Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A step size self-adaptive attack resisting method based on model extraction

An adaptive, step-size technology, applied to biological neural network models, character and pattern recognition, instruments, etc., to achieve strong non-black box attack capabilities and good attack effects

Active Publication Date: 2019-06-28
TIANJIN UNIV
View PDF8 Cites 37 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At the same time, the existing methods use the gradient information obtained by the model extraction at each step only to calculate the sign of the gradient value

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A step size self-adaptive attack resisting method based on model extraction
  • A step size self-adaptive attack resisting method based on model extraction
  • A step size self-adaptive attack resisting method based on model extraction

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] Embodiments of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0036] Here, Inception-v3 is selected as the target model, and the target model is attacked by an adversarial sample construction method that adaptively adjusts the noise step size.

[0037]Step 1. Form the collected pictures and label information into pairs, where the categories are 0~n-1, that is, there are n categories in all images, specifically including the following processing:

[0038] (1-1) Use the ImageNet large-scale image classification dataset to form the image collection IMG:

[0039]

[0040] where x i represents an image, N d Indicates the total number of images in the image collection IMG;

[0041] (1-2) Construct the image description set GroundTruth corresponding to each image in the image set IMG:

[0042]

[0043] Among them, y i Indicates the category number corresponding to each image, N d Indicates the total...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a step size self-adaptive attack resisting method based on model extraction. The step size self-adaptive attack resisting method comprises the following steps: step 1, constructing an image data set; Step 2, training a convolutional neural network for the image set IMG to serve as a to-be-attacked target model, step 3, calculating a cross entropy loss function, realizing model extraction of the convolutional neural network, and initializing a gradient value and a step length g1 of an iterative attack; Step 4, forming a new adversarial sample x1; 5, recalculating the cross entropy loss function, and updating the step length of adding the confrontation noise in the next step by using the new gradient value; Step 6, repeatedly the process of inputting images, calculating cross entropy loss function, computing the step size, updating the adversarial sample; repeatedly operating the step 5 for T-1 timeS, obtaining a final iteration attack confrontation sample x'i, and inputting the confrontation sample into the target model for classification to obtain a classification result N (x'i). Compared with the prior art, the method has the advantages that a better attackeffect can be achieved, and compared with a current iteration method, the method has higher non-black box attack capability.

Description

technical field [0001] The invention relates to the field of machine learning security technology, in particular to a non-black-box anti-iterative attack method oriented to a deep image recognition system. Background technique [0002] In recent years, with the continuous progress and development of machine learning theory and technology, especially breakthroughs in the fields of computer vision and multimedia, technologies such as medical image processing, biological image recognition, and face recognition have been widely used. However, the rapid development of the field of machine learning also brings many security problems. In systems closely related to security and privacy, such as autonomous driving, health systems, and financial systems, the security of machine learning poses a potential threat to people's vital interests and even life. Therefore, how to maintain the security of machine learning systems and how to protect user privacy has become the basis for the dev...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N3/04
Inventor 韩亚洪石育澄
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products