Anti-attack method based on training set data

A training set and data technology, applied in the fields of instruments, character and pattern recognition, computer components, etc., can solve the problem of unconvincing linear assumptions, and achieve the effect of small disturbance
CN111488916AActive Publication Date: 2020-08-04TIANJIN UNIV
2 Cites 7 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
TIANJIN UNIV
Publication Date
2020-08-04

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses an anti-attack method based on training set data. The method comprises the following steps: step 1, training a detection model by using a VOC2007 image data set; step 2, screening the image in the training set to search a single-class training set image Y; step 3, using the image set Y to construct a KD-tree for storage; step 4, for a to-be-attacked picture, querying a non-same class training image closest to the to-be-attacked picture in Y through a KD-tree; step 5, constructing initial radial noise z *; step 6, constructing a disturbance space, and randomly sampling the disturbance space to obtain eta; step 7, adjusting the disturbance quantity in an image detection frame, and generating a new adversarial sample x' according to eta; step 8, querying the new adversarial sample x '; and step 9, repeating the steps 5, 6, 7 and 8 until the attack succeeds to obtain a final adversarial sample x ', and inputting the adversarial sample into the target model for classification to obtain a classification result F (x'). The attack effect can be achieved at the fastest speed, and the generated disturbance is very small.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of machine learning security, in particular to a method for gray-box confrontation decision-making attacks oriented to a deep image recognition system. Background technique

[0002] Many deep learning models without defense measures are considered to be vulnerable to adversarial attacks. Adding small perturbations to the original image can maliciously mislead the model and make the model misclassify. Researchers have done a lot of research on designing different adversarial attack methods to fool state-of-the-art deep convolutional networks. Attacks can be roughly divided into three categories: ① Gradient-based iterative attacks, such as FGSM, I-FGSM, VR-IGSM and a series of FGSM variants; ② Optimization-based iterative attacks, such as C&W (Carlini&Wagner); ③ Decision boundary-based Attacks, such as boundary attack.

[0003] Tanay and Griffin provide a boundary-slanting perspective on the existence of adv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More