Adversarial patch generation method and system, adversarial patch detection model training method and system and adversarial patch defense method and system
A technology for detecting models and patches, applied in the field of face recognition, which can solve problems such as property privacy leakage
Active Publication Date: 2020-06-26
ALIPAY (HANGZHOU) INFORMATION TECH CO LTD
View PDF8 Cites 16 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
With the help of certain attack methods, attackers can make face recognition results go wrong by carrying anti-patches (for example, wearing glasses frames), so that attackers can pretend to be others to achieve various purposes, such as unlocking doors, unlocking devices, and swiping faces to pay Etc., easy to cause various adverse effects, such as leakage of property and / or privacy, etc.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0024] In order to more clearly illustrate the technical solutions of the embodiments of the present specification, the following briefly introduces the drawings that need to be used in the description of the embodiments. Apparently, the accompanying drawings in the following description are only some examples or embodiments of this specification, and those skilled in the art can also apply this specification to other similar scenarios. Unless otherwise apparent from context or otherwise indicated, like reference numerals in the figures represent like structures or operations.
[0025] It should be understood that "system", "device", "unit" and / or "module" as used herein is a method for distinguishing different components, elements, components, parts or assemblies of different levels. However, the words may be replaced by other expressions if other words can achieve the same purpose.
[0026] As indicated in the specification and claims, the terms "a", "an", "an" and / or "the...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The embodiment of the invention discloses an adversarial patch generation method and system, an adversarial patch detection model training method and system and an adversarial patch defense method andsystem. The adversarial patch generation method comprises the following steps: generating adversarial patches; detecting feature points in the adversarial sample and the target face image; and basedon the feature point set of each region of interest of the adversarial sample and the feature point set of each region of interest of the target face image, calculating the regional similarity of theadversarial sample and the target face on the regions of interest, and adjusting an adversarial patch in the adversarial sample to at least increase the regional similarity. Correspondingly, a detection model capable of detecting whether the face image contains the adversarial patch generated according to the method or not can be trained, so that the reliability of a face recognition result is ensured, for example, leakage of user properties and / or privacy after the identity of the user is pretended can be avoided.
Description
technical field [0001] This specification relates to the field of face recognition, and in particular to a method and system for generating an adversarial patch, training a detection model, and defending against an adversarial patch. Background technique [0002] With the large-scale application of face recognition models, attack methods against face recognition models emerge in endlessly. With the help of certain attack methods, attackers can make face recognition results go wrong by carrying anti-patches (for example, wearing glasses frames), so that attackers can pretend to be others to achieve various purposes, such as unlocking doors, unlocking devices, and swiping faces to pay Etc., it is easy to cause various adverse effects, such as leakage of property and / or privacy and so on. [0003] Therefore, it is necessary to study and discover the attack methods against the face recognition model in advance, so that an effective defense plan can be formulated for the newly d...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/00G06K9/62G06N20/00G06N20/10
CPCG06N20/10G06N20/00G06V40/161G06F18/22
Inventor 傅驰林张晓露周俊
Owner ALIPAY (HANGZHOU) INFORMATION TECH CO LTD