Method and device for generating small adversarial patches

A patch and small technology, applied in the field of machine learning, can solve the problem of small feature difference and performance loss
CN112241790BActive Publication Date: 2021-03-30BEIJING REALAI TECH CO LTD
6 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Patents(China)
Current Assignee / Owner
BEIJING REALAI TECH CO LTD
Publication Date
2021-03-30

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

A small confrontation patch generation method and device, by randomly initializing the confrontation patch image, adding the initialized confrontation patch image to the selected pasting area on the target object in the training data to make a confrontation sample; sending the confrontation sample into the depth The learning model performs adversarial feature extraction, and the benign samples without adversarial patch images are sent to the deep learning model for benign feature extraction; the adversarial features and benign features are jointly input into the feature enhancement loss function for loss calculation, and the loss result is obtained; It is added to the model loss function, and the pixel value of the adversarial patch is updated by the optimizer after backpropagation; after a preset number of iterations, the adversarial patch makes the deep learning model output the wrong result, and the adversarial patch processing process is ended. The invention can make the size of the confrontation patch in the physical world smaller, reduce the production cost, reduce the identifiability of the confrontation patch, and make it easier to break through the detection-based defense method.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of machine learning, in particular to a method and device for generating a small-scale confrontation patch. Background technique

[0002] An adversarial patch is an adversarial example used to attack a deep learning model in the physical world and make the model output wrong results. The anti-patch with a large area has a significant attack effect, but the anti-patch with a large area is easy to be identified, and it is difficult to break through the defense method based on feature detection. Therefore, reducing the area and reducing the recognition degree have become the development trend of anti-patch. However, shrinking the area of ​​the adversarial patch will sharply reduce the attack success rate.

[0003] At this stage, methods to improve the effect of anti-patch attacks can be found in some work on attacking deep learning models in the physical world based on anti-patch. These works include the phy...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More