An Adversarial Defense Algorithm Based on Triplet Network and Voting Decision

Abstract

In the field of artificial intelligence, neural network is one of the key technologies used for image classification and recognition. However, recent work has demonstrated that deep neural networks are easily attacked by adversarial examples to make misjudgments. Adversarial examples are almost indistin-guishable from normal examples and yet cannot be classified correctly by neural networks. The existence of adversarial examples is a major obstacle to the practical application and deployment of neural networks, so the research on adversarial defense algorithms is an important topic in the field of AI security. This paper proposes an adversarial example defense algorithm based on a triplet network and voting decision mechanism. Firstly, two neural networks with different structures are trained based on normal dataset. Secondly, the first network is fine-tuned using the adversarial examples generated by these two networks, resulting in a third neural network. Then, these three neural networks are used as sub-networks in parallel to construct a triplet network. Through adversarial training and differences in structures, the transferability of adversarial examples among the three sub-networks is weakened. Finally, the final classification result is obtained by majority voting, based on the parallel output results of the three sub-networks. Through the complementarity between these three sub-networks, the defense against adversarial examples is realized. The experimental results demonstrate the effectiveness of this algorithm.