With more and more applications of deep learning, including neural networks, the lack of explanatory make it easy to under external attacks. This paper mainly focuses on adversarial attack, that is, by adding slight perturbation to the input data, which cannot be detected by human being, can lead to a wrong output of the model and maximize the model’s prediction error, resulting in a distrastic decline in the performance of the model, including prediction accuracy, etc. But so far, there is still no sufficient theoretical support for why adversarial attack that can not be detected can lead to serious performance degradation of neural network models, some attempts at explaining this phenomenon focused on the reason of over-fitteing or the linear or unlinear nature of the neural network. In this paper, several experiments based on Fast Gradient Sign Attack Algorithm to resist adversarial attack are designed and implemented towards the model of neural network on the tasks of the image recognition and classification, and some regular experimental results are obtained. The experimental results provide some evidence for the argument that the reason why adversarial examples and adversarial attack can work is over-fitting, but it is possible that the evaluation methods can not measure such special kind of overfitting.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.