Laser & Optoelectronics Progress, Volume. 59, Issue 12, 1210004(2022)
Image Defense Algorithm Against Adversarial Attacks Based on Low-Rank Dimensionality Reduction and Sparse Reconstruction
Figures & Tables(9)
Table 1. Parameter settings for sparse coding
View tableTable 1. Parameter settings for sparse coding
Layer 1 Layer 2 Layer 3 1000 14 6 300 7 5 100 4 4
Table 2. Top-1 classification accuracy of each defense algorithm
View tableTable 2. Top-1 classification accuracy of each defense algorithm
Attack algorithm Proposed algorithm JPEG TVM PDWD ComDefend FGSM 0.01 36.4/34.0 30.8/28.9 35.0/32.8 28.0/26.5 31.5/27.3 0.02 34.2/32.3 27.0/18.0 34.6 / 30.026.1/19.0 27.0/20.1 0.03 31.1/26.0 18.6/13.4 30.9/24.0 22.7/14.1 21.3/13.3 0.04 29.2/21.9 15.4/12.0 28.7/21.5 17.1/10.4 16.4/11.7 Average 32.7/28.6 23.0/19.6 32.3/27.1 23.5/17.5 24.1/18.1 BIM 0.01 38.1/43.5 37.4/32.7 40.0/41.0 35.0/35.5 37.4/31.2 0.02 44.7 / 39.729.2/18.0 42.0/40.7 36.8/27.3 33.9/25.6 0.03 46.9/35.8 19.6/10.9 43.9/32.6 30.7/15.0 26.3/16.9 0.04 43.4/30.0 14.3/7.3 40.5/29.5 18.9/8.1 23.7/10.2 Average 43.3/37.3 25.1/17.2 41.6/36.0 30.4/21.5 30.3/21.0 DeepFool 0.01 49.1/46.4 35.8/31.2 43.0/38.1 33.3/24.7 38.8/29.5 0.02 43.1/33.4 23.0/17.9 40.9/30.6 26.4/18.9 31.1/21.6 0.03 38.5/26.7 19.4/11.6 37.7/25.6 23.0/12.1 22.1/16.2 0.04 32.9/20.8 15.4/7.5 18.9/14.1 16.3/8.6 16.6/11.0 Average 40.9/31.8 23.4/17.1 35.1/27.1 24.8/16.1 27.1/19.6 Total average 39.0/32.6 23.8/18.0 36.3/30.1 26.2/18.4 27.2/19.6
Table 3. Top-1 classification accuracy of NMF and NMF+MSC
View tableTable 3. Top-1 classification accuracy of NMF and NMF+MSC
Attack algorithm NMF NMF+MSC Variety FGSM 0.01 31.4/32.0 36.4/34.0 5.0/2.0 0.02 28.8/27.6 34.2/32.3 5.4/4.7 0.03 28.6/21.3 31.1/26.0 2.5/4.7 0.04 26.0/19.1 29.2/21.9 3.2/3.8 BIM 0.01 36.7/37.3 38.1/43.5 1.4/6.2 0.02 39.3/33.9 44.7/39.7 5.4/5.8 0.03 39.6/30.4 46.9/35.8 7.3/5.4 0.04 37.1/23.3 43.4/30.0 6.3/6.7 DeepFool 0.01 41.2/36.9 49.1/46.4 7.9/9.5 0.02 37.5/27.6 43.1/33.4 5.5/5.8 0.03 31.9/22.0 38.5/26.7 6.6/4.7 0.04 26.0/16.8 32.9/20.8 6.9/4.0
Table 4. Change rate of Top-1 classification accuracy after a black box attack is converted to a gray box attack
View tableTable 4. Change rate of Top-1 classification accuracy after a black box attack is converted to a gray box attack
Attack algorithm Proposed algorithm JPEG TVM PDWD ComDefend FGSM 0.01 -6.6 -6.2 -6.3 - 5.4-13.3 0.02 - 5.5-33.3 -13.3 -27.2 -25.6 0.03 - 16.4-28.0 -22.3 -37.9 -37.6 0.04 -25.0 - 22.1-25.1 -39.2 -28.7 Average - 12.5-14.8 -16.1 -25.5 -24.9 BIM 0.01 14.2 -12.6 2.5 1.4 -16.6 0.02 -11.2 -37.7 - 3.1-25.8 -24.5 0.03 - 24.3-51.5 -25.7 -51.1 -35.7 0.04 -30.9 -49.0 - 27.2-57.1 -57.0 Average -13.8 -31.5 - 13.5-29.3 -30.7 DeepFool 0.01 - 5.5-12.8 -12.0 -25.8 -23.9 0.02 - 22.5-22.2 -25.2 -28.4 -30.5 0.03 -30.6 -40.2 -32.1 -47.4 - 26.70.04 -36.7 -51.3 - 25.447.2 -33.7 Average - 22.2-26.9 -22.8 -35.1 -27.7 Total average - 16.4-24.4 -17.1 -29.8 -27.9
Table 5. Top-1 classification accuracy of proposed algorithm in extended experiments
View tableTable 5. Top-1 classification accuracy of proposed algorithm in extended experiments
Model FGSM BIM DeepFool ICLM C&W Average VGG19 30.1 38.2 33.0 40.1 31.6 34.6 ResNet101 34.9 44.8 41.2 43.7 39.4 40.8 Inception V3 35.4 43.1 42.9 42.8 41.7 41.2 Average 33.5 42.0 39.0 42.2 37.6 38.9
Tools
Get Citation
Copy Citation Text
Xifan Zhang, Lingzhi Yu. Image Defense Algorithm Against Adversarial Attacks Based on Low-Rank Dimensionality Reduction and Sparse Reconstruction[J]. Laser & Optoelectronics Progress, 2022, 59(12): 1210004
Paper Information
Category: Image Processing
Received: Apr. 27, 2021
Accepted: Jun. 2, 2021
Published Online: May. 23, 2022
The Author Email: Xifan Zhang (lawalimu@163.com)
© Copyright 2018-2021 | Chinese Laser Press.
All Rights Reserved 沪ICP备15018463号-20