政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/141839
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113311/144292 (79%)
Visitors : 50935565      Online Users : 944
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/141839


    Title: 透過高斯濾波強化卷積神經網路來阻擋 FGMS 對抗式攻擊
    Robust Convolutional Neural Networks Through Gaussian Filter to Defend Against FGSM Adversarial Attacks
    Authors: 陳彥宏
    Chen, Yen-Hung
    Contributors: 胡毓忠
    Hu, Yuh-Jong
    陳彥宏
    Chen, Yen-Hung
    Keywords: 對抗式攻擊
    穩健性
    高斯濾波
    去雜訊化
    影像分類
    卷積神經網路
    Adversarial Attacks
    Robustness
    Gaussian Filter
    Denoise
    Image Classification
    Convolutional Neural Network
    Date: 2022
    Issue Date: 2022-09-02 15:47:23 (UTC+8)
    Abstract: 隨著硬體的進步,捲積神經網路 (CNN) 已經成功地被廣泛應用在 自動駕駛技術,用來偵測停止標或在路上的人們或車輛。根據這些偵 測的結果,車輛可以自動駕駛。但是,捲積神經網路的演算法卻有 缺陷,例如“停止”的標誌,加上一些干擾雜訊之後,可能就會被誤判 為“限速標誌”。這種行為稱之為“對抗式攻擊”。對抗式攻擊對於捲積 神經網路的應用產生了極大的風險。因此,對抗式防禦及增強捲積神 經網路的強韌性是兩個很具代表性的研究方向可以減低被攻擊的風 險,及增強人們對模型的信心。我們的論文中,提出一個方法來防止 對抗式攻擊。首先,在模型訓練階段,我們除了用原始的訓練資料去 訓練捲積神經網路,並且使用高斯濾波在原始訓練資料上,來產生新 的資料。尚加入這些新的訓練資料,可以強化捲積神經網路的強韌 性。在測試階段,我們在強化模型前面放置高斯濾波,將進來的資料 去雜訊,可以近一步強化模型的分類在面臨攻擊的準確度。
    Convolutional Neural Network (CNN) has been successfully applied to the automobile industry because of hardware improvement. Auto-drive technology is used to detect stop signs, cars, or people on the road. According to the detection, the vehicle can be driven automatically. However, a “stop” sign can be changed to a “speed sign” when adding some noise. This action is called an “Adversarial Attack.” The adversarial attack makes an enormous risk on numerous applications. Hence, the adversarial defense has become an emerging topic of reducing the risk and increasing people’s confidence in the CNN model. In this study, we show a method to prevent the adversarial attack. We first train the original images in the training phase to enhance the CNN’s robustness. In addition, we add the Gaussian filtering images to enhance the training for the defense of the pictures. In the testing phase, we use a Gaussian filter to eliminate perturbations before feeding the image to the CNN model to increase its image classification accuracy.
    Reference: [1] Behzadan, V. and Munir, A. (2017). Whatever does not kill deep reinforcement learning, makes it stronger. arXiv:1712.09344v1.
    [2] Biggio, B. and Roli, F. (2018). Wild patterns: Ten years after the rise of adversarial machine learning. arXiv:1712.03141va2.
    [3] Biggio,B.,Corona,I.,and Maiorca,D.,etal.(2017).Evasion attacks against machine learning at test time. arXiv:1708.06131.
    [4] Biggio, B., Fumera, G., and Roli, F. (2014). Pattern recognition systems under attack: Design issues and research challenges. IJPRAI 28 (7).
    [5] Biggio,B.,Nelson,B.,and Laskov,P. (2012). Poisoning attacks against support vector machines. in: 29th ICML.
    [6] Carlini, N. and Wagner, D. (2017). Towards evaluating the robustness of neural networks. arXiv:1608.04644.
    [7] Goodfellow, I. J., Shlens, J., and Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.
    [8] Gu, S. and Rigazio, L. (2014). Towards deep neural network architectures robust to adversarial examples. arXiv:1412.5068v4.
    [9] Harder, P., Pfreundt, F.-J., and Keuper, M., et al. (2021). Spectral defense: Detecting adversarial attacks on cnns in the fourier domain. arXiv preprint arXiv:2103.03000.
    [10] Ilahi, I., Usama, M., and Qadir, J., et al. (2020). Challenges and countermeasures for adversarial attacks on deep reinforcement learning. arXiv:2001.09684.
    [11] Kos, J. and Song, D. (2017). Delving into adversarial attacks on deep policies,. arXiv:1705.06452.
    [12] Krizhevsky, A. (2009). Learning multiple layers of features from tiny images. computer Science Department, University of Toronto, Tech. Rep.
    [13] Krizhevsky,A., Sutskever,I., and Hinton,G.E (2017). Imagenet classification with deep convolutional neural networks,. Communications of the ACM 60.6: pp.84-90.
    [14] Kurakin, A., Goodfellow, I., and Bengio, S. (2016). Adversarial examples in the physical world. arXiv:1607.02533.
    [15] Lee,K.,Lee,K.,andLee,H.,etal.(2018).A simple unified framework for detecting out-of-distribution samples and adversarial attacks. arXiv:1807.03888.
    [16] Li, B., Chen, C., and Wang, W., et al. (2019). Certified adversarial robustness with additive noise. arXiv:1809.03113v6.
    [17] Li, Z., Feng, C., and Zheng, J., et al. (2020). Towards adversarial robustness via feature matching. IEEE.
    [18] Lin,Y.-C.,Liu,M.-Y.,andSun,M.,etal.(2017). Detecting adversarial attacks on neural network policies with visual foresight. arXiv:1710.00814v1.
    [19] Liu, A., Liu, X., and Zhang, C., et al. (2020). Training robust deep neural networks via adversarial noise propagation. arXiv:1909.09034v2.
    [20] Ma, X., Li, B., and Wang, Y., et al. (2018). Characterizing adversarial subspaces using local intrinsic dimensionality. arXiv preprint arXiv:1801.02613.
    [21] Madry, A., Makelov, A., and Schmidt, L., et al. (2019). Towards deep learning models resistant to adversarial attacks. arXiv:1706.06083.
    [22] Muñoz-González,L.,Biggio,B.,and Demontis,A., etal.(2018).Towardspoisoning of deep learning algorithms with back-gradient optimization. in: AISec ’17, ACM, pp.27–38.
    [23] Papernot, N., McDaniel, P., and Goodfellow, I., et al (2017). Practical black-box attacks against machine learning. arXiv:1602.02697.
    [24] Russakovsky, O., Deng, J., and Su, H., et al. (2015). Imagenet large scale visual recognition challenge,. International journal of computer vision 115.3: pp.211-252.
    [25] Shafique,M.,Naseer,M.,and Theocharides,T., etal.(2020). Robust machine learning systems: Challenges, current trends, perspectives, and the road ahead. IEEE Design and Test, Vol. 37, Issue: 2.
    [26] Simonyan,K.and Zisserman,A. (2014). Very deep convolutional networks for large scale image recognition. arXiv:1409.1556.
    [27] Tramèr, F., Zhang, F., and Juels, A., et al. (2016). Stealing machine learning models via prediction apis. arXiv:1609.02943.
    [28] Zhang, K., Zuo, W., and Chen, Y., et al. (2016). Beyond a gaussian denoiser: Residual learning of deep cnn for image denoising,. arXiv:1608.03981.
    Description: 碩士
    國立政治大學
    資訊科學系碩士在職專班
    109971008
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0109971008
    Data Type: thesis
    DOI: 10.6814/NCCU202201368
    Appears in Collections:[Executive Master Program of Computer Science of NCCU] Theses

    Files in This Item:

    File Description SizeFormat
    100801.pdf974KbAdobe PDF2157View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback