Unlock instant, AI-driven research and patent intelligence for your innovation.

Image confrontation sample generation device and method based on mobility

A technology for countering samples and generating devices, which is applied to biological neural network models, instruments, character and pattern recognition, etc., can solve the problem of low mobility and achieve the effect of increasing the calculation rate, increasing the success rate, and increasing the attack success rate

Active Publication Date: 2021-01-12
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF9 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] For the above-mentioned black-box attack that requires a large number of inquiries, or the problem of low migration, the attack success rate of the adversarial samples is improved under the condition of a small number of inquiries

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Image confrontation sample generation device and method based on mobility
  • Image confrontation sample generation device and method based on mobility
  • Image confrontation sample generation device and method based on mobility

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0039] This experiment is to generate multiple adversarial samples according to the above framework and method, and count the effectiveness of the adversarial samples. The hardware environment and software environment of this experiment are shown in Table 1 below:

[0040] Table 1 Experimental environment configuration

[0041]

[0042] The parameter information used by the adversarial sample generation method is as follows:

[0043] Table 2 Algorithm parameter information

[0044] The maximum number of iterations 1000 PGD ​​iterations 1000 Training autoencoder module parameter p 1 -8

Training autoencoder module parameters λ 0.1 Training autoencoder module parameters β 0.01

[0045] The present invention provides a migration-based image adversarial sample generation device, including the following modules:

[0046] Self-encoder training module: use the image training data set for unsupervised training to obtain an autoencoder;

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the field of computer software, discloses an image confrontation sample generation device and method based on mobility, and aims at solving the problem that black box attacksneed a large amount of inquiry or are not high in mobility so as to improve the attack success rate of confrontation samples under the condition of a small amount of inquiry. The main scheme comprisesthe following steps: 1) inputting a normal image sample; 2) processing the image sample by an auto-encoder to obtain dimension-reduced data D; 3) sequentially transmitting the images into a screenedlocal image classifier, and obtaining different disturbances ri by using a PGD adversarial sample generation algorithm; 4) linearly integrating the disturbances according to the weight coefficients toobtain final disturbance f (D); 5) adding disturbance f (D) to the data D after dimension reduction, and decoding the data D through an auto-encoder to obtain a final adversarial sample.

Description

technical field [0001] The invention belongs to the field of computer software, and specifically relates to a migration-based adversarial sample generation framework and method, which can improve a certain degree of migration by querying a small amount of target models. Background technique [0002] In recent years, deep neural networks have been widely used in various aspects. It can even match human performance in image recognition, such as image classification systems, face recognition, etc., and can already achieve a recognition rate of more than 99%. However, most researchers care more about the performance of the model (such as the correct rate), but ignore the fragility and robustness of the model. Existing models are vulnerable to "adversarial examples", which can make the model misjudgment, and then allow the attacker to bypass the model detection, for example, in an image classification system, by adding a small perturbation to the original image information (the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/62G06N3/04
CPCG06N3/045G06F18/213G06F18/214G06F18/241
Inventor 张小松牛伟纳丁康一孙逊朱航李信强蒋廉
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA