Generative adversarial network-based adversarial attack sample generation method

A network and sample technology, applied in the field of adversarial attack sample generation, can solve problems such as low robustness, lack of learning ability in data distribution, etc.

Active Publication Date: 2020-06-12
星汉智能科技股份有限公司
View PDF4 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] In order to overcome the defects that most of the existing adversarial attack sample generation methods are based on optimization equations and simple pixel space matrix metrics, lack of learning ability for data distribution, and have low robustness, the present invention provides a method based on generative adversarial network The generation method of adversarial attack samples improves the robustness of classifiers and the quality and efficiency of adversarial attack samples generation, and promotes the development of adversarial attack research field

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Generative adversarial network-based adversarial attack sample generation method
  • Generative adversarial network-based adversarial attack sample generation method
  • Generative adversarial network-based adversarial attack sample generation method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0109] figure 1 A flowchart representing a method for generating an adversarial attack sample based on a generative adversarial network, figure 2 Denotes the first training framework based on Generator Adversarial Networks, including the generator G 1 , generator G 2 , discriminator D 1 and target attack network F.

[0110] Among them, in this embodiment, the generator G 1 Use ResNet's basic residual module as a deconvolutional neural network to upsample the tensor, random noise z and random condition vector c fake as generator G 1 The input of is obtained by deconvolution network up-sampling to obtain a fake sample image x fake ; generator G 2 Use ResNet's basic residual module as a deconvolutional neural network to upsample tensors, and random noise z as a generator G 2 The input of the deconvolution network is up-sampled to obtain the anti-disturbance x pb ; The target attack network F uses VGG as the network structure to counter the attack sample x adv As the in...

Embodiment 2

[0133] Figure 8 Denotes the second training framework based on the generator confrontation network, including the generator G 1 , generator G 2 , discriminator D 1 and the discriminator D 2 The target attacks network F.

[0134] Among them, in this embodiment, the generator G 1 Use ResNet's basic residual module as a deconvolutional neural network to upsample the tensor, random noise z and random condition vector c fake as generator G 1 The input of is obtained by deconvolution network up-sampling to obtain a fake sample image x fake ; generator G 2 Use ResNet's basic residual module as a deconvolutional neural network to upsample tensors, and random noise z as a generator G 2 The input of the deconvolution network is up-sampled to obtain the anti-disturbance x pb ; The target attack network F uses VGG as the network structure to counter the attack sample x adv As the input of the target attack network F, the output confrontation loss; the discriminator D 1 Using R...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a generative adversarial network-based adversarial attack sample generation method. The method comprises the steps of S1, collecting a training sample image; s2, preprocessing and classification definition; s3, constructing a training framework, wherein the training framework comprises a generator, a discriminator and a target attack network; s4, generating random noise anda random condition vector based on the training sample images after preprocessing and classification definition; s5, taking the random noise and the random condition vector as input of a generator inthe training framework, training the generator and a discriminator of the training framework, and storing trained training framework parameters; and S6, finishing training, and generating an adversarial attack sample. The method provided by the invention has relatively strong data learning capability and relatively high robustness, overcomes the defect that an existing method lacks learning capability for data distribution based on an optimization equation and matrix measurement of a simple pixel space, and improves the generation quality and efficiency of an anti-attack sample.

Description

technical field [0001] The present invention relates to the technical field of generating adversarial attack samples, and more specifically, to a method for generating adversarial attack samples based on generative adversarial networks. Background technique [0002] Deep learning occupies a core position in today's rapidly developing field of machine learning and artificial intelligence. However, modern visual deep neural networks (DNN) cannot effectively resist attacks from adversarial attack samples. The perturbed input samples are very vulnerable, and this kind of adversarial attack samples can mislead the deep neural network to produce wrong output results. [0003] At present, the academic community has proposed a variety of attack strategies for generating adversarial attack samples. In the research of generating adversarial attack samples, a series of available and effective attack models have been proposed. These models can be classified into the following categories...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N3/04G06N3/08
CPCG06N3/084G06N3/045G06F18/241G06F18/214
Inventor 孔锐黄钢曹后杰
Owner 星汉智能科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap