网络与信息安全学报2024,Vol.10Issue(6):59-70,12.DOI:10.11959/j.issn.2096-109x.2024080
车牌识别系统中基于特征不变量的对抗检测
Adversarial detection based on feature invariant in license plate recognition systems
摘要
Abstract
Deep neural networks have become an integral part of people's daily lives.However,researchers observed that these networks were susceptible to threats from adversarial samples,leading to abnormal behaviors such as misclassification by the network model.The presence of adversarial samples poses a significant threat to the application of deep neural networks,especially in security-sensitive scenarios like license plate recognition systems.Presently,most existing defense and detection technologies against adversarial samples show promising results for specific types of adversarial attacks.However,they often lack generality in addressing all types of adversarial attacks.In response to adversarial sample attacks on real-world license plate recognition systems,an unsupervised adversarial sample detection system named FIAD was proposed,which was based on analyzing the inherent variations in neural networks trained on clean samples and the dimensional complexity between clean samples.FIAD utilized neural network invariants and local intrinsic dimensionality invariants for effective sample detection.The detection system was deployed into widely used open-source license plate recognition systems,HyperLPR and EasyPR,and extensive experiments were conducted using the real dataset CCPD.The results from experiments involving 11 different types of attacks indicate that,compared to 4 other advanced detection methods,FIAD can effectively detect all these attacks at a lower false positive rate,with an accuracy consistently reaching 99%.Therefore,FIAD exhibits good generality against various types of adversarial attacks.关键词
深度神经网络/对抗样本检测/车牌识别/特征不变量Key words
deep neural network/adversarial sample detection/license plate recognition/feature invariants分类
信息技术与安全科学引用本文复制引用
朱孝羽,唐鹏,张浩臣,邱卫东,黄征..车牌识别系统中基于特征不变量的对抗检测[J].网络与信息安全学报,2024,10(6):59-70,12.基金项目
国家重点研发计划资助(2023YFB3106501) The National Key R&D Program of China(2023YFB3106501) (2023YFB3106501)
