Adversarial sample generation method based on discrete wavelet transform

A discrete wavelet transform, adversarial sample technology, applied in neural learning methods, biological neural network models, instruments, etc., can solve problems such as large query overhead, and achieve the effect of reducing the impact

Pending Publication Date: 2020-09-25
HANGZHOU DIANZI UNIV
View PDF4 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the problem that the existing black-box attack method brings a large amount of query overhea

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample generation method based on discrete wavelet transform
  • Adversarial sample generation method based on discrete wavelet transform
  • Adversarial sample generation method based on discrete wavelet transform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] The present invention takes an original image as input, uses discrete wavelet decomposition to separate the low-frequency component and high-frequency component of the original image, and iteratively optimizes and updates the low-frequency component to finally generate an effective adversarial example.

[0057] The specific implementation of the whole process of the present invention is illustrated below by way of example (the effect diagram of each step is referring to the accompanying drawings of the description):

[0058] Step 1. Get the original image x c the true class of y c and its probability vector p H (·|x c )

[0059] Let H denote the DNN classifier, x c Represents the original image vector (such as figure 1 shown), δ means the same as x c An all-zero perturbation vector with the same dimension, p h (·|x c ) means x c is the output of the input DNN classifier, y c means x c the true category of y t =argmax(p h (·|x c )) represents the class pred...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an adversarial sample generation method based on discrete wavelet transform. According to an existing black box attack method, a large number of models need to be inquired to obtain the optimization information. According to the method, an original picture is used as input, a gradient estimation method and a gradient descent method are combined, disturbance is iteratively added into a clear sample, and finally an adversarial sample capable of misleading a model is generated. In order to improve the attack efficiency, discrete wavelet transform is used for separating a high-frequency part and a low-frequency part of a sample, disturbance is only added to the low-frequency part, and the number of sampling points is dynamically adjusted in the process of estimating thegradient of the low-frequency part, so that the model query frequency required for generating an adversarial sample is reduced. According to the invention, the frequency of querying the target DNN model can be effectively reduced.

Description

technical field [0001] The invention belongs to the field of computer digital image processing, and in particular relates to a method for generating an adversarial sample based on discrete wavelet transform. Background technique [0002] Machine learning and deep learning related technologies have gained great attention in recent years. Due to its excellent performance, it has been widely used in the field of computer vision. The scope of application includes image recognition, target detection, image segmentation, super-resolution Rate and other tasks, and the application scenarios cover various scenarios such as face detection, attitude detection, and automatic driving. With the gradual application of machine learning-related techniques, the security of these systems has become an important research area. [0003] Although the recognition accuracy of the most advanced image classification model on ImageNet and other data sets has surpassed that of humans, some studies hav...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06K9/48G06K9/62G06N3/04G06N3/08
CPCG06N3/08G06V10/478G06V10/46G06N3/045G06F18/241Y02T10/40
Inventor 冯建文刘林兴
Owner HANGZHOU DIANZI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap