Professor Li Jianqiang's team and collaborators published a paper titled "Real-time Integrated Defense Strategy Based on Compressed Sensing" in the authoritative academic journal in the field of computer science and technology, the CCF-recommended Class A Chinese scientific and technological journal *Chinese Journal of Computers*, which was also recommended twice by the *Chinese Journal of Computers* WeChat official account.:1)AI Security | Real-time Integrated Defense Strategy Based on Compressed Sensing Neural Networks(qq.com) ; 2)Recommended Article: Real-time Integrated Defense Strategy Based on Compressed Sensing Neural Networks(qq.com) (Click the link to view.)
This work points out that in recent years, visual recognition models based on deep neural networks have been widely used in fields such as autonomous driving, industrial inspection, and drone navigation due to their advantages in accuracy, cost, and efficiency. However, deep neural networks are inherently vulnerable to adversarial attacks in the digital or physical domains, leading to model misjudgments. Therefore, in scenarios with strong robustness and high real-time requirements, such as autonomous driving, a real-time comprehensive defense strategy with high deployment and application accuracy and strong robustness against multiple types of adversarial attacks is crucial for the successful application of deep neural network vision solutions. This work addresses the aforementioned security issues by proposing a real-time comprehensive defense strategy based on compressed sensing technology: ComDCT.
The paper first constructs a neural network that maps the image compression sensing domain to its sparse discrete cosine coefficients. Then, it uses the inverse discrete cosine transform to restore the image with adversarial perturbations removed as the input to the classifier, thereby reducing the success rate of adversarial example attacks.
Secondly, the article proposes to further improve the overall performance of the defense strategy by introducing classification loss. Based on information such as whether the defender has mastered the parameter structure of the classification model, the article analyzes, discusses and verifies the effectiveness of introducing classification loss in both black-box and white-box modes.
Compared to various defense methods such as ComDefend, MF, TVD, and LRR, the real-time comprehensive defense strategy based on compressed sensing based on neural networks proposed in this paper improves the overall defense performance index PDA by more than 11.88% and 7.01% on the LISA and SVHN datasets, respectively, under the white-box defense mode, and by more than 9.25% and 6.7% under the black-box defense mode, respectively.
In summary, to improve the robustness of deep neural network classification models against adversarial examples and enable their safe application in fields such as autonomous driving, this paper proposes a real-time comprehensive defense strategy for neural networks based on compressed sensing. This strategy effectively enhances the classification model's defense performance against pixel attacks and patch attacks, exhibiting stronger overall robustness. This work was supported by several grants from the National Natural Science Foundation of China, the Guangdong Provincial Department of Science and Technology, and the Shenzhen Science and Technology Innovation Commission.
Paper: Wang Jia, Zhang Yangmei, Su Wuqiang, Luo Chengwen, Wu Chao, Lin Qiuzhen, Li Jianqiang, Real-time Integrated Defense Strategy Based on Compressed Sensing Neural Networks, Chinese Journal of Computers, 2023, 46(1):16.
Click "Read the original text" below to access the article's related links or QR code.
Read the original text
