Network Defense Model Based on Multi scale Feature Fusion for Countering Cycle Generation

Abstract

The deep neural network has been applied well in many fields at present, but the security problem of the deep model has become increasingly prominent. Recent research shows that the neural network model will output the wrong classification by confronting samples. Therefore, confrontation samples are a major obstacle that must be overcome for the further development of deep neural networks. At present, the main task is to design an efficient and powerful defense model with strong robustness that can defend against multiple attack algorithms. This paper proposes a defense model based on multi-scale feature fusion circular confrontation generation network by combining the generation of generic adversarial networks (GAN) with existing attack algorithms. First, use the confrontation samples generated by the attack algorithm as the training samples of GAN, and use the unique network structure of CycleGan to make the reconstructed image closer to the clean image and remove potential disturbances. On the generator side, this paper uses multi feature fusion TernausNet structure to ensure that the feature information of the image can be restored as much as possible during the process of disturbance removal, and adds attention mechanism to the discriminator side to increase the receptive field, establish global dependency, and train a more robust discriminator to help GAN training through experiments on CIFAR-10 and ImageNet datasets. It is proved that after the training, the model can directly classify the original samples and confrontation samples correctly, and achieve good defense effect for all kinds of confrontation attack algorithms. Compared with the existing methods, the defense effect is good, and the robustness of the depth model is enhanced.