A deep learning classification method with the function of defending against adversarial sample attacks

A technology against samples and classification methods, applied in neural architectures, biological neural network models, etc., can solve problems such as single attack and lack of universality, and achieve the effect of improving performance robustness

Active Publication Date: 2020-11-03
ZHEJIANG UNIV OF TECH
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, adversarial examples are a solution to nonlinear and non-convex optimization problems of deep neural network models, and it is necessary to have a good method to describe these complex optimization problems; from the perspective of defense, most defense research focuses on the defense of a single attack, through Capture the attacker's adversarial samples and start the adversarial learning of the deep neural network to defend against the attack. Therefore, adversarial training that relies on a small number of existing adversarial samples is not universal

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A deep learning classification method with the function of defending against adversarial sample attacks
  • A deep learning classification method with the function of defending against adversarial sample attacks
  • A deep learning classification method with the function of defending against adversarial sample attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0058] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, and do not limit the protection scope of the present invention.

[0059] The device for realizing the classification method of the present invention is a three-party game model based on a generative confrontation network, and its structure is as follows: figure 1 As shown, it mainly includes three modules: 1) The function of the attack generation model (Attack Generator, AG) is to automatically generate an adversarial sample x with as little disturbance as possible and as strong attack capability as possible adv , whose input consists of normal samples x nor , the real class label y of the sample, and the noise z; 2) The function of t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a deep learning classification method with the function of defending against adversarial sample attacks. The device for realizing the classification method includes: an attack generation model AG, an adversarial sample discrimination model D, and a classification model DNN. The specific methods are as follows: (1) Normal use The data set trains DNN, and the classification accuracy is greater than the preset value, and the training of DNN is stopped; (2) Alternately train the parameters of AG and D until AG‑D achieves Nash equilibrium; (3) Alternately train the parameters of AG and DNN until AG-DNN realizes Nash equilibrium; (4) judge whether the adversarial example discrimination model D and the classification model DNN reach Pareto optimality, if yes, DNN training is completed, and step (5) is performed; otherwise, return to step (2); ( 5) Input the sample to be classified into the trained classification model DNN to obtain the classification result. The invention can effectively solve the vulnerability of the classification model in the face of confrontation samples in practical classification applications, and improve the robustness of the model performance.

Description

technical field [0001] The invention belongs to the research field of deep learning algorithms and models in the field of artificial intelligence, and specifically relates to a deep learning classification method with the function of defending against adversarial sample attacks. Background technique [0002] At present, deep learning has attracted the attention of a large number of scholars and research institutions. Through the continuous improvement of hardware performance, deep learning has been widely used in object detection, image semantic segmentation and understanding, knowledge graph, data generation and other fields. Deep learning is one of the most commonly used technologies for artificial intelligence machine learning, and adversarial attacks on deep neural networks are a serious security risk. Adversarial attack is defined as a malicious attack in which an attacker obtains an adversarial sample by adding carefully designed small perturbations to the original dat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06N3/04
CPCG06N3/045
Inventor 陈晋音郑海斌熊晖沈诗婧苏蒙蒙
Owner ZHEJIANG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap