Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Antagonistic attack and defense method and system based on PID controller

A defense system and adversarial technology, which is applied in the directions of instruments, machine learning, character and pattern recognition, etc., can solve the problems of decreased attack success rate, limited attack success rate, and limited transferability of confrontation samples, achieving high attack success rate, Improve the effect of robustness and strong migration

Inactive Publication Date: 2020-12-15
SUN YAT SEN UNIV
View PDF0 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Existing adversarial attack and defense algorithms face four problems: The first problem is that gradient-based adversarial attacks need to know the specific structure and parameters of the network model, while attacks on black-box models mainly rely on the migration of generated adversarial samples. , so as the attacker knows the structural information of the model and the data sources for training the model become less and less, the attack success rate will also decrease; the second problem is for the defense model, the attack success rate of the existing adversarial attack algorithm limited; the third problem is that for the existing defense methods, the transfer of adversarial samples in the process of implementing adversarial training is limited, resulting in low robustness of the defense model; the fourth problem is that the existing technology is also Unable to accurately assess the robustness of machine learning models and the effectiveness of adversarial defense methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Antagonistic attack and defense method and system based on PID controller
  • Antagonistic attack and defense method and system based on PID controller
  • Antagonistic attack and defense method and system based on PID controller

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0035] Such as figure 1 As shown, the present embodiment is based on the P (proportional), I (integral) and D (differential) controllers for adversarial attack and defensive attack, mainly related to the following technologies: 1) PID controller-based adversarial attack method: through the loss function The gradient relative to the input data is divided into current and past gradient information, corresponding to the P controller and I controller in the PID controller, and the D controller is calculated using the current and past gradient difference; 2) based on The defense method of the PID controller: using the adversarial samples generated by the adversarial attack method based on the PID controller to conduct adversarial training on the machine learning model becomes a defense method to improve the robustness of the model.

[0036] Such as figure 2 As shown, the present embodiment is based on the adversarial attack and defense method of the PID controller, and the specif...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an antagonistic attack and defense method and system based on a PID controller. The method comprises the following steps: S1, inputting a training data set and a machine learning model f; s2, training a machine learning model f according to the input training data set; and S3, judging whether the loss function J is converged or not, if the loss function J is not converged,training the machine learning model f by adopting the adversarial sample xadv generated by the adversarial attack based on the PID controller and the original data x as a training data set until theloss function J is converged to obtain the trained machine learning model f, and if the loss function J is converged, directly outputting a result. According to the invention, a higher attack successrate can be realized under the same disturbance constraint limitation through a process of generating an adversarial sample by an adversarial attack, and the invention can be used for evaluating the performance of a machine learning model and the effectiveness of an adversarial defense method; adversarial training on the machine learning model by using adversarial samples generated by adversarialattacks can be used as a defense method to improve the robustness of the model.

Description

technical field [0001] The invention relates to the security field of artificial intelligence machine learning methods, in particular to an adversarial attack and defense method and system based on a PID (Proportional Integral Derivative) controller. Background technique [0002] Machine learning is the core of artificial intelligence. In recent years, machine learning has achieved unprecedented development, and its application has spread across various fields of artificial intelligence. Especially in the fields of data mining, computer vision, natural language processing and unmanned driving, the application of machine learning has achieved great success. However, existing machine learning models are vulnerable to adversarial examples, where attackers can generate adversarial examples by adding subtle perturbations to the original input data. Adversarial examples with additional subtle perturbations will not affect human judgment, but will cause machine learning models to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N20/00
CPCG06N20/00G06F18/214
Inventor 黄方军万晨
Owner SUN YAT SEN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com