Deep neural network confrontation and defense method and system based on feature denoising, storage medium and equipment

A technology of deep neural network and storage medium, which is applied in the field of deep neural network confrontation defense based on feature denoising, can solve the problems of poor anti-sample defense effect and incomplete denoising, achieve good defense effect and ensure classification accuracy , improve the effect of adversarial robustness

Active Publication Date: 2021-08-06
哈尔滨泛海科技开发有限公司
View PDF11 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention solves the problem of incomplete denoising in the current adversarial sample defense method using spatial domain filtering for feature denoising, which in turn leads to poor adversarial sample defense effects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Deep neural network confrontation and defense method and system based on feature denoising, storage medium and equipment
  • Deep neural network confrontation and defense method and system based on feature denoising, storage medium and equipment
  • Deep neural network confrontation and defense method and system based on feature denoising, storage medium and equipment

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach 1

[0051]This embodiment is a feature denoising-based deep neural network confrontation defense method. This method combines frequency domain filtering and space domain filtering, and designs and implements a new convolutional neural network FSDCNN (Frequency and Space Denoising Convolutional Neural Network) to defend against adversarial sample attacks, which not only ensures the classification accuracy of the model on the clean test set, but also significantly improves the robustness of the model in the face of adversarial sample attacks.

[0052] A kind of feature denoising-based deep neural network confrontation defense method described in this embodiment comprises the following steps:

[0053] 1) Make a mixed training set

[0054] 1a) Select 50,000 images with a size of 32x32 in the CIFAR10 dataset as a clean sample set, which includes a clean training set and a clean test set.

[0055] 1b) Use the PGD adversarial sample generation algorithm to attack the clean sample set in...

specific Embodiment approach 2

[0126] This embodiment is a feature denoising-based deep neural network defense system, and the system is used to implement a feature denoising-based deep neural network defense method.

specific Embodiment approach 3

[0128] This embodiment is a storage medium, and at least one instruction is stored in the storage medium, and the at least one instruction is loaded and executed by a processor to implement a feature denoising-based deep neural network countermeasure defense method.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a feature denoising-based deep neural network adversarial defense method and system, a storage medium and equipment, and belongs to the field of image-based deep learning adversarial sample defense. The objective of the invention is to solve the problem of poor confrontation sample defense effect caused by incomplete denoising of the confrontation sample defense method using spatial domain filtering to perform feature denoising at present. A neural network model containing at least one feature denoising module is designed, the feature denoising module comprises a 1 * 1 convolution, a residual connection unit and a denoising operation unit, in the denoising operation, discrete wavelet transform is carried out on a model intermediate layer feature map, useful information and noise information are separated, then denoising processing combining frequency domain filtering and spatial domain filtering is carried out on the high-frequency component containing noise information, and finally a feature map is reconstructed. According to the method provided by the invention, under adversarial training, the adversarial robustness when the adversarial sample attack is faced can be remarkably improved. The method is mainly used for graph deep neural network confrontation defense.

Description

technical field [0001] The invention belongs to the field of image-based deep learning adversarial sample defense, in particular to a feature denoising-based deep neural network adversarial defense method, system, storage medium and equipment. Background technique [0002] In recent years, with the continuous development of artificial intelligence, deep learning has gradually become a research hotspot in the field of artificial intelligence due to its characteristics such as automatic extraction of data features and strong model expression ability, and has been widely used in computer vision, speech recognition, natural language processing, etc. Numerous fields. However, artificial intelligence technology such as deep learning is a double-edged sword. While it performs well, it also has inherent weaknesses. In the deep learning technology for images, the attacker can generate adversarial samples that can make the target neural network model misclassify with high confidence ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06T7/00G06T5/00G06K9/62G06N3/04G06N3/08
CPCG06T7/0002G06T5/002G06N3/084G06T2207/10004G06T2207/20081G06T2207/20084G06N3/045G06F18/214Y02T10/40
Inventor 董宇欣贾龙飞陈福坤韩爽闫鹏超刘皓梁泉叶润泽
Owner 哈尔滨泛海科技开发有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap