| Summary: | Under the artificial intelligence adversarial environment, deep neural networks have an obvious vulnerability to adversarial samples. To improve the robustness of the model in the adversarial environment, a deep neural network model robustness optimization method AdvRob is proposed. Firstly, the target model is transformed into a feature pyramid structure, and then the prior knowledge of latent features is used to generate more aggressive adversarial samples for adversarial training. Experiments on the MNIST and CIFAR-10 datasets show that the adversarial samples generated by using latent features have a higher attack success rate, more diversity and stronger transferability than the AdvGAN method. Under high disturbances, on the MNIST dataset, compared with original model, the defensive ability of the AdvRob method against FGSM and JSMA attacks has been improved by at least 4 times, and the defensive ability against PGD, BIM, and C&W attacks has been improved by at least 10 times. Compared with original model, the defensive ability against FGSM, PGD, C&W, BIM and JSMA attacks is improved by at least 5 times, and the defensive effect is obvious on the CIFAR-10 dataset. On the SVHN dataset, compared with FGSM adversarial training, PGD adversarial training, defensive distillation, and model robustness optimization methods adding external modules, the AdvRob method has the most significant defensive effect against white-box attacks. It provides an efficient and robust optimization method for the DNN model in the adversarial environment.
|
|---|