基于惩罚策略的条件深伪模型对抗攻击方法

打开文本图片集

中图分类号：TP309.2；TP391.4 文献标识码：A 文章编号：2096-4706（2025）17-0068-05

Abstract： Inorder to effctively interfere with the modifcation of images by the deepfake model， this paper proposes a methodtocounteracttheatackofthedeepfake modelbymaking imageadversarialsamples.Firstly，theindexforadversarial atack conditional deepfakemodel isreevaluated，andtheproportionofadversarialsamplesthatmaketheoutputdistortioreach thethreshold（atacksuccsrate）isproposed，whichismorepracticaltantheaveragesizeoftheoutputdstortionquantation value.Secondlyaimingattheunreasonabledesignofthebaseline method，theadversarialsamplegenerationalgorithtakes maximizing theexpectedvalueofthelossfunctiontotheconditionalvariableas theoptimizationgoal，andproposesamethod basedonthepenaltystrategytomodifytheloss function，sothat thealgorithm takes maximizingthe proportionofthe loss functionreachingthetresholdastheoptimizationgoal，therebyimprovingthesucessateoftheadversarialatack.Finally，te optimal hyperparametersoftheproposed improved methodareexploredbycombating the twomainstreamconditionaldeepfake models，andthecomparativeexperimentsarecariedout withthestandardmethod.Theresultsshowthat thepenaltystrategycan significantly improve the success rate of adversarial attacks.

Keywords： adversarial sample; deepfake; penalty strategy; attack success rate

0 引言

利用生成对抗网络（GAN）[构建的图像生成模型，推动深度伪造技术实现了飞速发展。（剩余8251字）