abstract |
A black-box adversarial attack defense method based on sample selection and model evolution includes the following steps: 1) Use a sample selector to randomly select some samples from multi-type samples and input them into various attack models to generate a large number of adversarial samples. 2) Calculate the attack effect of the adversarial sample, and analyze the attack effect of different input samples and attack models. 3) According to the attack effect, update the attack model and the number of different sample selections in the sample selector, so that the newly generated adversarial samples have better attack effects; at the same time, update the adversarial sample pool to save several adversarial samples with the best attack effects , after the iteration ends, output the adversarial example with the best attack effect in the pool as the final result of this evolution. 4) By training a large number of training output results and normal samples, this type of attack can be defended. The invention can improve the defense capability of the black box model. |