信息网络安全 ›› 2019, Vol. 19 ›› Issue (9): 66-70.doi: 10.3969/j.issn.1671-1122.2019.09.014

• • 上一篇    下一篇

基于对抗训练和VAE样本修复的对抗攻击防御技术研究

郭敏, 曾颖明, 于然, 吴朝雄   

  1. 北京计算机技术及应用研究所,北京 100854
  • 收稿日期:2019-07-15 出版日期:2019-09-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:郭敏(1991—),女,山东,工程师,硕士,主要研究方向为人工智能安全;曾颖明(1985—),男,江西,高级工程师,硕士,主要研究方向为信息安全;于然(1981—),男,吉林,高级工程师,硕士,主要研究方向为信息安全;吴朝雄(1988—),男,湖北,工程师,硕士,主要研究方向为信息安全。

Research on Defense Technology of Adversarial Attacks Based on Adversarial Training and VAE-repairing

Min GUO, Yingming ZENG, Ran YU, Zhaoxiong WU   

  1. Beijing Institute of Computer Technology and Applications, Beijing 100854, China
  • Received:2019-07-15 Online:2019-09-10 Published:2020-05-11

摘要:

人工智能系统面临着来自物理世界的对抗性欺骗攻击的威胁,人工智能算法对这种攻击十分敏感。以目标识别为例,攻击者在样本数据上添加十分微小的扰动,即可达到降低目标识别准确率甚至有目标地诱导识别结果的目的。如何有效抵御对抗样本威胁成为业界的一个研究热点。文章重点研究了基于随机对抗训练的智能计算模型安全加固技术和基于变分自编码器的异常样本修复技术,针对对抗样本攻击进行事前主动加固和事后及时修复,结合“主动+被动”的理念实现人工智能算法的安全增强,确保人工智能技术安全、可靠地落地应用。

关键词: 人工智能, 安全增强, 对抗训练, 样本修复

Abstract:

The artificial intelligence system is facing the threat of adversarial attacks from the physical world. The artificial intelligence algorithm is very sensitive to the attacks. Taking the target recognition as an example, the attacker adds a very small disturbance to the sample data, then the target recognition accuracy reduces or even the result of recognition can be targeted induced. How to effectively resist the threat of adversarial examples has become a research hotspot in the industry. This paper focuses on the security reinforcement model based on stochastic adversarial training and the adversarial examples repair technology based on variational self-encoder. The pre-active reinforcement and after-active repair are carried out in response to the adversarial attacks, combined with the concept of “active + passive”, which achieves the security enhancement of artificial intelligence algorithm, and ensures that artificial intelligence technology can be applied safely and reliably.

Key words: artificial intelligence, security enhancement, adversarial training, adversarial perturbations clearance

中图分类号: