Small adversarial patch generation method and device

A patch and small technology, applied in the field of machine learning, can solve the problem of small feature difference and performance loss

Active Publication Date: 2021-01-19
BEIJING REALAI TECH CO LTD
View PDF6 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the existing anti-patch attack performance improvement methods do not focus on solving the performance loss caused by the smaller feature difference.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Small adversarial patch generation method and device
  • Small adversarial patch generation method and device
  • Small adversarial patch generation method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] see figure 1 and figure 2 , providing a small-scale anti-patch generation method, which can be used for products or projects that generate anti-patch based on neural network gradient descent. The small-scale anti-patch generation method includes the following steps:

[0051] S1. Given an adversarial patch image, randomly initialize the adversarial patch image;

[0052] S2. Add the initialized confrontation patch image to the pasting area selected on the target object in the training data, and make it into a confrontation sample;

[0053] S3. Sending the adversarial samples into the deep learning model for extracting adversarial features, and sending benign samples without added adversarial patch images into the deep learning model for extracting benign features;

[0054] S4. Input the adversarial features and the benign features together into a feature enhancement loss function to perform loss calculation, and obtain a loss result;

[0055] S5. Add the loss result t...

Embodiment 2

[0095] see image 3 , providing a small-scale anti-patch generation device, using embodiment 1 or any possible implementation of the small-scale anti-patch generation method, including:

[0096] The anti-patch initialization module 1 is used to randomly initialize the anti-patch image for a given anti-patch image;

[0097] The confrontation sample generation module 2 is used to add the initialized confrontation patch image to the pasting area selected on the target object object in the training data, and make it into a confrontation sample;

[0098]The confrontation feature extraction module 3 is used to transport the confrontation sample into the deep learning model for confrontation feature extraction;

[0099] The benign feature extraction module 4 is used to feed the benign samples without added confrontation patch images into the deep learning model for benign feature extraction;

[0100] The loss result acquisition module 5 is used to jointly input the confrontation fe...

Embodiment 3

[0106] A computer-readable storage medium is provided, wherein the computer-readable storage medium stores program codes for Deepfake detection generated by small-scale anti-patches, and the program codes are included in the implementation of Embodiment 1 or any possible implementation thereof. Instructions for small adversarial patch generation methods.

[0107] The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server, a data center, etc. integrated with one or more available media. The available medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, DVD), or a semiconductor medium (for example, a solid state disk (SolidStateDisk, SSD)) and the like.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a small adversarial patch generation method and device, and the method comprises the steps: carrying out the random initialization of an adversarial patch image, adding the initialized adversarial patch image to a selected pasting region on a target object in training data, and manufacturing an adversarial sample; transmitting the adversarial samples into a deep learning model for adversarial feature extraction, and transmitting benign samples without adversarial patch images into the deep learning model for benign feature extraction; jointly inputting the adversarial features and the benign features into a feature enhancement loss function for loss calculation to obtain a loss result; adding a loss result into a model loss function, and updating a pixel value of the adversarial patch through an optimizer after back propagation; and after preset times of iteration, enabling the adversarial patch to enable the deep learning model to output an error result, and ending the adversarial patch processing process. According to the method, the size of the anti-patch in the physical world can be smaller, the manufacturing cost is reduced, the identifiability of the anti-patch is reduced, and a defense method based on detection is broken through more easily.

Description

technical field [0001] The invention relates to the technical field of machine learning, in particular to a method and device for generating a small-scale confrontation patch. Background technique [0002] An adversarial patch is an adversarial example used to attack a deep learning model in the physical world and make the model output wrong results. The anti-patch with a large area has a significant attack effect, but the anti-patch with a large area is easy to be identified, and it is difficult to break through the defense method based on feature detection. Therefore, reducing the area and reducing the recognition degree have become the development trend of anti-patch. However, shrinking the area of ​​the adversarial patch will sharply reduce the attack success rate. [0003] At this stage, methods to improve the effect of anti-patch attacks can be found in some work on attacking deep learning models in the physical world based on anti-patch. These works include the phy...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06N3/08G06N3/04G06K9/46
CPCG06N3/084G06V10/40G06N3/045
Inventor 李连吉田天
Owner BEIJING REALAI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap