Neighbor2Neighbor去噪的对抗样本防御方法OA

In image classification tasks,adversarial examples can fool the deep learning models with high confidence.At present,improving the classification model is the main method of defending adver-sarial examples,however,which is expensive or difficult to defend against new adversarial attack algo-rithms.To solve the above problems,a defense method against adversarial attacks is proposed based on image denoising.By adding Gaussian noise to the input examples,the adversarial perturbations elabo-rately designed by the attackers can be destroyed.Then the noise in the input examples could be de-creased by using the Neighbor2Neighbor denoising network.The experiment results show that,on Ima-geNet dataset,the proposed method can effectively defend against the classical adversarial attacks such as basic itrative method(BIM),C&W(Carlini and Wagner)attacks,and DeepFool.And its de-fense effect is better than those of ComDefend and JPEG compression.