Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Point attack method for generating adversarial sample based on weight spectrum

A technology against samples and weight spectrum, which is applied in the direction of digital data protection, etc.

Active Publication Date: 2020-03-06
DALIAN UNIV OF TECH
View PDF3 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] In order to make the sample show better anti-detection ability, balance tampering degree and attack success rate, and solve the problem of combination of salient spectrum selection points in the attack process, the present invention proposes a point attack method based on weight spectrum to generate adversarial samples, The method proposes a classification detector for identifying adversarial samples containing singularities, a point-based attack, and a new constraint based on a weight map, which can balance the degree of tampering and attack success rate, and can easily set any number of fixed tampering points, or Automatic generation of adversarial examples via least pixel attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Point attack method for generating adversarial sample based on weight spectrum
  • Point attack method for generating adversarial sample based on weight spectrum
  • Point attack method for generating adversarial sample based on weight spectrum

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] In view of the poor ability of adversarial samples to resist human eye detection and machine learning method detection, this application proposes a point attack method based on weight spectrum to generate adversarial samples. The method first calculates the weight spectrum based on the edge image generated by the edge filter from the original image, and then modifies the existing method on this basis to make it suitable for the method of point attack. Then, based on the weight spectrum, a constraint function that balances the degree of tampering and attack success rate is proposed. Finally, two methods of fixed tampering points and minimum pixel point attack are used to generate adversarial samples.

[0057] The specific plan is as follows:

[0058] Threshold-based methods for detecting singularities:

[0059] By mapping different samples to the same kernel space, Meng et al. proposed to use the maximum mean difference (MMD) to compute the distance. MMD uses statistic...

Embodiment 2

[0125] A point attack method for generating adversarial samples based on weight spectrum, the steps are as follows:

[0126] S1. Distinguishing adversarial samples containing singular points;

[0127] S2. Design a new point-based attack method to generate adversarial samples with anti-perception and anti-detection performance. The newly generated adversarial samples need to meet the following requirements: they cannot be perceived by human eyes and can be detected as normal samples by existing detection methods;

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a point attack method for generating an adversarial sample based on a weight spectrum, and belongs to the technical field of computer image processing. The technical scheme ofthe point attack method includes the steps: calculating average distances between singular points and adjacent points (4 or 8 points) of the singular points to serve as evaluation indexes to distinguish adversarial samples containing the singular points; designing an optimization function to improve the anti-detection performance, modifying optimization steps to achieve point-based attacks, solving the problems existing in a significance spectrum, and finally, designing a new point-based attack method to generate a countermeasure sample with good anti-perception capacity and anti-detection performance; and directly setting more tampering for the unstable area (the area with the large weight), and introducing new constraints for conveniently balancing the number of tampering points, the tampering degree and the attack success rate. The point attack method has the advantages that the positions and tampering degrees of points needing to be tampered are determined through the generated weight spectrum, and meanwhile on the premise that the tampering degrees are specified, confrontation samples can be generated through a fixed-point number or minimum-pixel-point attack method.

Description

technical field [0001] The invention belongs to the technical field of computer image processing, in particular to a point attack method for generating an adversarial sample based on a weight spectrum. Background technique [0002] In recent years, the emergence of adversarial examples has made investigators question the application of deep learning, although this situation is not only in deep learning. Due to the powerful learning ability, deep learning is widely used in various image domains. Some domains are related to real physical scenarios, such as self-driving cars. Szegedy et al. point out that small perturbations can lead to misclassification. Adversarial examples will always exist since the limited number of training sets cannot fit all physical world scenarios. Investigators have proposed many methods to attack previous classifiers to generate adversarial examples or defend against adversarial examples. All of these will help researchers move closer to underst...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/64
CPCG06F21/64
Inventor 赵梦楠王波
Owner DALIAN UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com