Adversarial sample defense method and system based on VAE-GAN

A VAE-GAN, adversarial sample technology, applied in the field of adversarial sample defense methods and systems based on VAE-GAN, can solve the problems of the decline of the original classifier classification accuracy, high defense training costs, and poor generality of defense solutions, and achieve defense effects. Good, low training cost, fast preprocessing

Pending Publication Date: 2020-08-28
HUAZHONG UNIV OF SCI & TECH
View PDF6 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0020] Aiming at the problems existing in the prior art, the present invention provides a VAE-GAN-based adversarial example defense method, which aims to solve the existing adversarial exampl

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample defense method and system based on VAE-GAN
  • Adversarial sample defense method and system based on VAE-GAN
  • Adversarial sample defense method and system based on VAE-GAN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

[0051] The traditional denoising of images and reduction of over-fitting of deep neural networks can no longer defend against the attacks of these adversarial samples, and the current defense schemes have the disadvantages of high training costs and poor defensive migration capabilities.

[0052] In the current defense scheme, input preprocessing will cause the quality of the input image to decrease and reduce the classification accuracy of the original noise-free image. At the same time, most of the defense schemes have a better defense effect on adversarial samples with larger disturbances. The smaller the disturbance, t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of confrontation sample defense. The invention discloses an adversarial sample defense method and system based on VAE-GAN. A variational automatic encoderVAE and a generative adversarial network GAN are used to denoise an adversarial sample, the VAE is used as a preprocessing model of a classifier to denoise the adversarial sample, and the GAN is usedto assist training of the VAE, so that an image result output by the VAE is closer to an original noiseless image. The adversarial sample defense method based on VAE-GAN provided by the invention belongs to input preprocessing, and learning migration can be carried out among different classification models; the original classification network does not need to be retrained, and the training cost islow; the classification precision of the original noiseless sample is hardly influenced; an adversarial sample is not needed, so that an external training adversarial sample is not needed; the defense effect on adversarial samples with low noise is also very good; the preprocessing speed is high, and the output image quality is close to that of an original noiseless image.

Description

Technical field [0001] The invention belongs to the technical field of adversarial sample defense, and in particular relates to a method and system for adversarial sample defense based on VAE-GAN. Background technique [0002] At present, deep neural networks have excellent performance in many problems that are difficult to solve by traditional machine learning. With the continuous improvement of deep neural network models, more and more deep learning solutions are slowly entering people's daily lives, such as: image recognition, face recognition, automatic driving, voice command recognition, etc. Although deep neural networks have excellent performance in various fields, Szegedy et al. proved that modern deep neural networks are very vulnerable to attacks by adversarial examples. These adversarial examples only add subtle perturbations (not detectable by human vision) to the original image. Cause the deep neural network model to misclassify the image (such as Figure 5 Shown). ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06T5/00G06N3/08G06N3/04
CPCG06T5/002G06N3/08G06N3/045
Inventor 何永庆王海卫王荣耀王珂
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap