面向对抗样本攻击的移动目标防御

doi:10.11959/j.issn.2096-109x.2021012

Abstract

Abstract:

Deep neural network has been successfully applied to image classification, but recent research work shows that deep neural network is vulnerable to adversarial attacks.A moving target defense method was proposed by means of dynamic switching model with a Bayes-Stackelberg game strategy, which could prevent an attacker from continuously obtaining consistent information and thus blocked its construction of adversarial examples.To improve the defense effect of the proposed method, the gradient consistency among the member models was taken as a measure to construct a new loss function in training for improving the difference among the member models.Experimental results show that the proposed method can improve the moving target defense performance of the image classification system and significantly reduce the attack success rate against the adversarial examples.

Key words: adversarial examples, moving target defense, Bayes-Stackelberg game

CLC Number:

TP393

Bin WANG, Liang CHEN, Yaguan QIAN, Yankai GUO, Qiqi SHAO, Jiamin WANG. Moving target defense against adversarial attacks[J]. Chinese Journal of Network and Information Security, 2021, 7(1): 113-120.

Figures/Tables 8

防御者		PGD攻击者
防御者	GoogLeNet	VGG16	ResNet-50
GoogLeNet	(18.1, 81.9)	$(38 . 8, 41 . 2)$	(52.5, 47.5)
VGG16	$(37 . 5, 62 . 5)$	(19.7, 80.3)	(30.6, 69.4)
ResNet-50	(49.5, 50.5)	$(48 . 0, 52 . 0)$	(14.0, 86.0)

对抗样本生成方法			λ
对抗样本生成方法	0	0.2	0.4	0.6	0.8	1
FGSM	0.19	0.26	0.34	0.41	0.46	0.48
PGD	$0 . 18$	$0 . 28$	$0 . 39$	$0 . 452$	$0 . 5$	$0 . 52$
MI-FGSM	0.19	0.29	0.42	0.48	0.53	0.55
M-DI²-FGSMD	0.17	0.25	0.37	0.48	0.55	0.59

References 17

[1]	HOLI G , JAIN D K . Convolutional neural network approach for extraction and recognition of digits from bank cheque images[M]// Emerging Research in Electronics,Computer Science and Technology. 2019: 331-341.
[2]	FOMIN I S , BAKHSHIEV A V . Research on convolutional neural network for object classification in outdoor video surveillance system[C]// International Conference on Neuroinformatics. 2019: 221-229.
[3]	BUYVAL A , GABDULLIN A , LYUBIMOV M . Road sign detection and localization based on camera and lidar data[C]// Eleventh International Conference on Machine Vision (ICMV 2018). 2019:1104125.
[4]	SZEGEDY C , ZAREMBA W , SUTSKEVER I ,et al. Intriguing properties of neural networks[J]. arXiv preprint arXiv:1312.6199, 2013.
[5]	GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples[J]. arXiv preprint arXiv:1412.6572, 2014.
[6]	MADRY A , MAKELOV A , SCHMIDT L ,et al. Towards deep learning models resistant to adversarial attacks[J]. arXiv preprint arXiv:1706.06083, 2017.
[7]	SENGUPTA S , CHAKRABORTI T , KAMBHAMPATI S . MTDeep:moving target defense to boost the security of deep neural nets against adversarial attacks[M]. Proc GameSec, 2019.
[8]	ZHUANG R , DELOACH S A , OU X . Towards a theory of moving target defense[C]// Proceedings of the First ACM Workshop on Moving Target Defense. 2014: 31-40.
[9]	RUSSAKOVSKY O , DENG J , SU H ,et al. ImageNet large scale visual recognition challenge[J]. International Journal of Computer Vision, 2015,115(3): 211-252.
[10]	DONG Y , LIAO F , PANG T ,et al. Boosting adversarial attacks with momentum[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2018: 9185-9193.
[11]	XIE C , ZHANG Z , ZHOU Y ,et al. Improving transferability of adversarial examples with input diversity[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2019: 2730-2739.
[12]	PARUCHURI P , PEARCE J P , TAMBE M ,et al. An efficient heuristic approach for security against multiple adversaries[C]// In AAMAS. 2007.
[13]	PARUCHURI P , PEARCE J P , MARECKI J ,et al. Playing games for security:an efficient exact algorithm for solving Bayesian-Stackelberg games[C]// Proceedings of the 7th International Joint Conference on Autonomous Agents and Multiagent Systems- Volume 2. 2008: 895-902.
[14]	DENG J , DONG W , SOCHER R ,et al. ImageNet:a large-scale hierarchical image database[C]// IEEE Conference on Computer Vision ＆ Pattern Recognition. IEEE, 2009.
[15]	SZEGEDY C , LIU W , JIA Y ,et al. Going deeper with convolutions[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2015: 1-9.
[16]	SIMONYAN K , ZISSERMAN A . Very deep convolutional networks for large-scale image recognition[J]. arXiv preprint arXiv:1409.1556, 2014.
[17]	HE K , ZHANG X , REN S ,et al. Deep residual learning for image recognition[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2016: 770-778.

Metrics

Recommended 0

No Suggested Reading articles found!

GoogLeNet^[15]	VGG16^[16]	ResNet-50^[17]
(91.3, 91.3)	(85.5, 85.5)	(92.5, 92.5)

防御者		FGSM攻击者
防御者	GoogLeNet	VGG16	ResNet-50
GoogLeNet	(21.1, 79.9)	(62.5, 37.5)	(55.1, 44.9)
VGG16	(40.5, 59.5)	(26.7, 73.3)	(33.4, 66.6)
ResNet-50	(43.6, 53.4)	51.1, 48.9	(16.3, 83.7)

防御者		MI-FGSM攻击者
防御者	GoogLeNet	VGG16	ResNet-50
GoogLeNet	(14.1, 85.9)	(60.8, 39.2)	(54.8, 45.2)
VGG16	(45.7, 54.3)	(21.3, 78.7)	(36.6, 63.4)
ResNet-50	(48.5, 51.5)	(52.2, 47.8)	(15.4, 84.6)

Moving target defense against adversarial attacks

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 17

Related Articles 9

Metrics

Recommended 0

防御者		M-DI²-FGSM攻击者
防御者	GoogLeNet	VGG16
GoogLeNet	(18.8, 81.2)	(61.1, 38.9)
VGG16	(38.6, 61.4)	(24.2, 75.8)
ResNet-50	(47.9, 52.1)	(50.1, 49.9)

[1]	Baolin QIU, Ping YI. Adversarial examples defense method based on multi-dimensional feature maps knowledge distillation [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 88-99.
[2]	Weizhen HE, Fucai CHEN, Jie NIU, Jinglei TAN, Shumin HUO, Guozhen CHENG. Research progress on dynamic hopping technology for network layer [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 44-55.
[3]	Wei ZENG, Hongchao HU, Lingshu LI, Shumin HUO. Dynamic heterogeneous scheduling method based on Stackelberg game model in container cloud [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 95-104.
[4]	Ximeng LIU,Lehui XIE,Yaopeng WANG,Xuru LI. Adversarial attacks and defenses in deep learning [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 36-53.
[5]	Kang HE,Yuefei ZHU,Long LIU,Bin LU,Bin LIU. Improve the robustness of algorithm under adversarial environment by moving target defense [J]. Chinese Journal of Network and Information Security, 2020, 6(4): 67-76.
[6]	Fei YAN,Minglun ZHANG,Liqiang ZHANG. Adversarial examples detection method based on boundary values invariants [J]. Chinese Journal of Network and Information Security, 2020, 6(1): 38-45.
[7]	Jinglei TAN, Hongqi ZHANG, Cheng LEI, Xiaohu LIU, Shuo WANG. Research progress on moving target defense for SDN [J]. Chinese Journal of Network and Information Security, 2018, 4(7): 1-12.
[8]	Yuyang ZHOU, Guang CHENG, Chunsheng GUO. Risk assessment method for network attack surface based on Bayesian attack graph [J]. Chinese Journal of Network and Information Security, 2018, 4(6): 11-22.
[9]	Danjun LIU,Guilin CAI,Baosheng WANG. AMTD:a way of adaptive moving target defense [J]. Chinese Journal of Network and Information Security, 2018, 4(1): 15-25.