政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/151503
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文笔数/总笔数 : 113318/144297 (79%)
造访人次 : 50997358      在线人数 : 880
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    请使用永久网址来引用或连结此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/151503


    题名: 基於可逆半色調技術的對抗例防禦機制探討
    Adversarial Defense Mechanism Using Reversible Halftoning Techniques
    作者: 于振升
    Yu, Zhen-Sheng
    贡献者: 廖文宏
    Liao, Wen-Hung
    于振升
    Yu, Zhen-Sheng
    关键词: 半色調轉化還原
    圖像分類
    深度學習
    視覺轉換器
    Reversible Halftoning
    Image Classification
    Deep Learning
    Vision Transformers
    日期: 2024
    上传时间: 2024-06-03 11:42:42 (UTC+8)
    摘要: 對抗例是指對機器學習模型的一種攻擊手法,目的是使模型在輸入上產生誤差,導致模型誤分類或產生錯誤的輸出。對抗例攻擊是機器學習和深度學習中一個重要的安全問題,因為這些攻擊可能導致模型在實際應用中的失效。
    本論文探討在對抗例攻擊的案例中,使用可逆半色調轉換(Reversible Halftoning)受攻擊過後的圖片對於抵抗攻擊結果的效益,並與傳統的擴散抖動演算法(Floyd-Steinberg dithering)相互比較分析。利用不同的深度學習模型比較,藉由將受攻擊過後的資料集使用不同的圖像處理法,並分別進行多次的迭代,觀察各種圖像處理法針對受過攻擊的圖片在不同的迭代次數下抵銷攻擊造成影響的程度,以便在圖像處理法本身的資訊損失跟對抗例攻擊中間尋找平衡點,期能維持模型最佳的辨識度。
    本研究透過深度學習方法,分別以傳統神經網路模型ResNet和CvT視覺轉換模型之方式,綜合討論各種不同方法處理過的對抗例圖片,並以Top-1準確率和Top-5準確率評估防禦攻擊之成果。實驗結果顯示,使用可逆半色調還原技術將受攻擊的圖片轉換,會相較比使用傳統的擴散抖動演算法處理過後的圖片更能消去對抗例攻擊之影響。此外,依據不同深度學習網路模型,遭受對抗例的表現也會有所不同,其中使用CvT視覺轉換模型以本身已經可以針對防禦上有不錯的表現,而傳統神經網路模型(ResNet)則明顯在受過攻擊的圖片之辨識率上會降低非常多,此時使用本論文研究之可逆半色調還原技術去處理圖片對於準確度提升有大的幫助。
    Adversarial examples refer to a technique used to attack machine learning models, aiming to introduce errors in the model's inputs, leading to misclassification or erroneous outputs. Adversarial attacks and defenses represent crucial security issues in the fields of machine learning and deep learning, as these attacks can cause models to fail in practical applications.
    This thesis explores the benefits of using reversible halftoning transformation, specifically reversible halftoning, on images after being attacked, to resist the effects of such attacks. A comparative analysis is conducted with the traditional Floyd-Steinberg dithering algorithm. Various deep learning models are compared by applying different image processing techniques to datasets after being attacked. Iterations are performed to observe the extent to which different image processing techniques can counteract the impact of attacks on the attacked images at different iteration counts, aiming to find a balance between information loss in image processing and defense against adversarial attacks, thereby maintaining the optimal recognition performance of the models.
    This study employs deep learning methods, utilizing both the conventional neural network model ResNet and the CvT visual transformer model. Various methods for processing attacked images are comprehensively discussed, and the defense against attacks is evaluated based on Top-1 and Top-5 accuracy rates. Experimental results indicate that using reversible halftoning restoration techniques to transform attacked images can more effectively mitigate the impact of adversarial attacks compared to using the traditional Floyd-Steinberg dithering algorithm. Additionally, the performance of models under adversarial attacks varies depending on different deep learning network models. While the CvT model exhibits good performance in defense, the conventional neural network model (ResNet) experiences a significant decrease in recognition accuracy on attacked images. In such cases, employing the reversible halftoning restoration technique proposed in this thesis proves to be greatly beneficial for improving accuracy.
    參考文獻: [1] 維基百科:深度學習架構:
    https://zh.wikipedia.org/zh-tw/%E6%B7%B1%E5%BA%A6%E5%AD%A6%E4%B9%A0
    [2] Y. LeCun; B. Boser; J. S. Denker; D. Henderson; R. E. Howard. (1989). Backpropagation Applied to Handwritten Zip Code on IEEE Intelligent Systems, 541-555.
    [3] Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun Microsoft Research。Identity Mappings in Deep Residual Networks arXiv:1603.05027v3 [cs.CV] 25 Jul 2016
    [4] AlexeyDosovitskiy, Lucas,Beyer, AlexanderKolesnikov, DirkWeissenborn, Xiaohua Zhai, Thomas Unterthiner, Mostafa Dehghani, Matthias Minderer, Georg Heigold, Sylvain Gelly, Jakob Uszkoreit, Neil Houlsby (2020). An Image is Worth 16x16Words:TransformersforImageRecognitionat Scale. arXiv:2010.11929 [cs.CV]
    [5] Haiping Wu, Bin Xiao, Noel Codella, Mengchen Liu, Xiyang Dai, Lu Yuan, Lei Zhang (2021). CvT: Introducing Convolutions to Vision Transformers, arXiv:2103.15808
    [6] Ian J. Goodfellow, Jonathon Shlens, Christian Szegedy. (2014). Explaining and Harnessing Adversarial Examples. arXiv:1412.6572 [stat.ML]
    [7] Ian J. Goodfellow, Jonathon Shlens, Christian Szegedy. (2014). Explaining and Harnessing Adversarial Examples. (pp.3 -5).
    [8] Ian J. Goodfellow, Jonathon Shlens, Christian Szegedy. (2014). Explaining and Harnessing Adversarial Examples. (pp.5 -7)
    [9] Papernot, Nicolas, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z. Berkay Celik, and Ananthram Swami. "The limitations of deep learning in adversarial settings." In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on, pp. 372-387. IEEE, 2016
    [10] Nicholas Carlini,David Wagner Towards Evaluating the Robustness of Neural Networks [D] 10.1109/SP(2017)
    [11] Naveed Akhtar, Ajmal Mian.(2018) Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey. arXiv:1801.00553 [cs.CV]
    [12] Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z. Berkay Celik, Ananthram SwamiPractical Black-Box Attacks against Machine Learning(pp.4 -7)
    [13] 對抗防禦之對抗樣本檢測:Feature Squeezing
    https://www.cnblogs.com/hickey2048/p/15136348.html
    [14] Joachim Folz , Sebastian Palacio , Joern Hees, Damian Borth, and Andreas Dengel.(2020)Adversarial Defense based on Structure-to-Signal Autoencoders .2020 IEEE Winter Conference on Applications of Computer Vision (WACV)
    [15] 維基百科:半色調
    https://zh.wikipedia.org/zh-tw/%E5%8D%8A%E8%89%B2%E8%AA%BF
    [16] 印刷第四課:印前基礎-網點
    https://jeseinfini.com/2016/02/21/%E5%8D%B0%E5%88%B7%E7%AC%AC%E5%9B%9B%E8%AA%B2%EF%BC%9A%E5%8D%B0%E5%89%8D%E5%9F%BA%E7%A4%8E-%E7%B6%B2%E9%BB%9E/
    [17] Huang, Chen-Wei, Liao, Wen-Hung. (2021). Defense Mechanism Against Adversarial Attacks Using Density-based Representation of Images, 5-8.
    [18] 維基百科: Floyd–Steinberg dithering
    https://en.wikipedia.org/wiki/Floyd%E2%80%93Steinberg_dithering/
    [19] Menghan Xia, Wenbo Hu, Xueting Liu, Tien-Tsin Wong(2021) Deep Halftoning With Reversible Binary Pattern. IEEE/CVF International Conference on Computer Vision (ICCV), 2021 (pp. 14000-14009).
    [20] ImageNet 資料集
    https://www.image-net.org/.
    [21] Tiny-ImageNet 資料集
    https://www.kaggle.com/c/tiny-imagenet/overview
    [22] ImageNet-100 資料集
    ehttps://www.kaggle.com/datasets/ambityga/imagenet100.
    [23] 維基百科:均方誤差
    https://zh.wikipedia.org/zh-tw/%E5%9D%87%E6%96%B9%E8%AF%AF%E5%B7%AE
    [24] 維基百科: 峰值訊噪比.
    https://zh.wikipedia.org/zh-tw/%E5%B3%B0%E5%80%BC%E4%BF%A1%E5%99%AA%E6%AF%94
    [25] 維基百科: 結構相似性
    https://zh.wikipedia.org/zh-tw/%E7%B5%90%E6%A7%8B%E7%9B%B8%E4%BC%BC%E6%80%A7
    描述: 碩士
    國立政治大學
    資訊科學系碩士在職專班
    108971016
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0108971016
    数据类型: thesis
    显示于类别:[資訊科學系碩士在職專班] 學位論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    101601.pdf2806KbAdobe PDF0检视/开启


    在政大典藏中所有的数据项都受到原著作权保护.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈