当前位置:
X-MOL 学术
›
Secur. Commun. Netw.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
FNet: A Two-Stream Model for Detecting Adversarial Attacks against 5G-Based Deep Learning Services
Security and Communication Networks Pub Date : 2021-09-07 , DOI: 10.1155/2021/5395705 Guangquan Xu 1, 2 , Guofeng Feng 1 , Litao Jiao 2 , Meiqi Feng 1 , Xi Zheng 3 , Jian Liu 1
Security and Communication Networks Pub Date : 2021-09-07 , DOI: 10.1155/2021/5395705 Guangquan Xu 1, 2 , Guofeng Feng 1 , Litao Jiao 2 , Meiqi Feng 1 , Xi Zheng 3 , Jian Liu 1
Affiliation
With the extensive application of artificial intelligence technology in 5G and Beyond Fifth Generation (B5G) networks, it has become a common trend for artificial intelligence to integrate into modern communication networks. Deep learning is a subset of machine learning and has recently led to significant improvements in many fields. In particular, many 5G-based services use deep learning technology to provide better services. Although deep learning is powerful, it is still vulnerable when faced with 5G-based deep learning services. Because of the nonlinearity of deep learning algorithms, slight perturbation input by the attacker will result in big changes in the output. Although many researchers have proposed methods against adversarial attacks, these methods are not always effective against powerful attacks such as CW. In this paper, we propose a new two-stream network which includes RGB stream and spatial rich model (SRM) noise stream to discover the difference between adversarial examples and clean examples. The RGB stream uses raw data to capture subtle differences in adversarial samples. The SRM noise stream uses the SRM filters to get noise features. We regard the noise features as additional evidence for adversarial detection. Then, we adopt bilinear pooling to fuse the RGB features and the SRM features. Finally, the final features are input into the decision network to decide whether the image is adversarial or not. Experimental results show that our proposed method can accurately detect adversarial examples. Even with powerful attacks, we can still achieve a detection rate of 91.3%. Moreover, our method has good transferability to generalize to other adversaries.
中文翻译:
FNet:用于检测针对基于 5G 的深度学习服务的对抗性攻击的双流模型
随着人工智能技术在5G及以后的第五代(B5G)网络中的广泛应用,人工智能融入现代通信网络已成为普遍趋势。深度学习是机器学习的一个子集,最近在许多领域取得了重大进展。尤其是很多基于 5G 的服务使用深度学习技术来提供更好的服务。虽然深度学习很强大,但在面对基于 5G 的深度学习服务时,它仍然很脆弱。由于深度学习算法的非线性,攻击者输入的轻微扰动都会导致输出的较大变化。尽管许多研究人员提出了对抗对抗性攻击的方法,但这些方法对于诸如 CW 之类的强大攻击并不总是有效。在本文中,我们提出了一种新的双流网络,其中包括 RGB 流和空间丰富模型 (SRM) 噪声流,以发现对抗样本和干净样本之间的差异。RGB 流使用原始数据来捕获对抗样本中的细微差异。SRM 噪声流使用 SRM 滤波器来获取噪声特征。我们将噪声特征视为对抗性检测的额外证据。然后,我们采用双线性池化来融合 RGB 特征和 SRM 特征。最后,将最终特征输入到决策网络中以决定图像是否是对抗性的。实验结果表明,我们提出的方法可以准确地检测对抗样本。即使有强大的攻击,我们仍然可以达到 91.3% 的检测率。此外,我们的方法具有良好的可迁移性,可以推广到其他对手。
更新日期:2021-09-07
中文翻译:
FNet:用于检测针对基于 5G 的深度学习服务的对抗性攻击的双流模型
随着人工智能技术在5G及以后的第五代(B5G)网络中的广泛应用,人工智能融入现代通信网络已成为普遍趋势。深度学习是机器学习的一个子集,最近在许多领域取得了重大进展。尤其是很多基于 5G 的服务使用深度学习技术来提供更好的服务。虽然深度学习很强大,但在面对基于 5G 的深度学习服务时,它仍然很脆弱。由于深度学习算法的非线性,攻击者输入的轻微扰动都会导致输出的较大变化。尽管许多研究人员提出了对抗对抗性攻击的方法,但这些方法对于诸如 CW 之类的强大攻击并不总是有效。在本文中,我们提出了一种新的双流网络,其中包括 RGB 流和空间丰富模型 (SRM) 噪声流,以发现对抗样本和干净样本之间的差异。RGB 流使用原始数据来捕获对抗样本中的细微差异。SRM 噪声流使用 SRM 滤波器来获取噪声特征。我们将噪声特征视为对抗性检测的额外证据。然后,我们采用双线性池化来融合 RGB 特征和 SRM 特征。最后,将最终特征输入到决策网络中以决定图像是否是对抗性的。实验结果表明,我们提出的方法可以准确地检测对抗样本。即使有强大的攻击,我们仍然可以达到 91.3% 的检测率。此外,我们的方法具有良好的可迁移性,可以推广到其他对手。
京公网安备 11010802027423号