中圖分類號: TP391 文獻標(biāo)識碼: A DOI: 10.19358/j.issn.2096-5133.2022.05.009 引用格式: 丁燁,王杰,宛齊,等. 從頻域角度重新分析對抗樣本[J].信息技術(shù)與網(wǎng)絡(luò)安全,2022,41(5):59-65,76.
Analysis of adversarial examples from frequency domain
Ding Ye1,Wang Jie1,Wan Qi1,Liao Qing2
(1.School of Cyberspace Security,Dongguan University of Technology,Dongguan 523820,China; 2.School of Computer Science and Technology,Harbin Institute of Technology(Shenzhen),Shenzhen 518055,China)
Abstract: Research on adversarial examples in spatial domain is well studied, but related works in frequency domain is scarce. In this paper, we conduct thorough study of adversarial examples in frequency domain and find that adversarial examples exhibit highly identifiable artifacts in Discrete cosine transform(DCT) domain. Hence, a frequency domain-based adversarial example detector, CNN-DCT, is trained based on such artifact information, and the results achieve 98% detection accuracy for common adversarial examples on both CIFAR-10 and SVHN datasets. In addition, a general improved algorithm, IAA-DCT, is also proposed to address the artifacts that exist in the frequency domain for the adversarial examples. In conclusion, this paper not only provides studies of adversarial examples in frequency domain, but also improves the disadvantages of the adversarial attack algorithm with artifacts in the frequency domain.
Key words : adversarial example;frequency domain;discrete cosine transform(DCT) domain;adversarial attack
