Abstract: At present, with the continuous development of deep learning technology, its application in the field of image recognition has also made a great breakthrough. However, the existence of adversarial samples seriously threatens the security of the model itself. Therefore, it is of profound practical significance to study effective adversarial defense methods and improve the robustness of the model. Therefore, based on the game between quickly generating adversarial samples and maintaining the similarity of sample prediction results, a step-by-step adversarial defense method is proposed. The method first performs random data enhancement on the common samples to improve the sample diversity. Secondly, it generates the difference adversarial samples and the similarity adversarial samples, so as to improve the variety and quality of the adversarial samples in the adversarial training. Finally, the loss function is redefined for adversarial training. Finally, experimental verification shows that the algorithm has better mobility and robustness in the face of multiple attacks against the sample.

Key words: image enhancement, adversarial training, step-by-step defense, deep learning