Unlock instant, AI-driven research and patent intelligence for your innovation.

Adversarial sample defense method based on image super-resolution reconstruction

An adversarial sample, image reconstruction technology, applied in the field of artificial intelligence, can solve the problems of life and property threats, deceive the classifier classification, algorithm defect training model robustness model training data integrity and other issues, to eliminate malicious attacks, reduce costs and effect of cost

Active Publication Date: 2020-11-10
XIHUA UNIV
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, while deep learning brings great convenience to people, it also leaves behind many potential safety hazards, such as its algorithm flaws, the robustness of the training model, and the integrity of the data used for model training. Anti-sample attack is one of its security risks
[0004] The more popular understanding of adversarial samples is to add some adversarial samples formed by artificially constructed disturbances to clean data. This disturbance or noise is very small, and people cannot easily distinguish whether there are adversarial samples with the naked eye. But in deep learning When classifying, these adversarial examples can "fool" the neural network model to make the classifier misclassify. In this way, if the adversarial examples are applied to natural language processing, face recognition, automatic driving and other fields, it will be very likely to be harmful to people. serious threat to life and property
[0005] For example, if the disturbance of "going straight" is added to the stop sign in automatic driving, after forming an adversarial sample, the person still looks like a stop sign, so it will not be misclassified, but the classifier will think it is a straight sign, and serious problems will occur. as a result of

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample defense method based on image super-resolution reconstruction
  • Adversarial sample defense method based on image super-resolution reconstruction
  • Adversarial sample defense method based on image super-resolution reconstruction

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] The present invention is realized through the following technical solutions, as figure 1 As shown, an adversarial sample defense method based on image super-resolution reconstruction is proposed, which is divided into two parts: the first part is to input the training samples into the defense model for training, and obtain the trained defense model; the second part is to input the initial samples into the training In a good defense model, normal samples are obtained after defending against malicious attacks, and then the normal samples are input into the classification model to obtain correct classification results and achieve the effect of defending against malicious attacks.

[0039] The first part is to train the defense model. The input training samples are clean samples. The training process is divided into image preprocessing and image reconstruction for the training samples, and output normal samples.

[0040] See figure 2 , first input the clean sample into th...

Embodiment 2

[0066] In this embodiment, the MNIST data set is selected for the method of embodiment 1 to test the defense result.

[0067] The MNIST data set is provided by the National Institute of Standards and Technology (NIST), which contains a total of 70,000 image data and their corresponding labels, including 60,000 training data and 10,000 test data, each image The data is a single-channel image composed of 28*28 pixels. Each pixel is represented by a gray value. The minimum value of the image data is 0, and the maximum value is close to 1. This is because the data has been standardized. , if no normalization process is performed, the pixel value of the image will be between 0 and 255, and all images will score ten different categories from 0 to 9.

[0068] Then the network structure of the defense model (GN-CNN model) on the MNIST dataset and its corresponding parameters are shown in Table 1:

[0069]

[0070] Table 1

[0071] The output data of each layer in the network is u...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of artificial intelligence, and provides an adversarial sample defense method based on image super-resolution reconstruction, which comprises the followingsteps of inputting a training sample into a defense model for training to output a normal sample to obtain a trained defense model; wherein the training sample is a clean sample; inputting the initial sample into a trained defense model, sequentially carrying out image preprocessing and image reconstruction to output a normal sample, and inputting the normal sample into a classification model toobtain a correct classification result; wherein the initial sample comprises an adversarial sample and a clean sample. No matter whether a clean sample or an adversarial sample is input, the defense model designed by the invention can be reconstructed into a normal sample to achieve the function of defending malicious attacks, while many existing defense methods need to independently train a training set and a test set to realize the defense method, so that the scheme reduces the defense cost and expense.

Description

technical field [0001] The present invention relates to the technical field of artificial intelligence, in particular to a method for defending against examples based on image super-resolution reconstruction. Background technique [0002] Deep learning shows extremely powerful self-learning ability in the research and application of artificial intelligence, because the deep convolutional neural network is composed of multi-layer nonlinear structure, which enables it to learn various complex high-dimensional features and Fitting a variety of complex sample spaces, these characteristics make it have a very powerful expressive ability, so it has achieved great success in many fields. [0003] However, while deep learning brings great convenience to people, it also leaves behind many potential safety hazards, such as its algorithm flaws, the robustness of the training model, and the integrity of the data used for model training. Adversarial sample attack is one of its security ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06T3/40G06N3/04G06N3/08G06K9/62
CPCG06T3/4053G06N3/08G06N3/045G06F18/24G06F18/214
Inventor 刘兴伟何意廖明阳陈琪琪曾晓龙
Owner XIHUA UNIV