Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A point attack method for generating adversarial samples based on weight spectrum

A technology against samples and weight spectrum, which is applied in the direction of digital data protection, etc.

Active Publication Date: 2021-12-17
DALIAN UNIV OF TECH
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] In order to make the sample show better anti-detection ability, balance tampering degree and attack success rate, and solve the problem of combination of salient spectrum selection points in the attack process, the present invention proposes a point attack method based on weight spectrum to generate adversarial samples, The method proposes a classification detector for identifying adversarial samples containing singularities, a point-based attack, and a new constraint based on a weight map, which can balance the degree of tampering and attack success rate, and can easily set any number of fixed tampering points, or Automatic generation of adversarial examples via least pixel attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A point attack method for generating adversarial samples based on weight spectrum
  • A point attack method for generating adversarial samples based on weight spectrum
  • A point attack method for generating adversarial samples based on weight spectrum

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] In view of the poor ability of adversarial samples to resist human eye detection and machine learning method detection, this application proposes a point attack method based on weight spectrum to generate adversarial samples. The method first calculates the weight spectrum based on the edge image generated by the edge filter from the original image, and then modifies the existing method on this basis to make it suitable for the method of point attack. Then, based on the weight spectrum, a constraint function that balances the degree of tampering and attack success rate is proposed. Finally, two methods of fixed tampering points and minimum pixel point attack are used to generate adversarial samples.

[0057] The specific plan is as follows:

[0058] Threshold-based methods for detecting singularities:

[0059] By mapping different samples to the same kernel space, Meng et al. proposed to use the maximum mean difference (MMD) to compute the distance. MMD uses statistic...

Embodiment 2

[0126] A point attack method for generating adversarial samples based on weight spectrum, the steps are as follows:

[0127] S1. Distinguishing adversarial samples containing singular points;

[0128] S2. Design a new point-based attack method to generate adversarial samples with anti-perception and anti-detection performance. The newly generated adversarial samples need to meet the following requirements: they cannot be perceived by human eyes and can be detected as normal samples by existing detection methods;

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A point attack method for generating adversarial samples based on a weight spectrum belongs to the technical field of computer image processing. Technical solution: Calculate the average distance between singular points and their neighboring points (4 or 8 points) as an evaluation index to distinguish adversarial samples containing singular points; design optimization functions to improve anti-detection performance, modify optimization steps to achieve point-based attack, solve the problem of saliency spectrum, and finally realize the design of a new point-based attack method to generate anti-perception and anti-detection performance better adversarial samples; choose to directly set more tampering, introducing new constraints for the convenience of weighing the number of tampering points, degree of tampering, and attack success rate. The beneficial effect is that: the present invention uses the generated weight spectrum to determine the position and degree of tampering point, and at the same time, under the premise of specifying the degree of tampering, a fixed number of points or a minimum pixel point attack method can be used to generate an adversarial sample.

Description

technical field [0001] The invention belongs to the technical field of computer image processing, in particular to a point attack method for generating an adversarial sample based on a weight spectrum. Background technique [0002] In recent years, the emergence of adversarial examples has made investigators question the application of deep learning, although this situation is not only in deep learning. Due to the powerful learning ability, deep learning is widely used in various image domains. Some domains are related to real physical scenarios, such as self-driving cars. Szegedy et al. point out that small perturbations can lead to misclassification. Adversarial examples will always exist since the limited number of training sets cannot fit all physical world scenarios. Investigators have proposed many methods to attack previous classifiers to generate adversarial examples or defend against adversarial examples. All of these will help researchers move closer to underst...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/64
CPCG06F21/64
Inventor 赵梦楠王波
Owner DALIAN UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com