A method for generating adversarial attack samples based on generative adversarial networks

A network and sample technology, applied in the field of adversarial attack sample generation, can solve the problems of lack of learning ability and low robustness of data distribution, and achieve the effect of improving the quality and efficiency of generation, overcoming matrix metrics, and promoting development.

Active Publication Date: 2022-02-22
星汉智能科技股份有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] In order to overcome the defects that most of the existing adversarial attack sample generation methods are based on optimization equations and simple pixel space matrix metrics, lack of learning ability for data distribution, and have low robustness, the present invention provides a method based on generative adversarial network The generation method of adversarial attack samples improves the robustness of classifiers and the quality and efficiency of adversarial attack samples generation, and promotes the development of adversarial attack research field

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for generating adversarial attack samples based on generative adversarial networks
  • A method for generating adversarial attack samples based on generative adversarial networks
  • A method for generating adversarial attack samples based on generative adversarial networks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0109] figure 1 A flowchart representing a method for generating an adversarial attack sample based on a generative adversarial network, figure 2 Denotes the first training framework based on Generator Adversarial Networks, including the generator G 1 , generator G 2 , discriminator D 1 and target attack network F.

[0110] Among them, in this embodiment, the generator G 1 Use ResNet's basic residual module as a deconvolutional neural network to upsample the tensor, random noise z and random condition vector c fake as generator G 1 The input of is obtained by deconvolution network up-sampling to obtain a fake sample image x fake ; generator G 2 Use ResNet's basic residual module as a deconvolutional neural network to upsample tensors, and random noise z as a generator G 2 The input of the deconvolution network is up-sampled to obtain the anti-disturbance x pb ; The target attack network F uses VGG as the network structure to counter the attack sample x adv As the in...

Embodiment 2

[0133] Figure 8 Denotes the second training framework based on the generator confrontation network, including the generator G 1 , generator G 2 , discriminator D 1 and the discriminator D 2 The target attacks network F.

[0134] Among them, in this embodiment, the generator G 1 Use ResNet's basic residual module as a deconvolutional neural network to upsample the tensor, random noise z and random condition vector c fake as generator G 1 The input of is obtained by deconvolution network up-sampling to obtain a fake sample image x fake ; generator G 2 Use ResNet's basic residual module as a deconvolutional neural network to upsample tensors, and random noise z as a generator G 2 The input of the deconvolution network is up-sampled to obtain the anti-disturbance x pb ; The target attack network F uses VGG as the network structure to counter the attack sample x adv As the input of the target attack network F, the output confrontation loss; the discriminator D 1 Using R...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention proposes a method for generating an adversarial attack sample based on a generative adversarial network, including: S1. collecting training sample images; S2. preprocessing and classification definition; S3. constructing a training framework, which includes a generator, a discriminator and a target Attack the network; S4. Generate random noise and random condition vector based on the training sample image after preprocessing and classification definition; S5. Use random noise and random condition vector as the input of the generator in the training framework, and the generator of the training framework Train with the discriminator, and save the training frame parameters after training; S6. The training is completed, and an adversarial attack sample is generated. The method proposed by the invention has strong data learning ability and high robustness, overcomes the drawbacks of existing methods based on optimization equations and matrix metrics in simple pixel space, and lacks learning ability for data distribution, and improves adversarial attack samples production quality and efficiency.

Description

technical field [0001] The present invention relates to the technical field of generating adversarial attack samples, and more specifically, to a method for generating adversarial attack samples based on generative adversarial networks. Background technique [0002] Deep learning occupies a core position in today's rapidly developing field of machine learning and artificial intelligence. However, modern visual deep neural networks (DNN) cannot effectively resist attacks from adversarial attack samples. The perturbed input samples are very vulnerable, and this kind of adversarial attack samples can mislead the deep neural network to produce wrong output results. [0003] At present, the academic community has proposed a variety of attack strategies for generating adversarial attack samples. In the research of generating adversarial attack samples, a series of available and effective attack models have been proposed. These models can be classified into the following categories...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06K9/62G06N3/04G06N3/08
CPCG06N3/084G06N3/045G06F18/241G06F18/214
Inventor 孔锐黄钢曹后杰
Owner 星汉智能科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap