Migratable adversarial sample attack method based on attention mechanism

A technology of adversarial samples and attention, which is applied in the field of transferable adversarial sample attacks, can solve the problems of low success rate of white-box target attacks, low migration rate of black-box targets, misleading classification models, etc., and achieve the goal of improving the success rate of target attacks Effect

Pending Publication Date: 2020-11-06
GUIZHOU UNIV +1
View PDF8 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the above-mentioned deficiencies in the prior art, the present invention provides a transferable adversarial sample attack method based on the attention mechanism, which destroys the information-rich, The main focus of the model is to solve the pr

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Migratable adversarial sample attack method based on attention mechanism
  • Migratable adversarial sample attack method based on attention mechanism
  • Migratable adversarial sample attack method based on attention mechanism

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0044] The following describes the specific embodiments of the present invention to facilitate those skilled in the art to understand the present invention, but it should be clear that the present invention is not limited to the scope of the specific embodiments, for those of ordinary skill in the art, as long as various changes These changes are obvious within the spirit and scope of the present invention defined and determined by the appended claims, and all inventions and creations that utilize the concept of the present invention are protected.

[0045] The embodiment of the present invention provides a transferable anti-sample attack method based on an attention mechanism, which uses an iterative fast gradient symbol attack method based on accumulated momentum in the feature space of the model to destroy the information-rich and the main concern of the model. In order to generate highly mobile adversarial samples with high success rate of white-box target attacks.

[0046] The...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a migratable adversarial sample attack method based on an attention mechanism, and the method comprises the steps of selecting a local replacement network model, constructing afeature library, and enabling an original image to be mapped into a feature space; adopting an iterative fast gradient symbol attack method based on momentum accumulation to enable the characteristics of the original picture to be far away from the original category area and to be close to the target category area; and inputting an adversarial sample obtained by attacks into a black box classification model, and outputting a target category by a misleading model. According to the invention, a triple loss function is used to destroy an area which is rich in information and is mainly concernedby the model in an attacked model characteristic space; the problems of low white-box target attack success rate and low black-box target mobility of an existing attack method in a classification taskof a complex data set are solved, and misleading of a classification model is effectively realized under the condition of considering a white-box scene and a black-box scene.

Description

technical field [0001] The invention belongs to the technical field of adversarial attacks, and in particular relates to a transferable adversarial sample attack method based on an attention mechanism. Background technique [0002] With the rapid development of deep learning, researchers can solve many computer vision tasks such as image classification and segmentation. However, due to the advent of adversarial examples, more widespread attention has been paid to the shortcomings of convolutional neural networks. Adversarial examples refer to adding some subtle perturbations that cannot be perceived by the human eye to the original input image, so that the convolutional neural network cannot correctly predict the image. The current method of generating adversarial samples can be divided into non-target attack and targeted attack according to the target or expectation of the attack. The former refers to the attacker’s goal only to make the classification model give wrong pre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06K9/62G06N3/04G06N3/08
CPCG06N3/08G06N3/045G06F18/2415G06F18/214
Inventor 宋井宽黄梓杰高联丽
Owner GUIZHOU UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap