Unlock instant, AI-driven research and patent intelligence for your innovation.

Anti-sample defense method, device, system and storage medium

A technology against samples and storage media, applied in the security field, can solve problems such as deceiving artificial intelligence systems, speech recognition system recognition errors, and judgment errors

Active Publication Date: 2021-01-05
SICHUAN PANOVASIC TECH
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Adversarial samples refer to samples generated after normal samples are attacked and destroyed. Adversarial samples can deceive the artificial intelligence system and cause its judgment to be wrong.
For example, a speech that sounds like "Hello", under normal circumstances the speech recognition system will recognize and output the text "Hello", if the speech is an adversarial sample after being attacked, although people still sound "Hello" Speech, but the speech recognition system will recognize and output the text "attack" (the content is determined by the attacker) that targets the attack in advance, which in turn will cause the speech recognition system to recognize the error
For another example, if a picture A is input to the image recognition system, if the picture A is an adversarial sample after being attacked and destroyed, then the image recognition system will recognize the picture A as picture B, which will cause the image recognition system to recognize the error

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anti-sample defense method, device, system and storage medium
  • Anti-sample defense method, device, system and storage medium
  • Anti-sample defense method, device, system and storage medium

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0042]Please refer tofigure 2 ,figure 2 This is a flowchart of a method for defending against samples provided by the first embodiment of the present invention. The method is applied tofigure 1 The electronic device 100 shown, the following willfigure 2 The illustrated process is elaborated, and the method includes:

[0043]S100: Obtain raw data to be processed.

[0044]Wherein, the original data may be separate image data, for example, the original data may be a picture of an apple, a picture of a human face, etc., wherein the original data is content directly observed by the human eye, and It is not the content recognized by the image recognition system; the original data can also be separate audio data. For example, the original data can be a voice of "hello", a voice of "power on", etc. The original data is passed through The sound directly heard by human ears is not the voice recognized by the voice recognition system; the original data may also be video data including both image dat...

no. 2 example

[0087]Please refer toimage 3 ,image 3 It is a structural block diagram of a defense device 400 against samples provided by the second embodiment of the present invention. The device is stored asfigure 1 The electronic device 100 will be described belowimage 3 The structure shown in the block diagram is illustrated, and the shown device includes:

[0088]The first acquiring unit 410 is configured to acquire raw data to be processed.

[0089]The second acquiring unit 420 is configured to acquire a feature vector used to characterize the original data.

[0090]The matching unit 430 is configured to match the feature vector with the pre-stored feature vector of the normal sample and the feature vector of the adversarial sample to obtain a matching result, wherein the adversarial sample represents data after normal data is destroyed.

[0091]The processing unit 440 is configured to process the original data when the matching result indicates that the feature vector belongs to the feature vector of t...

no. 3 example

[0101]Please refer toFigure 4,Figure 4It is a structural block diagram of a defense system against samples provided by the third embodiment of the present invention. The system includes: a recognition system 500 and the device 400 described in the second embodiment, the device is connected to the recognition system 500, and the original data After being processed by the anti-sample defense device, it is input to the recognition system 500. Wherein, the recognition system 500 is an image recognition system and / or a voice recognition system, the recognition system 500 may be an image recognition system alone, the recognition system 500 may be a voice recognition system alone, and the recognition system 500 may include both an image recognition system and a voice recognition system.

[0102]In addition, the embodiment of the present invention also provides a storage medium in which a computer program is stored. When the computer program runs on a computer, the computer is caused to execut...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a defense method, device and system for adversarial samples and a storage medium. The method comprises the steps of obtaining to-be-processed original data; Obtaining a featurevector used for representing the original data feature; matching the feature vector with a pre-stored feature vector of a normal sample and a pre-stored feature vector of an adversarial sample, and obtaining a matching result, the adversarial sample representing data after destroying the normal data; And when the matching result represents that the feature vector belongs to the feature vector of the adversarial sample, processing the original data to prevent the original data from being input to an identification system. The feature vector of the to-be-processed data is matched with the feature vector of the pre-stored normal sample and the feature vector of the adversarial sample, so that whether the to-be-processed data is the adversarial sample or not can be judged, the adversarial sample is prevented from being input into the recognition system, and it is ensured that the recognition system can correctly process the input data without being interfered and damaged.

Description

Technical field[0001]The present invention relates to the field of security technology, and in particular to a method, device, system and storage medium for defending against samples.Background technique[0002]The adversarial sample refers to the sample generated after the normal sample is damaged by the attack. The adversarial sample can deceive the artificial intelligence system and cause its judgment to be wrong. For example, a voice that sounds like "Hello". Under normal circumstances, the voice recognition system will recognize and output the text "Hello". If the voice is an adversarial sample after being attacked, people still sound like "Hello". Voice, but the voice recognition system will recognize and output the text "attack" (the content is determined by the attacker) of the targeted attack in advance, which will lead to the recognition error of the voice recognition system. For another example, if an A picture is input to an image recognition system, if the A picture is a ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06K9/62
Inventor 彭凝多唐博魏华强彭恒进李锐
Owner SICHUAN PANOVASIC TECH