General countermeasure disturbance generation method

A technology of confrontation and perturbation vector, applied in neural learning methods, biological neural network models, instruments, etc., can solve problems such as non-convergence, failure of confrontation samples, generalization ability of confrontation samples, diversity and confrontation strength, etc. Achieve the effect of improving robustness, high misclassification, and strong generalization ability

Inactive Publication Date: 2020-06-05
NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
View PDF0 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The study found that since the adversarial samples are not generated based on semantics, the adversarial samples are very sensitive to the image preprocessing process, and any area screenshot, zoom in and out, and rotation can easily invalidate the adversarial

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • General countermeasure disturbance generation method
  • General countermeasure disturbance generation method
  • General countermeasure disturbance generation method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The present invention will now be described in further detail with reference to the drawings. Here, the exemplary embodiments of the present invention and the description thereof are used to explain the present invention, but not as a limitation to the present invention.

[0032] It should be noted that a universal anti-disturbance generation method is characterized by including the following steps:

[0033] Step 1: Obtain the network structure and weight matrix of the target artificial neural network;

[0034] Step 2: Initialize general counter disturbance;

[0035] Step 3: Randomly sample pictures from the training set, superimpose them with the current general counter disturbance and input them into the neural network;

[0036] Step 4: Backpropagation gradients in the current picture label and the label with the highest predicted probability;

[0037] Step 5: Use the prediction vector and two sets of gradients to calculate the update amount against disturbance;

[0038] Step 6:...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a general countermeasure disturbance generation method, which comprises the following steps of: (1) acquiring a network structure and a weight matrix of a target artificial neural network; (2) initializing an adversarial disturbance vector; (3) randomly sampling pictures from a training set, superposing the pictures with the current general adversarial disturbance, and inputting the superposed pictures into a neural network; (4) performing back propagation of gradients at a current picture label and a label with the maximum prediction probability other than the currentpicture label; (5) calculating an updating amount of the countermeasure disturbance by utilizing a predicted vector and the two groups of gradients; and (6) repeating the steps (3)-(5) until the current general countermeasure disturbance can reach a predetermined error rate on a test set. According to the general countermeasure disturbance generation method, the position of the decision-making boundary of the target artificial neural network can be accurately found out based on the network structure and the weight matrix of the target artificial neural network, and blind spots of a classifierin feature extraction are reflected to a certain extent.

Description

Technical field [0001] The invention belongs to an adversarial sample generation algorithm in the field of deep learning security, in particular a general anti-disturbance generation method. Background technique [0002] Deep learning is leading a new wave of artificial intelligence and has received widespread attention in many fields. Especially in the field of graphics and images, applications such as face recognition and autonomous driving are gradually entering our lives. At the same time, the security problems of deep learning have gradually emerged, facing threats from multiple aspects: including software implementation vulnerabilities in the deep learning framework, counterattacks, and pollution of training data. The adversarial attack refers to the attack that deceives the target system by constructing specific input samples without changing the target machine learning system. The samples specially constructed by the attacker to implement the adversarial attack are usual...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06K9/62G06N3/04G06N3/08
CPCG06N3/084G06N3/045G06F18/214
Inventor 王炳璇
Owner NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap