Adversarial Example Detection Method Based on Image Denoising and Image Generation

In order to solve the problems of low detection accuracy, slow training convergence speed of existing adversarial example detection methods, a method of adversarial example detection based on image denoising technology and image generation technology is proposed. The detection method converts the adversarial example detection problem into an image classification problem. It does not need to know the structure and parameters of the attacked model in advance, and only uses the semantic information and classification label information of the image to determine whether the image is an adversarial example. Firstly, a shifted masked auto-encoder based on swin-transformer and vision-transformer is used to remove the adversarial noise in the image and restore the semantic information of the image. Then, the image generation part based on conditional generative adversarial networks with gradient penalty is used to generate images based on image classification label information. Finally, the output of the images in the first two stages is input into the convolutional neural network for classification. By comparing the classification results of the denoised images and the generated images, it is determined whether the detected images are adversarial examples. The experimental results on MNIST, GTSRB, and CIAFAR-10 datasets show that the proposed adversarial example detection method outperforms the traditional detection methods. The average detection accuracy of this method is improved by 6%~36%, the F1 score is increased by 6%~37%, and the training convergence time is reduced by 27%~83%, respectively. © 2023 Hunan University. All rights reserved.