Unlock instant, AI-driven research and patent intelligence for your innovation.

Adversarial sample defense method based on image super-resolution reconstruction

A technology against samples and image reconstruction, applied in the field of artificial intelligence, can solve problems such as life and property threats, deceiving classifier classification, errors, etc., to achieve the effect of removing malicious attacks and reducing costs and costs

Active Publication Date: 2022-04-22
XIHUA UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, while deep learning brings great convenience to people, it also leaves behind many potential safety hazards, such as its algorithm flaws, the robustness of the training model, and the integrity of the data used for model training. Anti-sample attack is one of its security risks
[0004] The more popular understanding of adversarial samples is to add some adversarial samples formed by artificially constructed disturbances to clean data. This disturbance or noise is very small, and people cannot easily distinguish whether there are adversarial samples with the naked eye. But in deep learning When classifying, these adversarial examples can "fool" the neural network model to make the classifier misclassify. In this way, if the adversarial examples are applied to natural language processing, face recognition, automatic driving and other fields, it will be very likely to be harmful to people. serious threat to life and property
[0005] For example, if the disturbance of "going straight" is added to the stop sign in automatic driving, after forming an adversarial sample, the person still looks like a stop sign, so it will not be misclassified, but the classifier will think it is a straight sign, and serious problems will occur. as a result of

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample defense method based on image super-resolution reconstruction
  • Adversarial sample defense method based on image super-resolution reconstruction
  • Adversarial sample defense method based on image super-resolution reconstruction

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] The present invention is realized through the following technical solutions, as figure 1 As shown, an adversarial sample defense method based on image super-resolution reconstruction is proposed, which is divided into two parts: the first part is to input the training samples into the defense model for training, and obtain the trained defense model; the second part is to input the initial samples into the training In a good defense model, normal samples are obtained after defending against malicious attacks, and then the normal samples are input into the classification model to obtain correct classification results and achieve the effect of defending against malicious attacks.

[0039] The first part is to train the defense model. The input training samples are clean samples. The training process is divided into image preprocessing and image reconstruction for the training samples, and output normal samples.

[0040] See figure 2 , first input the clean sample into th...

Embodiment 2

[0066] In this embodiment, the MNIST data set is selected for the method of embodiment 1 to test the defense result.

[0067] The MNIST data set is provided by the National Institute of Standards and Technology (NIST), which contains a total of 70,000 image data and their corresponding labels, including 60,000 training data and 10,000 test data, each image The data is a single-channel image composed of 28*28 pixels. Each pixel is represented by a gray value. The minimum value of the image data is 0, and the maximum value is close to 1. This is because the data has been standardized. , if no normalization process is performed, the pixel value of the image will be between 0 and 255, and all images will score ten different categories from 0 to 9.

[0068] Then the network structure of the defense model (GN-CNN model) on the MNIST dataset and its corresponding parameters are shown in Table 1:

[0069]

[0070] Table 1

[0071] The output data of each layer in the network is u...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to the technical field of artificial intelligence, and proposes an adversarial sample defense method based on image super-resolution reconstruction, comprising the following steps: inputting training samples into a defense model for training, so as to output normal samples and obtain a trained defense model; the training The sample is a clean sample; input the initial sample into the trained defense model, perform image preprocessing and image reconstruction in sequence to output a normal sample, and then input the normal sample into the classification model to obtain the correct classification result; the initial sample includes adversarial Sample, clean sample. The defense model designed by the present invention can be reconstructed as a normal sample regardless of inputting a clean sample or an adversarial sample, so as to achieve the function of defending against malicious attacks. However, many existing defense methods need to train a training set and a test set separately to realize the defense method. , so this scheme reduces the cost and cost of defense.

Description

technical field [0001] The present invention relates to the technical field of artificial intelligence, in particular to a method for defending against examples based on image super-resolution reconstruction. Background technique [0002] Deep learning shows extremely powerful self-learning ability in the research and application of artificial intelligence, because the deep convolutional neural network is composed of multi-layer nonlinear structure, which enables it to learn various complex high-dimensional features and Fitting a variety of complex sample spaces, these characteristics make it have a very powerful expressive ability, so it has achieved great success in many fields. [0003] However, while deep learning brings great convenience to people, it also leaves behind many potential safety hazards, such as its algorithm flaws, the robustness of the training model, and the integrity of the data used for model training. Adversarial sample attack is one of its security ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06T3/40G06N3/04G06N3/08G06K9/62G06V10/774G06V10/764G06V10/82
CPCG06T3/4053G06N3/08G06N3/045G06F18/24G06F18/214
Inventor 刘兴伟何意廖明阳陈琪琪曾晓龙
Owner XIHUA UNIV