics of clean images and adversarial examples,domain adaptation learning methods were used to align the feature spaces of clean images and adversarial examples.Secondly,clean images and adversarial examples were treated as the source domain and target domain respectively,to construct a generative adversarial classification network.Finally,an adversarial learning linear loss function was constructed to optimize the network.The proposed algorithm,validated with adversarial samples constrained by l_(∞)and l_(2) norms,demonstrates an improvement of 4.3%and 1.23%in standard accuracy compared to standard training and adversarial training algorithms on the MNIST-M dataset,and an improvement of 1.23%and 20.45%on the CIFAR-10 dataset.Meanwhile,the robust accuracy on three types of adversarial samples is increased by more than 10%.The robust accuracy on the remote sensing scene classification SIRI-WHU dataset reaches 79.6%.Experimental results indicate that the proposed algorithm effectively enhances the standard accuracy and robust accuracy of image classification models,demonstrating stronger robustness when facing adversarial sample perturbations.
作者
李林娟
张兆祥
贺赟
LI Lin-juan;ZHANG Zhao-xiang;HE Yun(School of Electronic and Information Engineering,Taiyuan University of Science and Technology,Taiyuan 030024,China;Shanxi Key Laboratory of Advanced Control and Equipment Intelligence,Taiyuan 030024,China)
出处
《科学技术与工程》
北大核心
2024年第36期15558-15566,共9页
Science Technology and Engineering
基金
山西省基础研究计划(202303021212222)
山西省重点研发计划(202202010101005)
中国高校产学研创新基金(2021ZYA11005)。
关键词
鲁棒性
对抗样本
域自适应性
生成对抗网络
robustness
adversarial sample
domain adaptation
generating adversarial networks
