Imperceptible adversarial patch generation method and application

A patch, adversarial sample technology, applied in neural learning methods, biological neural network models, instruments, etc., can solve problems such as deception recognition systems, less training to enhance model defense capabilities, and no consideration of patch imperceptibility.

Pending Publication Date: 2021-02-12
ZHEJIANG UNIVERSITY OF SCIENCE AND TECHNOLOGY
View PDF0 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The significance of solving the above problems and defects is: the purpose of a class of anti-patch methods proposed so far is to deceive the recognition system, and is rarely used to resist training and enhance the defense capabilities of the model; it also does not consider the imperceptibility of the patch. Only the location of the adversarial patch and the possible transformations are considered in , which makes the generated adversarial samples easy to detect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Imperceptible adversarial patch generation method and application
  • Imperceptible adversarial patch generation method and application
  • Imperceptible adversarial patch generation method and application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0119] 1. The present invention attempts to propose a new method of adversarial patching, which attempts to use the interpretability of CNNs to create patch adversarial samples at the semantic level, with the purpose of conducting adversarial training and enhancing the defense capabilities of deep neural networks. The method combines Grad-CAM and optimization techniques to achieve a good balance between adversarial strength and imperceptibility. The present invention improves the adversarial patch method in two aspects: first, the magnitude of the perturbation is greatly reduced, which is almost imperceptible to humans; second, the size of the adversarial patch is significantly reduced.

[0120] 2. The present invention proves the reasonable explanation of Grad-CAM through adversarial examples. The present work shows that adversarial perturbations in CFRs localized by Grad-CAM can effectively fool CNNs. This reveals an important fact that CNNs have the characteristics of huma...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of artificial intelligence security, and discloses a high-strength adversarial patch sample generation method and application, and the method comprises thesteps: firstly calculating an area, which greatly affects a CNNs classification decision, in an image through Grad-CAM, and using the area as a feature contribution area (CFRs) of the image; and positioning the region by using a mask mechanism so that scrambling can be completed in the determined feature contribution area. According to the method, a loss function is redefined to serve as an optimized objective function, then a stochastic gradient descent optimization algorithm is utilized, hyper-parameters are introduced to search for efficient disturbance, and then the adversarial sample based on CFRs can be obtained. According to the method, good balance between countermeasure strength and imperceptibility is realized by only scrambling in a feature contribution area and limiting a disturbance range within a micro range which is difficult to perceive by human eyes, and experimental verification is performed on CIFAR-10 and ILSVRC2012 data sets. The adversarial sample generated by the method is applied to adversarial training, and the deep learning defense capability can be effectively improved.

Description

technical field [0001] The invention belongs to the technical field of artificial intelligence security, and in particular relates to an anti-patch generation method, generation system, equipment, storage medium and application. Background technique [0002] At present, the development of deep learning technology has promoted the successful application of deep neural networks (DNNs) in various fields. Especially the convolutional neural networks (CNNs) among them have shown excellent performance in the field of image classification. However, many existing studies have shown that CNNs are vulnerable to perturbations imperceptible to humans, and such samples with added tiny perturbations are called adversarial examples. Scholars have proposed a variety of techniques for generating adversarial samples, such as L-BFGS, FGSM, I-FGSM, PGD, and C&W. The adversarial samples generated by these techniques can successfully deceive CNNs to make wrong predictions, which limits the appl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N3/04G06N3/08
CPCG06N3/08G06N3/047G06N3/045G06F18/2415G06F18/241
Inventor 钱亚冠王佳敏王滨陶祥兴周武杰云本胜
Owner ZHEJIANG UNIVERSITY OF SCIENCE AND TECHNOLOGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap