Deep learning model adversarial robustness enhancement method based on semantic information

Abstract

The invention discloses a deep learning model adversarial robustness enhancement method based on semantic information, and belongs to the field of deep learning safety. In order to improve the defensecapability of a deep learning model to attacks in an adversarial environment and improve the robustness, the invention designs a deep learning model adversarial robustness enhancement method based onsemantic information. The method can fully mine missing semantic information near a decision boundary of a deep model and greatly improve the classification accuracy of the deep learning model for adversarial samples. The method comprises the following steps: iteratively extracting universal semantic information on a subset of a training data set; increasing the diversity of training data throughrandom selection and simple superposition by using the extracted general semantic information; respectively calculating loss functions of clean samples and samples added with the semantic informationon the expanded new training set, and summing the loss functions; and optimizing the summed loss function to train the deep learning model until the model converges.

Description

technical field [0001] The invention relates to the technical field of machine learning, in particular to a semantic information-based deep learning model confrontation robustness enhancement method. Background technique [0002] In recent years, with the accumulation of massive data and the substantial increase in computing power, artificial intelligence represented by deep learning has developed rapidly, and has achieved remarkable results in many application scenarios. Deep learning models have achieved performance that exceeds that of humans on many tasks. However, different scenarios and practical applications in the real world often face various situations such as high environmental complexity, strong uncertainty, incomplete information, information confrontation and interference, and existing deep learning models rely too much on massive data or knowledge. , there are many limitations such as poor ability to adapt to environmental changes, easy to be attacked in a co...

AI Technical Summary

Problems solved by technology

However, different scenarios and practical applications in the real world often face various situations such as high environmental complexity, strong uncertainty, incomplete information, information confrontation and interference, and existing deep learning models rely too much on massive data or knowledge. , there are many limitations such as poor ability to adapt to environmental changes, easy to be attacked in adversarial environments, and single task, which cannot meet the needs of various scenarios

In particular, the deep learning model has the problem of poor robustness. The deep learning model that performs well on the test data set will be deceived by some adversarial samples that cannot be recognized by the human eye, resulting in serious misidentification results. The lack of robust deep learning The model will bring huge hidden dangers to the application in various fields

[0003] At present, the research on improving the robustness of deep learning models is mainly divided into two categories. One class discovers the upper bound of the robustness of the model by studying new forms of adversarial attacks, and heuristically heuristics the model based on different attack methods. Stickiness enhancement, such methods do not provide strong guarantees and tend to rely on a large number of samples

Another type uses a formal method to ensure the lower bound of the robustness of the model. This type of method is more reliable but has many assumptions, complex calculations, and difficult applications.

Images