Multi-priori-based black box adversarial test sample generation method and device

A technology of adversarial samples and test samples, which is applied in the field of machine learning, can solve problems such as adversarial sample attacks, achieve the effects of reducing the number of samples, speeding up generation, and improving the success rate of attacks

Active Publication Date: 2021-04-16
TSINGHUA UNIV
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Deep learning has achieved groundbreaking progress in many fields, but recent studies have shown that they are vulnerable to adversarial examples

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-priori-based black box adversarial test sample generation method and device
  • Multi-priori-based black box adversarial test sample generation method and device
  • Multi-priori-based black box adversarial test sample generation method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] Embodiments of the present invention are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals designate the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary and are intended to explain the present invention and should not be construed as limiting the present invention.

[0058] At present, there have been works trying to combine the transfer-based black-box method with the score-based black-box method. In the process of stochastic gradient estimation method, the gradient of a proxy model is introduced into the probability distribution of random vectors as prior knowledge. , thereby reducing the expected two-norm error between the estimated gradient and the true gradient.

[0059] Based on the above ideas, the present invention considers the fusion of prior knowledge of multiple channels, better c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multi-prior-based black box adversarial test sample generation method and device. The method comprises the steps of setting a plurality of hyper-parameters required for adversarial sample generation; initializing the adversarial sample and starting iteration; obtaining a plurality of different priors to obtain a group of orthogonal bases; estimating the similarity between the real gradient and each orthogonal vector; optimizing the objective function, and minimizing the expected difference between the estimated gradient and the real gradient; sampling a plurality of random vectors; estimating gradients according to a stochastic gradient estimation method. Therefore, the attack success rate of the neural network can be improved, or under the condition of the same attack success rate, the sampling frequency for estimating the gradient is reduced, and the generation of adversarial samples is accelerated.

Description

technical field [0001] The invention relates to the field of machine learning, in particular to a method and device for generating black-box adversarial test samples based on multiple priors. Background technique [0002] Deep learning has achieved groundbreaking progress in many fields, but recent studies have shown that they are vulnerable to adversarial examples. The so-called adversarial example refers to adding some small perturbations invisible to the naked eye to the normal picture, so that the deep learning model that can work correctly can make prediction errors. The generation methods of adversarial examples include white-box methods and black-box methods. The white-box method needs to assume that we are fully aware of the information of the attacked deep learning model, so as to use the algorithm based on gradient ascent to generate adversarial samples. Black-box methods are mainly divided into score-based black-box methods, decision-based black-box methods, and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36G06N20/00
Inventor 喻文健杨定澄
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap