In the face of adversarial example attack， deep neural networks are vulnerable. These adversarial examples result in the misclassification of deep neural networks by adding human-imperceptible perturbations on the original images， which brings a security threat to deep neural networks. Therefore， before the deployment of deep neural networks， the adversarial attack is an important method to evaluate the robustness of models. However， under the black-box setting， the attack success rates of adversarial examples need to be improved， that is， the transferability of adversarial examples need to be increased. To address this issue， an adversarial example method based on image flipping transform， namely FT-MI-FGSM （Flipping Transformation Momentum Iterative Fast Gradient Sign Method）， was proposed. Firstly， from the perspective of data augmentation， in each iteration of the adversarial example generation process， the original input image was flipped randomly. Then， the gradient of the transformed images was calculated. Finally， the adversarial examples were generated based on this gradient， so as to alleviate the overfitting in the process of adversarial example generation and to improve the transferability of adversarial examples. In addition， the method of attacking ensemble models was used to further enhance the transferability of adversarial examples. Extensive experiments on ImageNet dataset demonstrated the effectiveness of the proposed algorithm. Compared with I-FGSM （Iterative Fast Gradient Sign Method） and MI-FGSM （Momentum I-FGSM）， the average black-box attack success rate of FT-MI-FGSM on the adversarially training networks is improved by 26.0 and 8.4 percentage points under the attacking ensemble model setting， respectively.

The memory data will change after occurring the attack behaviors， and benchmark measurement used by the traditional integrity measurement system has the problems of low detection rate and lack of flexibility. Aiming at the above problems， a memory combined feature classification method based on multiple Back Propagation （BP） neural networks was proposed. Firstly， the feature value of the memory data was extracted by Measuring Object Extraction Algorithm （MOEA）. Then， the model was trained by different BP neural networks. Finally， a BP neural network was used to collect the obtained data and calculate the safety status score of the operating system. Experimental results show that compared with the traditional integrity measurement system using benchmark measurement， the proposed method has much higher accuracy and universality， and the proposed method has a detection accuracy of 98.25%， which is higher than those of Convolutional Neural Network （CNN）， K-Nearest Neighbor （KNN） algorithm and single BP neural network， verifying the proposed method can detect attack behaviors more accurately. The proposed method has the model training time about 1/3 of the traditional single BP neural network， and also has the model training speed improved compared with similar models.