中圖分類號：TP391
文獻標識碼：A
DOI:10.19358/j.issn.2097-1788.2023.08.011
引用格式：薛晨浩，杜金浩，劉泳銳，等.基于圖像降噪的集成對抗防御模型研究［J］.網絡安全與數據治理，2023，42（8）：66-71.

Research on integrated adversarial defense model based on image noise reduction

Abstract： The rapid development of deep learning makes it widely used in many fields such as image recognition and natural language processing. However, scholars have found that deep neural networks are easily deceived by adversarial examples, making them output wrong results with a high degree of confidence. The emergence of adversarial examples poses a great threat to systems with strict security requirements. This paper denoises the image at the lowlevel (LowLevel Feature) and highlevel features (HighLevel Feature) to improve the defense performance of the model. At the lower layer, a denoising autoencoder is trained, and the idea of integrated learning is used to combine autoencoder, Gaussian perturbation, and image mask reconstruction; the upper layer makes minor changes to ResNet18 and adds mean filtering. Experimental results show that the method proposed in this paper has better performance on the classification task of multiple data sets.

Key words : adversarial examples; integrated learning; denoising autoencoders; highlevel features