红外目标检测网络改进半监督迁移学习方法

针对红外数据集规模小,标记样本少的特点,提出了一种红外目标检测网络的半监督迁移学习方法,主要用于提高目标检测网络在小样本红外数据集上的训练效率和泛化能力,提高深度学习模型在训练样本较少的红外目标检测等场景当中的适应性。文中首先阐述了在标注样本较少时无标注样本对提高模型泛化能力、抑制过拟合方面的作用。然后提出了红外目标检测网络的半监督迁移学习流程:在大量的RGB图像数据集中训练预训练模型,后使用少量的有标注红外图像和无标注红外图像对网络进行半监督学习调优。另外,文中提出了一种特征相似度加权的伪监督损失函数,使用同一批次样本的预测结果相互作为标注,以充分利用无标注图像内相似目标的特征分布信息;为降低半监督训练的计算量,在伪监督损失函数的计算中,各目标仅将其特征向量邻域范围内的预测目标作为伪标注。实验结果表明,文中方法所训练的目标检测网络的测试准确率高于监督迁移学习所获得的网络,其在Faster R-CNN上实现了1.1%的提升,而在YOLO-v3上实现了4.8%的显著提升,验证了所提出方法的有效性。     

深度卷积神经网络图像识别模型对抗鲁棒性技术综述

近年来,以卷积神经网络为代表的深度识别模型取得重要突破,不断刷新光学和SAR图像场景分类、目标检测、语义分割与变化检测等多项任务性能水平。然而深度识别模型以统计学习为主要特征,依赖大规模高质量训练数据,只能提供有限的可靠性能保证。深度卷积神经网络图像识别模型很容易被视觉不可感知的微小对抗扰动欺骗,给其在医疗、安防、自动驾驶和军事等安全敏感领域的广泛部署带来巨大隐患。该文首先从信息安全角度分析了基于深度卷积神经网络的图像识别系统潜在安全风险,并重点讨论了投毒攻击和逃避攻击特性及对抗脆弱性成因;其次给出了对抗鲁棒性的基本定义,分别建立对抗学习攻击与防御敌手模型,系统总结了对抗样本攻击、主被动对抗防御、对抗鲁棒性评估技术的研究进展,并结合SAR图像目标识别对抗攻击实例分析了典型方法特性;最后结合团队研究工作,指出存在的开放性问题,为提升深度卷积神经网络图像识别模型在开放、动态、对抗环境中的鲁棒性提供参考。      

基于半监督学习的SAR目标检测网络

现有的基于卷积神经网络(CNN)的合成孔径雷达(SAR)图像目标检测算法依赖于大量切片级标记的样本,然而对SAR图像进行切片级标记需要耗费大量的人力和物力。相对于切片级标记,仅标记图像中是否含有目标的图像级标记较为容易。该文利用少量切片级标记的样本和大量图像级标记的样本,提出一种基于卷积神经网络的半监督SAR图像目标检测方法。该方法的目标检测网络由候选区域提取网络和检测网络组成。半监督训练过程中,首先使用切片级标记的样本训练目标检测网络,训练收敛后输出的候选切片构成候选区域集;然后将图像级标记的杂波样本输入网络,将输出的负切片加入候选区域集;接着将图像级标记的目标样本也输入网络,对输出结果中的正负切片进行挑选并加入候选区域集;最后使用更新后的候选区域集训练检测网络。更新候选区域集和训练检测网络交替迭代直至收敛。基于实测数据的实验结果证明,所提方法的性能与使用全部样本进行切片级标记的全监督方法的性能相差不大。     

基于数据增强和特征嵌入的自动调制识别

基于端到端的深度学习模型已经被广泛应用于自动调制识别。现有的深度学习方案大多数依赖于丰富的样本分布,而大批量的标记训练集通常很难获得。提出了一种基于数据驱动和选择性核卷积神经网络(Convolutional Neural Network,CNN)的自动调制识别框架。首先开发深度密集生成式对抗网络增强5种调制信号的原始数据集;其次选择平滑伪Wigner-Ville分布作为信号的时频表示,并将注意力模块用于聚焦时频图像分类中的差异区域;最后将真实信号输入轻量级卷积神经网络进行时间相关性提取,并融合信号的时频特征完成分类。实验结果表明,所提算法提高了在低信噪比情况下的识别精度,表现出较强的鲁棒性。     

面向医学图像生成的鲁棒条件生成对抗网络

医学图像生成是计算机辅助诊断技术的关键组成,具有广泛的应用场景.当前基于生成对抗网络的端对端学习模型,依靠生成器和判别器两者对抗训练,获取真实数据的概率分布,从而指导图像生成.但标注有限的医学图像及其高分辨率特点,加大了模型训练难度,影响图像生成质量;同时,模型未纳入数据扰动因素,鲁棒性有限,容易被恶意攻击.为此,本文提出一个基于鲁棒条件生成对抗网络的医学图像生成模型——MiSrc-GAN.该模型包括精度渐进生成器、多尺度判别器以及对抗样本配对构造模块,有效融合GAN框架和对抗样本,改善判别器鲁棒性,有利于学习原始图像与待生成图像的联合概率分布.在真实数据集CSC和REFUGE上的实验表明,MiSrc-GAN生成的图像质量优于现有模型.     

基于半监督多视图特征协同训练的网络恶意流量识别方法

针对恶意流量样本特征变化较快,准确标记困难的问题,提出了一种基于半监督多视图特征协同训练的网络恶意流量识别方法.该方法能够使用大量的未标记数据协同训练分类模型,提升分类模型的泛化能力.使用原始字节流特征和网络流统计特征,构建两种特征视图,借助协同训练框架进行半监督的恶意流量识别.分别使用两个公开数据集对模型训练和测试,...     

基于GAN实现环境声音分类的组合对抗防御

虽然深度神经网络可以有效改善环境声音分类(ESC)性能，但对对抗样本攻击依然具有脆弱性。已有对抗防御方法通常只对特定攻击有效，无法适应白盒、黑盒等不同攻击场景。为提高ESC模型在各种场景下对各种攻击的防御能力，该文提出一种结合对抗检测、对抗训练和判别性特征学习的ESC组合对抗防御方法。该方法使用对抗样本检测器(AED)对输入ESC模型的样本进行检测，基于生成对抗网络(GAN)同时对AED和ESC模型进行对抗训练，其中，AED作为GAN的判别器使用。同时，该方法将判别性损失函数引入ESC模型的对抗训练中，以驱使模型学习到的样本特征类内更加紧凑、类间更加远离，进一步提升模型的对抗鲁棒性。在两个典型ESC数据集，以及白盒、自适应白盒、黑盒攻击设置下，针对多种模型开展了防御对比实验。实验结果表明，该方法基于GAN实现多种防御方法的组合，可以有效提升ESC模型防御对抗样本攻击的能力，对应的ESC准确率比其他方法对应的ESC准确率提升超过10%。同时，实验验证了所提方法的有效性不是由混淆梯度引起的。     

基于生成对抗网络的高光谱图像特征提取

特征提取是高光谱数据处理领域的一个重要研究 内容。高光谱数据获取过程中的复 杂性使传统的特征提取方法无法良好地处理高光谱图像。同时,高光谱图像标记样本数量的 有限性,也为常用于特征提取的监督深度学习方法带来不利影响。为了摆脱对高光谱图像中 标记样本的依赖,在卷积神经网络的基础上引入生成对抗网络,针对光谱特征提出了一种无 监督的高光谱图像特征提取的方法。为了稳定网络的训练过程,提高生成对抗网络中判别器 的特征表示能力,在目标函数中引入梯度惩罚项,将判别器的性能不断逼向最优。在特征提 取阶段,针对高光谱图像的光谱结构,提出了一种通道最大池化方法,能够在降低数据维度 的同时尽可能保留高光谱图像的光谱信息。使用支持向量机(support vector machines,SVM)和k近邻(k-hearest neighbor,KNN)方法对 提取到的特征进行分类测试。在两个真实数据集上的实验结果表明,提出的方法优于传统的 特征提取方法。     

基于半监督学习的无参考图像质量评价算法

为了能够在图像质量评价领域实现自监督学习，提出一种基于半监督学习的双分支网络训练的无参考图像质量评价算法。它是具有两个分支的训练过程，其中在一个分支使用少量手工标记数据样本来进行有监督学习，在另一个分支进行自监督学习来辅助前者训练同一个特征提取器，自监督学习部分采用几种传统的全参考方法联合为训练样本打上软标签。在6个公开的图像数据库中进行大量实验，结果表明所提算法不仅在合成失真图像数据集上优于目前大多数方法，而且在真实失真图像数据集上具有良好的泛化性能，预测结果与人类主观感知表现一致。     

基于二阶对抗样本的对抗训练防御

深度神经网络(DNN)应用于图像识别具有很高的准确率,但容易遭到对抗样本的攻击.对抗训练是目前抵御对抗样本攻击的有效方法之一.生成更强大的对抗样本可以更好地解决对抗训练的内部最大化问题,是提高对抗训练有效性的关键.该文针对内部最大化问题,提出一种基于2阶对抗样本的对抗训练,在输入邻域内进行2次多项式逼近,生成更强的对抗样本,从理论上分析了2阶对抗样本的强度优于1阶对抗样本.在MNIST和CI-FAR10数据集上的实验表明,2阶对抗样本具有更高的攻击成功率和隐蔽性.与PGD对抗训练相比,2阶对抗训练防御对当前典型的对抗样本均具有鲁棒性.     

DGANS:robustness image steganography model based on double GAN

Deep convolutional neural networks can be effectively applied to large-capacity image steganography,but the research on their robustness is rarely reported.The DGANS (double-GAN-based steganography) applies the deep learning framework in image steganography,which is optimized to resist small geometric distortions so as to improve the model’s robustness.DGANS is made up of two consecutive generative adversarial networks that can hide a grayscale image into another color or grayscale image of the same size and can restore it later.The generated stego-images are augmented and used to further train and strengthen the reveal network so as to make it adaptive to small geometric distortion of input images.Experimental results suggest that DGANS can not only realize high-capacity image steganography,but also can resist geometric attacks within certain range,which demonstrates better robustness than similar models.     

基于谱约束的生成对抗网络图像数据生成研究

数据匮乏是深度学习面临的一大难题。利用生成对抗网络(GAN)能够基于语义生成新的图像数据这一特性,提出一种基于谱约束的生成对抗网络图像数据生成方法,该方法针对卷积生成对抗网络模型易崩溃不收敛的问题,从每层神经网络的参数矩阵W的谱范数角度出发,引入谱范数归一化网络参数矩阵,将网络梯度限制在固定范围内,减缓判别网络收敛速度,从而提高GAN的训练稳定性。实验表明,通过该方法生成的数据相比原始GAN以及DCGAN、WGAN等生成的图像样本数据在图像识别网络中具有更高的准确率,能够对少量样本数据进行有效扩充。     

基于卷积神经网络的图像分类算法综述

随着大数据的到来以及计算能力的提高,深度学习(Deep Learning, DL)席卷全球。传统的图像分类方法难以处理庞大的图像数据以及无法满足人们对图像分类精度和速度上的要求,基于卷积神经网络(Convolutional Neural Network, CNN)的图像分类方法冲破了传统图像分类方法的瓶颈,成为目前图像分类的主流算法,如何有效利用卷积神经网络来进行图像分类成为国内外计算机视觉领域研究的热点。本文在对卷积神经网络进行系统的研究并且深入研究卷积神经网络在图像处理中的应用后,给出了基于卷积神经网络的图像分类所采用的主流结构模型、优缺点、时间/空间复杂度、模型训练过程中可能遇到的问题和相应的解决方案,与此同时也对基于深度学习的图像分类拓展模型的生成式对抗网络和胶囊网络进行介绍;然后通过仿真实验验证了在图像分类精度上,基于卷积神经网络的图像分类方法优于传统图像分类方法,同时综合比较了目前较为流行的卷积神经网络模型之间的性能差异并进一步验证了各种模型的优缺点;最后对于过拟合问题、数据集构建方法、生成式对抗网络及胶囊网络性能进行相关实验及分析。      

图像分类中的对抗补丁研究综述

近年来,深度神经网络模型的安全性与鲁棒性成为了备受关注的重要问题。从前人们常探讨的对抗样本攻击,在物理世界中真正实施攻击的能力较弱,这促使了对抗补丁攻击的出现。文中介绍了图像分类模型中典型的对抗补丁攻击与防御方法相关研究,对其中的特点进行了分析,最后总结了对抗补丁研究中仍存在的主要挑战,并对未来的研究方向进行了展望。     

AdvCapsNet: To defense adversarial attacks based on Capsule networks

Convolutional neural networks have achieved the state-of-the-art results across numerous applications, but recent work finds that these models can be easily fooled by adversarial perturbations. This is partially due to gradient calculation instability, which may be amplified throughout network layers (Liao et al., 2018). To address this issue, we propose a novel AdvCapsNet derived from Capsule (Sabour et al., 2017), which utilizes a significantly more complicated non-linearity, to defend against adversarial attacks. In this paper, we focus on the transfer-based black-box adversarial attacks, which are more practical than their white-box counterparts. Specifically, we investigate vanilla Capsule’s robustness and boost its performance by introducing an adversarial loss function as regularization. The weight updating between capsule layers is implemented via dynamic routing regularized by the additional adversarial term. Extensive experiments demonstrate that the proposed AdvCapsNet can significantly boost Capsule’s robustness and that AdvCapsNet is far more resistance to adversarial attacks than alternative baselines, including both CNN- and Capsule-based defense models.     

Method to generate cyber deception traffic based on adversarial sample

In order to prevent attacker traffic classification attacks,a method for generating deception traffic based on adversarial samples from the perspective of the defender was proposed.By adding perturbation to the normal network traffic,an adversarial sample of deception traffic was formed,so that an attacker could make a misclassification when implementing a traffic analysis attack based on a deep learning model,achieving deception effect by causing the attacker to consume time and energy.Several different methods for crafting perturbation were used to generate adversarial samples of deception traffic,and the LeNet-5 deep convolutional neural network was selected as a traffic classification model for attackers to deceive.The effectiveness of the proposed method is verified by experiments,which provides a new method for network traffic obfuscation and deception.     

Two-Stream Architecture as a Defense against Adversarial Example

The performance of deep learning on many tasks has been impressive. However, recent studies have shown that deep learning systems are vulnerable to small specifically crafted perturbations imperceptible to humans. Images with such perturbations are called adversarial examples. They have been proven to be an indisputable threat to deep neural networks (DNNs) based applications, but DNNs have yet to be fully elucidated, consequently preventing the development of efficient defenses against adversarial examples. This study proposes a two-stream architecture to protect convolutional neural networks (CNNs) from attacks by adversarial examples. Our model applies the idea of “two-stream” used in the security field. Thus, it successfully defends different kinds of attack methods because of differences in “high-resolution” and “low-resolution” networks in feature extraction. This study experimentally demonstrates that our two-stream architecture is difficult to be defeated with state-of-the-art attacks. Our two-stream architecture is also robust to adversarial examples built by currently known attacking algorithms.     

A CMA-ES-Based Adversarial Attack Against Black-Box Object Detectors

Object detection is one of the essential tasks of computer vision. Object detectors based on the deep neural network have been used more and more widely in safe-sensitive applications, like face recognition, video surveillance, autonomous driving, and other tasks. It has been proved that object detectors are vulnerable to adversarial attacks. We propose a novel black-box attack method, which can successfully attack regression-based and region-based object detectors. We introduce methods to reduce search dimensions, reduce the dimension of optimization problems and reduce the number of queries by using the Covariance matrix adaptation Evolution strategy (CMA-ES) as the primary method to generate adversarial examples. Our method only adds adversarial perturbations in the object box to achieve a precise attack. Our proposed attack can hide the specified object with an attack success rate of 86％ and an average number of queries of 5, 124, and hide all objects with a success rate of 74％and an average number of queries of 6, 154. Our work illustrates the effectiveness of the CMA-ES method to generate adversarial examples and proves the vulnerability of the object detectors against the adversarial attacks.     

Adversarial image detection based on the maximum channel of saliency maps

Studies have shown that deep neural networks (DNNs) are vulnerable to adversarial examples (AEs) that induce incorrect behaviors. To defend these AEs, various detection techniques have been developed. However, most of them only appear to be effective against specific AEs and cannot generalize well to different AEs. We propose a new detection method against AEs based on the maximum channel of saliency maps (MCSM). The proposed method can alter the structure of adversarial perturbations and preserve the statistical properties of images at the same time. We conduct a complete evaluation on AEs generated by 6 prominent adversarial attacks on the ImageNet large scale visual recognition challenge (ILSVRC) 2012 validation sets. The experimental results show that our method performs well on detecting various AEs.