Adversarial sample generation method and system for image data

A technology against samples and image data, applied in the field of machine learning, can solve problems such as attacks against samples, achieve the effect of improving security and robustness, strong practicability, and optimizing search time

Pending Publication Date: 2020-04-10
成都网域复兴科技有限公司
View PDF1 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is: in order to solve the problem that the existing machine learning model is highly linear and easily attacked by adversarial samples, the present invention provides a method and system for generating adversarial samples for image data, using genetic algorithm as an adversarial sample generation algorithm , optimize the size of the disturbance and the effectiveness of the generated disturbance. According to the weighted sum of the above two indicators as the fitness of the population, in an ideal case, a disturbance that can change the model identification result and the disturbance size is within a certain range vector to improve the machine learning model

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample generation method and system for image data
  • Adversarial sample generation method and system for image data
  • Adversarial sample generation method and system for image data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] Such as figure 1 As shown, this embodiment provides a method for generating an adversarial example for image data, including the following steps:

[0045] S1 data preparation: collect the original element data of the image, perform preliminary processing on the collected original element data and classify it, and obtain the training features. This embodiment uses the CIFAR10 data set to extract the images in the CIFAR10 data set. Class images are tagged and marked, and are divided into 10 categories in total, namely category 0 to category 10;

[0046] S2 model pre-training: use the training features to train a neural network model that has not undergone adversarial training to obtain the model to be attacked;

[0047] S3 Generating an adversarial sample: The model to be attacked is used as a parameter for calculating fitness, and a genetic algorithm is used to generate an adversarial sample based on this parameter, specifically:

[0048] S3.1 Data encoding: Use the ge...

Embodiment 2

[0071] This embodiment uses the CIFAR10 data set as the data set, such as figure 2 As shown, the images in the CIFAR10 dataset are divided into 10 categories, each category contains 6,000 images, of which 50,000 images are used for training, forming 5 training batches, each batch of 10,000 images, and another 10,000 images are used for testing. Individually constitute a batch. The images of the test batch are taken from each of the 10 categories, and 1000 images are randomly extracted from each category, and the remaining images are randomly arranged to form a training batch. It is worth noting that there is not a certain number of images of each category in a training batch. Same, but ensemble of 5 training batches including 5000 images for each class.

[0072] S1 data preparation: collect the original element data of the image, perform preliminary processing on the collected original element data and classify it, and obtain the training features. This embodiment uses the C...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an adversarial sample generation method and system for image data and relates to the technical field of machine learning. The method comprises the steps: carrying out the feature extraction of data in an obtained original element data set, and training a neural network model recognition model as a to-be-attacked model; taking the to-be-attacked model as a parameter of fitness calculation of a genetic algorithm, generating an effective disturbance result by optimizing the magnitude of the disturbance generated by the genetic algorithm and the weighted sum of the recognition effect of the model on the disturbance. According to the method, a certain sample can be calculated by using the genetic algorithm and model parameters of the to-be-attacked training to obtain thedisturbance parameters capable of enabling the to-be-attacked model to generate recognition errors as a countermeasure sample of the sample, so that the to-be-attacked model can be improved, and thesafety and robustness of the to-be-attacked model to the countermeasure sample are improved.

Description

technical field [0001] The present invention relates to the technical field of machine learning, and more specifically relates to a method and system for generating an adversarial example for image data. Background technique [0002] In recent years, machine learning has been widely used and has achieved good application results in many fields, such as malicious email detection, malicious program detection, image recognition, face recognition, image classification, unmanned driving, etc., which are closely related to people's daily life There are examples of machine learning in every field. Therefore, machine learning gradually penetrates into people's daily life and becomes a key technology to improve people's living standards. However, while machine learning has brought great help to people's learning and life, there are still many security problems in machine learning algorithms. In early spam detection systems and intrusion detection systems, attackers targeted the char...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N3/12G06N3/04G06N3/08
CPCG06N3/126G06N3/086G06N3/045G06F18/214
Inventor 陈香宇
Owner 成都网域复兴科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap