计算机工程2025,Vol.51Issue(2):300-311,12.DOI:10.19678/j.issn.1000-3428.0068481
基于SE-AdvGAN的图像对抗样本生成方法研究
Research on Image Adversarial Example Generation Method Based on SE-AdvGAN
摘要
Abstract
Adversarial examples are crucial for evaluating the robustness of Deep Neural Network(DNN)and revealing their potential security risks.The adversarial example generation method based on a Generative Adversarial Network(GAN),AdvGAN,has made significant progress in generating image adversarial examples;however,the sparsity and amplitude of the perturbation generated by this method are insufficient,resulting in lower authenticity of adversarial examples.To address this issue,this study proposes an improved image adversarial example generation method based on AdvGAN,Squeeze-and-Excitation(SE)-AdvGAN.SE-AdvGAN improves the sparsity of perturbation by constructing an SE attention generator and an SE residual discriminator.The SE attention generator is used to extract the key features of an image and limit the position of perturbation generation.The SE residual discriminator guides the generator to avoid generating irrelevant perturbation.Moreover,a boundary loss based on l2 norm is added to the loss function of the SE attention generator to limit the amplitude of perturbation,thereby improving the authenticity of adversarial examples.The experimental results indicate that in the white box attack scenario,the SE-AdvGAN method has higher sparsity and smaller amplitude of adversarial example perturbation compared to existing methods and achieves better attack performance on different target models.This indicates that the high-quality adversarial examples generated by SE-AdvGAN can more effectively evaluate the robustness of DNN.关键词
对抗样本/生成对抗网络/稀疏扰动/深度神经网络/鲁棒性Key words
adversarial example/Generative Adversarial Network(GAN)/sparse perturbation/Deep Neural Network(DNN)/robustness分类
计算机与自动化引用本文复制引用
赵宏,宋馥荣,李文改..基于SE-AdvGAN的图像对抗样本生成方法研究[J].计算机工程,2025,51(2):300-311,12.基金项目
国家自然科学基金(62166025) (62166025)
甘肃省重点研发计划(21YF5GA073). (21YF5GA073)
