Adversarial sample generation method based on Bayesian optimization

An anti-sample and iterative technology, applied to biological neural network models, instruments, platform integrity maintenance, etc., can solve problems such as large query overhead, and achieve the effect of reducing impact

Active Publication Date: 2019-09-24
HANGZHOU DIANZI UNIV
View PDF9 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The main purpose of the present invention is to propose a black-box attack method based on Bayesian optimization to g

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample generation method based on Bayesian optimization
  • Adversarial sample generation method based on Bayesian optimization
  • Adversarial sample generation method based on Bayesian optimization

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0027] The present invention takes an original image as input, calculates the structural similarity between the original image and the random Gaussian image, calculates its gradient, and selects the dimension corresponding to the smallest gradient value. Use Bayesian optimization dimension by dimension to get the best perturbation value. The disturbances obtained by multiple iterations are added together until the category prediction result of the DNN classifier is changed.

[0028] The following examples illustrate the specific implementation of the entire process of the present invention as follows (see the effect diagram of each step figure 2 ):

[0029] Step 1: Obtain the true category y of the source image x c And its probability M c

[0030] x is the original image vector (e.g. figure 1 Shown), Δx is an all-zero disturbance vector with the same dimension as x, x G Is a random vector sampled from a Gaussian distribution with the same dimension as x (such as figure 2 Shown). ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an adversarial sample generation method based on Bayesian optimization. An existing black box attack method needs to inquire a large number of models to obtain optimization information. The adversarial sample generation method is characterized by taking an original picture as input, and determining the position to be optimized by calculating the gradient of the structural similarity of a disturbance picture and the original picture; performing sampling optimization in a selected position by using Bayesian optimization to obtain a disturbance value capable of increasing the loss function at the position; and selecting and optimizing a plurality of positions in an iteration mode to obtain a disturbance value, and stopping until the classification result of the disturbed image is changed or the maximum number of iterations is reached. According to the invention, the number of times of querying the target DNN model can be effectively reduced, and the number of disturbed pixel points is small.

Description

Technical field [0001] The invention belongs to the field of computer digital image processing, and specifically relates to a method for generating confrontation samples. Background technique [0002] Deep learning has made major breakthroughs in solving complex problems that were difficult to solve in the past. For example, it has applications in rebuilding brain circuits, analyzing mutations in DNA, predicting the active structure of potential drug molecules, and analyzing particle accelerator data. Deep Neural Network (DNN) has also become the preferred method to solve many challenging tasks such as speech recognition and natural language understanding. [0003] Although DNN performs various computer vision tasks with amazing accuracy, DNN is extremely vulnerable to adversarial attacks, which are in the form of adding tiny image disturbances that are almost imperceptible to the human visual system. This attack can make the DNN classifier completely change its prediction about t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06K9/62G06N3/04G06F21/55
CPCG06F21/554G06N3/045G06F18/24155G06F18/24
Inventor 刘林兴冯建文
Owner HANGZHOU DIANZI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap