计算机工程与科学2026,Vol.48Issue(3):500-511,12.DOI:10.3969/j.issn.1007-130X.2026.03.012
基于SCViT的图像重构对抗样本防御方法
An adversarial examples defense method for image reconstruction based on SCViT
摘要
Abstract
The growing development of artificial intelligence(AI)has brought great convenience to people's lives,but it has also gradually triggered human contemplation regarding its security.Image classification is a crucial research task in the field of computer vision;however,the vulnerability of deep neural networks makes them susceptible to attacks from adversarial examples.Adversarial examples represent a significant research direction within the realm of AI security,with a plethora of techniques emerging for both generating and defending against them.This paper introduces modifications based on the vision Transformer(ViT)and proposes a novel model,similarity comparison vision Transformer(SCViT),for comparing the similarity of image patches.In SCViT,image patches are processed through a linear projection layer and a Transformer Encoder to obtain corresponding representation vec-tors.The cosine similarity between these vectors is then calculated to determine the degree of similarity between image patches.To mitigate the influence of positional encoding on similarity computation,a small coefficient,denoted as α,is introduced before the positional encoding in SCViT.By utilizing SCViT for image patches similarity comparison,clean sample patches are used to replace adversarial sample patches one by one.Subsequently,all replaced clean sample patches are concatenated to form a new image for classification.Experimental results on the CIFAR-10 dataset demonstrate that selecting an appropriate value for α can enhance the defensive performance of the proposed method.Furthermore,experiments conducted on the Inception_v3 and Inception_v4 classification models indicate that the pro-posed method exhibits good transferability across different classification networks.Compared with several commonly used image reconstruction defense methods,the proposed method not only achieves superior defensive performance but also demonstrates greater robustness,with image classification accu-racy exceeding 80%against 4 types of attack methods.Additionally,experiments on the CIFAR-100 and ImageNet datasets show that the classification accuracy for adversarial examples improves by over 54 percentage points and 46 percentage points,respectively,highlighting the versatility of the proposed method.关键词
图像分类/对抗样本/图像拼接/vision Transformer/泊松融合Key words
image classification/adversarial example/image stitching/vision Transformer/poisson fusion分类
信息技术与安全科学引用本文复制引用
张新君,郭继发..基于SCViT的图像重构对抗样本防御方法[J].计算机工程与科学,2026,48(3):500-511,12.基金项目
辽宁省教育厅高等学校基本科研项目(LJKMZ20220678) (LJKMZ20220678)
