Adversarial sample defense method based on feature remapping and application

A technology against samples and remapping, applied in character and pattern recognition, instruments, biological neural network models, etc., can solve problems such as influential recognition and complex structure of defense models
CN111401407AActive Publication Date: 2020-07-10ZHEJIANG UNIV OF TECH
9 Cites 9 Cited by

Patent Information

Authority / Receiving Office
CN ยท China
Patent Type
Applications(China)
Current Assignee / Owner
ZHEJIANG UNIV OF TECH
Publication Date
2020-07-10

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses an adversarial sample defense method based on feature remapping and application. The method comprises the steps of: constructing a feature remapping model, wherein the featureremapping model comprises a significant feature generation model used for generating significant features, a non-significant feature generation model used for generating non-significant features and ashared discrimination model used for discriminating the authenticity of the significant features and the non-significant features; constructing a detector according to the significant feature generation model and the non-significant feature generation model, wherein the detector is used for detecting an adversarial sample and a benign sample; constructing a re-identifier according to the significant feature generation model, wherein the re-identifier is used for identifying the category of the adversarial sample; when adversarial sample detection is carried out, connecting a detector to the output of the target model, and carrying out adversarial sample detection by utilizing the detector; and during adversarial sample identification, connecting the re-identifier to the output of the target model, and performing adversarial sample identification by using the re-identifier. The dual defense effect of detection and re-identification of the adversarial sample can be realized.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The present invention relates to the field of defense oriented to deep learning confrontation attack and defense, in particular to a method and application of adversarial sample defense based on feature remapping. Background technique

[0002] With the improvement of hardware computing power, the support of big data storage and the improvement of theoretical framework, deep learning technology has been applied to many fields with its powerful feature extraction and fitting capabilities, including computer vision, natural language processing, and bioinformatics. field and so on. At the same time, deep learning technology is gradually moving from the laboratory to industrialization, among which the application of automatic driving is the most prominent. Road sign recognition, license plate recognition, pedestrian recognition, road recognition, obstacle detection, etc. in the automatic driving system all involve computer vision technology, while voice co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More