关键词: 深度学习, 对抗样本, 对抗生成网络, 图像分类

Abstract: We have the effect of adversarial examples is reduced and the accuracy of the classification model is improved under the threat. Inspired by the mammalian visual modality, we proposed a purification defense method using a novel parallel attention mechanism to mitigate the effect of adversarial examples, called PSCAM- GAN(Parallel Spatial and Channel Attention Mechanism Adversarial Generative Network). The defense model first generates the feature map through the encoder, the parallel attention module is used to extract the object and space information. Under the condition that these features remain unchanged, the weight of the feature map is readjusted generating purification results by decoder. This method can keep the consistency between the purification result and the input while removing malicious perturbation, and effectively reduce the influence of adversarial samples on the model accuracy. The robustness of the model is evaluated through various types of attacks on CIFAR-10 and MNIST dataset. The experiments show that PSCAM-GAN completely surpassed other pre-processing based defense methods. These mean the defense method can effectively improve the robustness of the original models.

Key words: deep learning, adversarial examples, generative adversarial networks, image classification