ADVERSARIAL DEFENSE METHOD AND APPARATUS FOR IMAGE CLASSIFICATION NETWORK, ELECTRONIC DEVICE, AND COMPUTER-READABLE STORAGE MEDIUM

摘要

Disclosed are an adversarial defense method and apparatus for an image classification network, an electronic device, and a computer-readable storage medium, belonging to the technical field of image classification. The method comprises: inputting an original image sample and an adversarial attack sample into a deep neural network so as to extract input features of target layers, the number of which is greater than a predetermined number, of the deep neural network; generating a loss function of the deep neural network according to the input features to serve as an adversarial defense denoiser; using the adversarial defense denoiser to denoise the adversarial attack sample to obtain a denoised adversarial attack sample; regularizing the loss function of the deep neural network to obtain a deep neural network subjected to regularization; and inputting the original image sample and the denoised adversarial attack sample into the deep neural network subjected to regularization to obtain a classification result of an original image. By means of the solution of the present application, the defense capability of an image classification deep neural network can be effectively improved.