Unlock instant, AI-driven research and patent intelligence for your innovation.

Image classification method capable of avoiding adversarial sample attacks

A technology against samples and classification methods, applied in the field of neural networks, can solve the problem of sacrificing the classification accuracy of neural networks and achieve high classification accuracy

Active Publication Date: 2020-10-09
EAST CHINA NORMAL UNIV +1
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the above methods all sacrifice the classification accuracy of the neural network on clean samples

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Image classification method capable of avoiding adversarial sample attacks
  • Image classification method capable of avoiding adversarial sample attacks
  • Image classification method capable of avoiding adversarial sample attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0039] figure 1 Schematic flow chart for image classification of the present invention; as figure 1 As shown, first train an image classifier, when a test image needs to predict its classification, first calculate its ITP value, the calculation formula of ITP is: is the pixel value of row i and column i of the image, and its range is (0, 255). p(x j,i ,x j,i+1 ) can be obtained from the pixel value migration matrix P obtained by statistically classifying data. P (i,j) Represents the probability that the pixel value changes from i to j. The specific elements in P can be obtained by traversing the data of the same category: h (i,j) (x i ,x i+1 ) is 1 when the pixel values ​​of two adjacent elements are 1, otherwise it is 0.

[0040] If the value of ITP is greater than the ITP threshold ITP t , this threshold can be obtained by counting the ITP values ​​of clean samples and adversarial samples. The present invention corrects it, traverses the pixels in the image one ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

According to an image classification method for avoiding adversarial sample attacks, the method is based on region classification, and the attack of the adversarial sample on a classifier can be reduced in image classification. The method mainly comprises the following steps: 1, an image is modeled, wherein the image is regarded as a structural body containing a plurality of Markov processes; 2, possible adversarial samples are corrected, the pixel value of the image is modified along the decreasing direction of the image transition probability (ITP) in the correction process, and particularly, after the value of a certain pixel is modified, the change of the ITP greatly exceeds a certain threshold value, and the change of the pixel value is discarded; 3, during sampling, directional sampling is carried out. According to the method provided by the invention, the high classification accuracy of the clean sample can be maintained, and the certain accuracy of the adversarial sample can also be achieved. According to the method, thinking and operation are provided for application of the deep learning model in the safety-related application field.

Description

technical field [0001] The invention belongs to neural network technology, and relates to an image area classifier based on detection and correction of image samples. Background technique [0002] In recent years, deep learning has achieved remarkable results in image classification, speech recognition, natural language processing, malware detection, computer vision, etc. Although deep neural networks have shown very good performance in classification, deep neural networks are extremely vulnerable to adversarial examples. For example, an attacker can add a small noise to a test example, so that the most advanced classifier can be tricked into giving an incorrect classification. This kind of sample is called an adversarial sample. Therefore, adversarial examples greatly limit the use of deep learning, especially in safety-critical applications, such as self-driving cars and face payment. Therefore, it is necessary to develop a method to defend against adversarial example at...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/62
CPCG06F18/2415G06F18/241Y02T10/40
Inventor 赵涌鑫蒋家威蒲戈光刘虹
Owner EAST CHINA NORMAL UNIV