关键词: 深度学习, 神经网络, 图像分类, 对抗样本

Abstract: Techniques based on deep learning neural network models are widely used in computer vision, natural language processing, and other fields. However, researchers have found that neural network models have significant security risks, such as vulnerability to adversarial sample attacks. Study- ing the techniques related to adversarial samples for image classification can help people recognize the vulnerability of neural network models, which in turn can promote the research of security hardening mechanisms for related models. To overcome the challenges of high time overhead and perturbation redundancy of the JSMA method, a fast JSMA adversarial example generation method with low distur- bance redundancy called S-JSMA is proposed. The S-JSMA method replaces the iterative operation with a single-step one to simplify the work flow of the JSMA algorithm. Moreover, the proposed method adopts a simple perturbation rule rather than the salient graph based perturbation used in JSMA. Consequently, S-JSMA significantly reduces the time overhead and the disturbance redundancy of generating adversarial examples. The experimental results on the MNIST dataset demonstrate that, compared with the JSMA and the FGSM methods, the proposed S-JSMA achieves considerable attacking effects with a significantly shorter time period.

Key words: deep learning, neural network, image classification, adversarial example