查询结果:   张加胜,刘建明,韩磊,纪飞,刘煌.对抗样本生成在人脸识别中的研究与应用[J].计算机应用与软件,2019,36(5):158 - 164.
中文标题
对抗样本生成在人脸识别中的研究与应用
发表栏目
人工智能与识别
摘要点击数
703
英文标题
RESEARCH AND APPLICATION OF ADVERSARIAL SAMPLE GENERATION IN FACIAL RECOGNITION
作 者
张加胜 刘建明 韩磊 纪飞 刘煌 Zhang Jiasheng Liu Jianming Han Lei Ji Fei Liu Huang
作者单位
桂林电子科技大学计算机与信息安全学院 广西 桂林 541000     
英文单位
School of Computer Science and Information Security, Guilin University of Electronic Technology, Guilin 541000, Guangxi, China     
关键词
深度学习 黑盒攻击 脆弱性 生成对抗网络 眼镜贴片
Keywords
Deep learning Black-Box attack Vulnerability Generative adversarial network(GAN) Eyeglass patches
基金项目
作者资料
张加胜,硕士生,主研领域:机器学习,模式识别。刘建明,教授。韩磊,硕士生。纪飞,硕士生。刘煌,硕士生。 。
文章摘要
随着深度学习模型在人脸识别、无人驾驶等安全敏感性任务中的广泛应用,围绕深度学习模型展开的攻防逐渐成为机器学习和安全领域研究的热点。黑盒攻击作为典型的攻击类型,在不知模型具体结构、参数、使用的数据集等情况下仍能进行有效攻击,是真实背景下最常用的攻击方法。随着社会对人脸识别技术的依赖越来越强,在安全性高的场合里部署神经网络,往往容易忽略其脆弱性带来的安全威胁。充分分析深度学习模型存在的脆弱性并运用生成对抗网络,设计一种新颖的光亮眼镜贴片样本,能够成功欺骗基于卷积神经网络的人脸识别系统。实验结果表明,基于生成对抗网络生成的对抗眼镜贴片样本能够成功攻击人脸识别系统,性能优于传统的优化方法。
Abstract
Deep learning(DL) models have been widely applied into security-sensitivity tasks, such as facial recognition, automated driving, etc. Attacks and defenses associated with the DL have gradually become hot spots in the field of machine learning and security. The black box attack, as a typical attack type and the most common attack method in the real context, can still perform effective attacks without knowing the specific structure and parameters of the model, including data sets. With the increasing dependence on facial recognition technology, it is easy to ignore the security threats caused by its vulnerability when deploying neural networks in high security situations. This paper fully analyzed the vulnerability of the deep learning model and used the generated adversarial network(GAN) to design a novel bright glasses patch sample, which could successfully deceive the facial recognition system based on convolutional neural network. The experimental results show that the adversarial eyeglass patches generated by GAN can successfully attack the face recognition system, and the performance is better than the traditional optimization methods.
下载PDF全文