Research on the Influence of Kmeans Cluster Preprocessing on Adversarial Images

Deep learning is the core of the current artificial intelligence. Neural networks, represented by the depth of learning technology, has been widely applied to the field of computer vision, such as automatic driving, and face recognition. But recent research has shown that if the original picture is added visually imperceptible perturbations, it can fool the neural network to misclassify it. These adversarial images can be generated very easily, and it poses a great threat to computer vision security. Therefore, more and more researches involve the defenses against adversarial images. With the use of the characteristics of the neural network's own fitting and generalization, we perform Kmeans clustering on the images that need to be identified, and then evaluate the impact of different clustering values on the classification of adversarial images. The experimental results show that for small amplitude perturbations images, the use of smaller clustering values can largely reverse the decline of neural network accuracy. However, as the magnitude of the perturbations increases, the defensive effect of simple clustering becomes weaker.