TY - GEN
T1 - Generate Adversarial Examples Combined with Image Entropy Distribution
AU - Xie, Wenrong
AU - Dong, Fashan
AU - Yu, Haiyang
AU - Gu, Zhaoquan
AU - Wang, Le
AU - Tian, Zhihong
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - With the rapid development of artificial intelligence technology, artificial intelligence-based systems and applications have shown explosive growth, bringing great convenience to people's lives. As a representative of artificial intelligence, deep learning, whose excellent performance in the classification task has been proved, can obtain high-precision classification models by effectively training from large amounts of data. However, recent studies have shown that deep neural networks are vulnerable to attacks. By carefully constructing input data, Deep Neural Networks can export the output results expected by the attacker. In general, it is difficult to detect the difference between the carefully constructed data and the original data, but it can induce the neural network to output wrong results. This kind of attack is called adversarial example attack, and the carefully constructed data used to deceive deep learning is called adversarial examples. This paper proposes a generation method of adversarial example that combines the distribution of image entropy. The areas with high entropy values in the image tend to have complex tones, so the added perturbation cannot be noticed by naked eyes easily, and experiments have proved that the adversarial examples generated by adding perturbations in this area are more aggressive. This paper proposes that the greater the entropy in a region of an image, the greater the weight assigned to the position of the Adversarial Perturbation; the smaller the entropy in a region of the image, the lower the weight is assigned to the position of the Adversarial Perturbation, so that an adversarial example with lower disturbance and less noticeable is generated, and at the same time, the adversarial example is more aggressive.
AB - With the rapid development of artificial intelligence technology, artificial intelligence-based systems and applications have shown explosive growth, bringing great convenience to people's lives. As a representative of artificial intelligence, deep learning, whose excellent performance in the classification task has been proved, can obtain high-precision classification models by effectively training from large amounts of data. However, recent studies have shown that deep neural networks are vulnerable to attacks. By carefully constructing input data, Deep Neural Networks can export the output results expected by the attacker. In general, it is difficult to detect the difference between the carefully constructed data and the original data, but it can induce the neural network to output wrong results. This kind of attack is called adversarial example attack, and the carefully constructed data used to deceive deep learning is called adversarial examples. This paper proposes a generation method of adversarial example that combines the distribution of image entropy. The areas with high entropy values in the image tend to have complex tones, so the added perturbation cannot be noticed by naked eyes easily, and experiments have proved that the adversarial examples generated by adding perturbations in this area are more aggressive. This paper proposes that the greater the entropy in a region of an image, the greater the weight assigned to the position of the Adversarial Perturbation; the smaller the entropy in a region of the image, the lower the weight is assigned to the position of the Adversarial Perturbation, so that an adversarial example with lower disturbance and less noticeable is generated, and at the same time, the adversarial example is more aggressive.
KW - adversarial examples
KW - artificial intelligence
KW - deep learning
KW - entropy
UR - https://www.scopus.com/pages/publications/85128751226
U2 - 10.1109/DSC53577.2021.00044
DO - 10.1109/DSC53577.2021.00044
M3 - 会议稿件
AN - SCOPUS:85128751226
T3 - Proceedings - 2021 IEEE 6th International Conference on Data Science in Cyberspace, DSC 2021
SP - 272
EP - 279
BT - Proceedings - 2021 IEEE 6th International Conference on Data Science in Cyberspace, DSC 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 6th IEEE International Conference on Data Science in Cyberspace, DSC 2021
Y2 - 9 October 2021 through 11 October 2021
ER -