对抗神经网络对抗攻击_您将如何检测针对神经网络的网络攻击？

对抗神经网络对抗攻击

In my recent post, I covered what type of cyberattacks could be carried out against neural networks. This brings by two other questions along with it; What are some defenses against these attacks to prevent the hassle of dealing with a spoiled model (during training and inferencing)? + What can be done to detect whether there are adversarial perturbations (messed up data) in the current model, during inferencing?

在我最近的帖子中 ，我介绍了可以对神经网络进行哪种类型的网络攻击。 这带来了另外两个问题。 有哪些针对这些攻击的防御措施，以防止处理被破坏的模型(在训练和推理过程中)的麻烦？ +在推理过程中，如何检测当前模型中是否存在对抗性扰动 (混乱的数据)？

In this post, I will try to answer the second question based on a bunch of research papers as well as my attempt to interpret the methods proposed in those papers in simpler terms.

在本文中，我将尝试根据大量研究论文来回答第二个问题，并尝试以更简单的方式解释这些论文中提出的方法。

Recent researches have shown that deep learning methods can be vulnerable to maliciously generated adversarial examples. Adversarial inputs/perturbations are usually not visible to the human eye hence requires more work to detect.

最近的研究表明，深度学习方法可能容易受到恶意生成的对抗示例的攻击。 对抗性输入/干扰通常是人眼不可见的，因此需要更多工作来检测。

Therefore, various methods have been proposed attempting to correctly classify adversarial examples. However, most of these methods are not effective enough, which can be successfully attacked by more powerful adversaries.

因此，已经提出了各种方法来尝试正确地将对抗性示例分类。 但是，这些方法大多数都不足够有效，可以被更强大的对手成功攻击。

A few recent studies have focused on detecting adversarial examples. The strategies they explored can be divided into three groups: training a detector (secondary classifier), distributional/statistical detection, and prediction inconsistency.

最近的一些研究集中在检测对抗性例子。 他们探索的策略可以分为三类： 训练检测器(二级分类器)，分布/统计检测和预测不一致。

检测对抗示例： (Detecting Adversarial Examples:)

基于二级分类的检测 (Secondary classification based detection)

Building a second classifier that attempts to detect adversarial examples:

构建第二个尝试检测对抗性示例的分类器：

If you haven’t already heard of Generative Adversarial Networks (GANs) it is now time.

如果您还没有听说过生成对抗网络(GANs)，那么现在该了。

Briefly, ‘One neural network, called the generator, generates new data instances, while the other, the discriminator, evaluates them for authenticity; i.e. the discriminator decides whether each instance of data that it reviews belongs to the actual training dataset or not.’

简而言之， “一个神经网络(称为 生成器 )生成新的数据实例，而 另一个神经网络( 鉴别器 )评估它们的真实性； 即，判别器 决定它查看的每个数据实例是否属于实际的训练数据集 。”

Check this out for more information:

请查看此以获取更多信息：

Generative models can be used to defend against adversarial attacks and detect adversarial exa