Method for Image Adversarial Samples Generating Based on GAN

Abstract

Read online

In order to improve the diversity of adversarial samples and the success rate of attacks, a GAN image adversarial sample generation method is proposed. Firstly, the original sample set is used to train a deep convolutional generative adversarial network G1 to simulate the distribution of the original sample set. Secondly, in the black box attack scenario, the model distillation method is used to copy the target model in black box to obtain the local copy of the target model. Then the output of G1 is taken as input and the distillation model as the target model to train the generative adversarial network G2. In the case of target attack, the target category is also needed to be entered. G2 is used to generate the disturbance of the input data against the target category. Finally, the sample and the disturbance are added and the pixel gray value interval is normalized to obtain the adversarial sample. Experimental results show that under the same input conditions, the average of SSIM index, MI index and Cosin similarity of the image generated by this method are reduced by 50.7%, 10.96% and 28.7% respectively, the average MSE (mean square error) value and Hamming distance of fingerprint are increased by 7.6% and 1974.80 respectively, and the average attack success rate of the model under the MNIST dataset and the CIFAR10 dataset is above 95%.

Keywords

• neural networks
• adversarial sample
• generative adversarial network (gan)
• model distillation
• image diversity