网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (5): 40-48.doi: 10.11959/j.issn.2096-109x.2021065

• 专栏Ⅰ:语音图像与音视频处理 • 上一篇    下一篇

基于RSA的图像可识别对抗攻击方法

张宇, 李海良   

  1. 暨南大学,广东 广州 510632
  • 修回日期:2021-03-15 出版日期:2021-10-15 发布日期:2021-10-01
  • 作者简介:张宇(1995− ),男,河南许昌人,暨南大学博士生,主要研究方向为深度学习安全、对抗样本
    李海良(1981− ),男,河南商丘人,暨南大学副教授,主要研究方向为图像识别与网络安全
  • 基金资助:
    广东省重点研发计划(2020B0101090004);广东省科技创新战略专项资金(pdjh2021b0058)

RSA-based image recognizable adversarial attack method

Yu ZHANG, Hailiang LI   

  1. Jinan University, Guangzhou 510632, China
  • Revised:2021-03-15 Online:2021-10-15 Published:2021-10-01
  • Supported by:
    Key Research and Development Program of Guangdong Province(2020B0101090004);Special Funds for the Cultivation of Guangdong College Students’ Scientific and Technological Innovation(pdjh2021b0058)

摘要:

基于密码学中的RSA签名方案与RSA加密方案,提出了一种能够让特定分类器输出对抗样本正确分类的对抗攻击方法。通过单像素攻击的思想使正常图像在嵌入附加信息的同时能够具有让其余分类器发生错误分类的能力。所提方法可以应用在分类器授权管理与在线图像防伪等领域。实验结果表明,所提方法生成的对抗样本对于人眼难以察觉,并能被特定分类器识别。

关键词: 对抗攻击, 签名方案, 加密方案, 密码学, 分类器, 图像识别

Abstract:

Adversarial attack is an important part of deep learning security research.Relying on the RSA signature schemes and RSA encryption schemes in cryptography, an adversarial attack method that adversarial examples can be recognized by a specific classifier is proposed.Through the idea of one pixel attack, the normal image can have the ability to make other classifier misclassify while embedding additional information.It can be used in classifier authorization management, online image anti-counterfeiting, etc.The experiment show that the adversarial examples can be recognized under the specific classifier, and the disturbance noise is difficult to detect by the human eye.

Key words: adversarial attack, signature scheme, encryption scheme, cryptography, classifier, image recognition

中图分类号: 

No Suggested Reading articles found!