Adversarial sample generation method for image recognition model classification boundary sensitivity

A technology against samples and image recognition, applied in genetic models, character and pattern recognition, genetic rules, etc., can solve the problem of not knowing any information about the model, and achieve less query times and better results

Active Publication Date: 2019-07-02
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF2 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The black-box model does not know any information about the m

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample generation method for image recognition model classification boundary sensitivity
  • Adversarial sample generation method for image recognition model classification boundary sensitivity
  • Adversarial sample generation method for image recognition model classification boundary sensitivity

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0085] This embodiment elaborates in detail the process of attacking the laboratory's local ResNet50 black-box model using a black-box attack method based on genetic algorithm-based classification boundary detection described in the present invention. In this embodiment, ResNet50 provided by Keras is selected as the target black box model to be attacked. This model has the ability to identify 1000 image classifications. When building a local laboratory target black box model environment, it only needs to import the model from the Keras toolkit. . In order to ensure the characteristics of the model black box, in this embodiment, the use of the model is limited to the TOP1 tag of the query image, and other data such as the confidence degree returned by it is not referred to. The attack process is as follows:

[0086] 1. Select the original image ( image 3 ) and the target image ( Figure 4 ), and set the size of the two pictures to 224x 224;

[0087] 2. Make sure the target...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an adversarial sample generation method for image recognition model classification boundary sensitivity, and belongs to the field of neural network security and machine adversary. The method comprises the following steps: step 1, setting initial parameters; 2, generating an initial gene population; step 3, carrying out gene crossover; step 4, carrying out gene variation; step 5, carrying out gene selection; step 6, performing gene evolution iteration; step 7, reducing the number of different pixel points of the adversarial sample and the original sample; step 8, reducing the number of different RGB channels of the adversarial sample and the original sample; and step 9, reducing the pixel value difference between the adversarial sample and the original picture. The black box attack method provided by the invention does not depend on the confidence coefficient returned by the model, and only needs one final classification label; the method has a very good effect on generating adversarial samples for large-scale pictures; under the condition that parameter adjustment is appropriate, the number of query times required by the method is smaller than that requiredby a common decision boundary-based attack method.

Description

technical field [0001] The invention relates to a method for generating an adversarial sample that is sensitive to classification boundaries of an image recognition model, and belongs to the technical fields of machine learning and image recognition. [0002] technical background [0003] Since the deep neural network was proposed, the deep neural network has been greatly developed. At present, deep neural networks have been applied in natural language processing, text mining, malware detection, speech recognition, image recognition and other fields. Especially in the field of image recognition, deep neural networks have shown greater advantages over traditional image recognition algorithms. Because the deep neural network does not need to extract the features of the picture when it recognizes and labels the image, it only needs a large number of pictures as training data for training, so that the neural network can learn its own experience and knowledge to achieve the effec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06N3/12G06K9/62
CPCG06N3/126G06F18/24
Inventor 张全新周宇田郭烽王坤庆李沛桐
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap