Black box antagonistic attack defense method based on sample selection and model evolution

An adversarial and sample-based technology, applied in character and pattern recognition, instruments, computer components, etc., can solve problems such as different attack effects

Active Publication Date: 2018-09-11
ZHEJIANG UNIV OF TECH
View PDF5 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For the same attack model, the adversarial samples corresponding t

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Black box antagonistic attack defense method based on sample selection and model evolution
  • Black box antagonistic attack defense method based on sample selection and model evolution
  • Black box antagonistic attack defense method based on sample selection and model evolution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0058] The present invention will be further described below in conjunction with the accompanying drawings.

[0059] refer to Figure 1 ~ Figure 3 , a black-box adversarial attack defense method based on sample selection and model evolution, including the following steps:

[0060] 1) Generate an adversarial sample, the process is as follows:

[0061] 1.1) Initialization parameter i=1; if training for the first time, set the number of samples in the adversarial sample pool m0=0, and the number of samples selected in the sample selector Ss Num 0 =Num 1 =···=Num n = a, a is a constant;

[0062] 1.2) Use the sample selector Ss to randomly select samples corresponding to the number Num from the sample S; if the number of j-type samples m j Greater than the number Num to be selected for this class j , then only choose m j samples;

[0063] 1.3) Input the obtained samples into the i-th attack model A i , get the corresponding adversarial sample A i S;

[0064] 1.4) i=i+1, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a black box antagonistic attack defense method based on sample selection and model evolution. The method includes the following steps: 1) using a sample selector to randomly select partial samples from the multiple types of samples to be input into various attack models to generate a large number of counter samples; 2) calculating the attack effect of the counter samples, and analyzing the attack effect of different input samples and the attack model; (3) updating the number of different samples selected by different samples in the attack model and the sample selector according to the attack effect to make the newly generated counter sample have a better attack effect, meanwhile, updating the counter sample pool, storing the several counter samples with the best attack effect, and outputting the counter samples with the best attack effect in the pool to serve as the final result of the current evolution; and 4) training a large number of training output results and normal samples, so that the attack can be defended. According to the invention, the defense capability of the black box model can be improved.

Description

technical field [0001] The invention belongs to the technical field of artificial intelligence security, and in particular relates to a black-box adversarial attack defense method based on sample selection and model evolution. Background technique [0002] Deep learning is at the core of the current rise of machine learning and artificial intelligence. Due to its powerful learning, feature extraction and modeling capabilities, it is widely used in challenging fields such as speech recognition, natural language understanding, and computer vision. And in the field of vision, deep learning has become the main force for various applications such as self-driving cars, face recognition, surveillance and security. [0003] However, the latest research shows that although deep learning can extract normal image features well and perform prediction or classification, it can attack it by adding subtle perturbations to the image, making the model output wrong. These perturbations are ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06K9/62
CPCG06F18/211G06F18/214
Inventor 陈晋音苏蒙蒙郑海斌熊晖林翔俞山青宣琦
Owner ZHEJIANG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap