Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for generating an adversarial example

An anti-sample and iterative technology, applied in the computer field, can solve the problems of weak attack and blocking, and achieve the effect of strong attack and good attack effect

Active Publication Date: 2021-02-23
ALIPAY (HANGZHOU) INFORMATION TECH CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In the generation methods of adversarial samples in the prior art, small high-frequency perturbations are often added to the original image to generate adversarial samples. Such adversarial samples are easily blocked by filter-type adversarial defense methods and are not very aggressive.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for generating an adversarial example
  • Method and device for generating an adversarial example
  • Method and device for generating an adversarial example

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] The solutions provided in this specification will be described below in conjunction with the accompanying drawings.

[0052] figure 1 It is a schematic diagram of an implementation scenario of an embodiment disclosed in this specification. This implementation scenario involves the generation of adversarial examples. refer to figure 1, the image recognition model is used to classify the input image. The original image belongs to category A. After adding interference to the original image, the adversarial sample is obtained. Since the above-mentioned interference is relatively small and cannot be felt by the human eye, the adversarial sample still belongs to the category in the eyes of the human eye. A, but input the adversarial sample into the image recognition model, the recognition result of the image recognition model is category B. This kind of attack method that deliberately adds interference to the input sample, causing the model to give a wrong output with a hi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of this specification provides a method and device for generating an adversarial sample. The method includes: obtaining the current adversarial sample to be strengthened in the current round of iterations; and presetting the first number of current adversarial samples in the direction of reducing the target loss function Geometric deformation to obtain a deformed image; perform a second pixel-by-pixel update on the deformed image to obtain the first adversarial sample; perform a third pixel-by-pixel update on the current adversarial sample to obtain a second adversarial sample; determine the first adversarial sample and In the second adversarial example, the adversarial example with a smaller loss value is used as an updated adversarial example; when the stop iteration condition is met, the updated adversarial example is used as the final adversarial example; when the stop iteration condition is not met, the next round is performed based on the updated adversarial example iterate. It can make the generated adversarial samples more aggressive, so as to provide targeted defense.

Description

technical field [0001] One or more embodiments of this specification relate to the computer field, and in particular, to a method and an apparatus for generating an adversarial example. Background technique [0002] With the large-scale application of image recognition models, attacks against image recognition models emerge in an endless stream. It is necessary to follow up research in time to discover potential attack methods and prevent dangers before they happen. Among many attack methods, adversarial attack is a new type of attack method with strong aggressiveness. Adversarial attacks obtain adversarial samples by intentionally adding interference to input samples, and through adversarial samples, the image recognition model gives a wrong output with high confidence. [0003] In the generation methods of adversarial samples in the prior art, small high-frequency perturbations are often added to the original image to generate adversarial samples. Such adversarial samples...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06K9/00G06K9/62
CPCG06F21/55G06V40/168G06F18/214
Inventor 傅驰林黄启印周俊张晓露
Owner ALIPAY (HANGZHOU) INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com