基于Transformer和GAN的对抗样本生成算法OA北大核心CSTPCD

Adversarial attack and defense is a popular research area in computer security.Trans-GAN,an adversarial example generation algorithm based on the combination of Transformer and Generate Adversarial Network(GAN),is proposed to address the problems of the poor visual quality of existing gradient-based adversarial example generation methods and the low generation efficiency of optimization-based methods.First,the algorithm utilizes the powerful visual representation capability of the Transformer as a reconstruction network for receiving clean images and generating adversarial noise.Second,the Transformer reconstruction network is combined with a deep convolutional network-based discriminator as a generator to form a GAN architecture,which improves the authenticity of the generated images and ensures the stability of training.Meanwhile,the improved attention mechanism,Targeted Self-Attention,is proposed to introduce target labels as a priori knowledge when training the network,which guides the network model to learn to generate adversarial perturbations with specific attack targets.Finally,adversarial noise is added to the clean examples using skip-connections to form adversarial examples.Experimental results demonstrate that the proposed algorithm achieves an attack success rate of more than 99.9% on both models used for the MNIST dataset and 96.36% and 98.47% on the two models used for the CIFAR10 dataset,outperforming the current state-of-the-art generative-based adversarial attack methods.The qualitative results show that compared to the Fast Gradient Sign Method(FGSM)and Projected Gradient Descent(PGD)algorithms,the generated adversarial noise of the Trans-GAN algorithm is less perturbed,and the formed adversarial examples are more natural and meet the requirements of human vision,which is not easily distinguished.