Unlock instant, AI-driven research and patent intelligence for your innovation.

A Classification Boundary Sensitive Adversarial Example Generation Method for Image Recognition Models

A technology against samples and image recognition, applied in genetic models, character and pattern recognition, genetic rules, etc., can solve the problem of not knowing any information about the model

Active Publication Date: 2020-11-13
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The black-box model does not know any information about the model, and can only perform image query operations on the model

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Classification Boundary Sensitive Adversarial Example Generation Method for Image Recognition Models
  • A Classification Boundary Sensitive Adversarial Example Generation Method for Image Recognition Models
  • A Classification Boundary Sensitive Adversarial Example Generation Method for Image Recognition Models

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0084] This embodiment elaborates in detail the process of attacking the laboratory's local ResNet50 black-box model using a black-box attack method based on genetic algorithm-based classification boundary detection described in the present invention. In this embodiment, ResNet50 provided by Keras is selected as the target black box model to be attacked. This model has the ability to identify 1000 image classifications. When building a local laboratory target black box model environment, it only needs to import the model from the Keras toolkit. . In order to ensure the characteristics of the model black box, in this embodiment, the use of the model is limited to the TOP1 tag of the query image, and other data such as the confidence degree returned by it is not referred to. The attack process is as follows:

[0085] 1. Select the original image ( image 3 ) and the target image ( Figure 4 ), and set the size of the two pictures to 224x 224;

[0086] 2. Make sure the target...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method for generating an adversarial sample that is sensitive to classification boundaries of an image recognition model belongs to the fields of neural network security and machine confrontation. It includes the following steps: Step 1, initial parameter setting; Step 2, generating initial gene population; Step 3, gene crossover; Step 4, gene variation; Step 5, gene selection; Step 6, gene evolution iteration; Step 7, reducing confrontation The number of different pixels between the sample and the original sample; Step 8, reduce the number of different RGB channels between the adversarial sample and the original sample; Step 9, reduce the pixel value difference between the adversarial sample and the original image. The black-box attack method proposed by the present invention does not depend on the confidence returned by the model, and only needs a final classification label; it has a good effect on generating adversarial samples for large pictures; The attack method based on the decision boundary requires fewer queries.

Description

technical field [0001] The invention relates to a method for generating an adversarial sample that is sensitive to classification boundaries of an image recognition model, and belongs to the technical fields of machine learning and image recognition. [0002] technical background [0003] Since the deep neural network was proposed, the deep neural network has been greatly developed. At present, deep neural networks have been applied in natural language processing, text mining, malware detection, speech recognition, image recognition and other fields. Especially in the field of image recognition, deep neural networks have shown greater advantages over traditional image recognition algorithms. Because the deep neural network does not need to extract the features of the picture when it recognizes and labels the image, it only needs a large number of pictures as training data for training, so that the neural network can learn its own experience and knowledge to achieve the effec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06N3/12G06K9/62
CPCG06N3/126G06F18/24
Inventor 张全新周宇田郭烽王坤庆李沛桐
Owner BEIJING INSTITUTE OF TECHNOLOGYGY