Method, system, storage medium and equipment for deep neural network countermeasure defense based on feature denoising

A deep neural network and equipment technology, applied in neural learning methods, biological neural network models, mechanical equipment, etc., can solve the problems of poor defense against samples and incomplete denoising, achieve good defense effects and ensure accurate classification The effect of improving the rate and improving the robustness of the confrontation

Active Publication Date: 2022-06-03
哈尔滨泛海科技开发有限公司
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention solves the problem of incomplete denoising in the current adversarial sample defense method using spatial domain filtering for feature denoising, which in turn leads to poor adversarial sample defense effects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, system, storage medium and equipment for deep neural network countermeasure defense based on feature denoising
  • Method, system, storage medium and equipment for deep neural network countermeasure defense based on feature denoising
  • Method, system, storage medium and equipment for deep neural network countermeasure defense based on feature denoising

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach 1

[0057] 2a) Use ResNet34 as the main network architecture and benchmark comparison model.

[0062]

[0063] Among them, θ is the model weight parameter, x is the original clean sample, δ is the adversarial disturbance, and y is the standard of the original clean sample

[0064] 3b) The optimization algorithm used in network training is SGD with momentum, the initial learning rate is set to 0.1, and the

[0074] Figure 2 is a structural diagram of the feature denoising module, which is mainly composed of three parts: 1×1 convolution, residual connection and denoising operation. That

[0076] Figure 4 is a diagram of the FSDResNet34 network model structure, that is, two Figure 2 are embedded in the ResNet34 residual network.

[0079]

[0080]

[0081] where δ represents the standard deviation of the noise, and N represents the signal length or image size, since the

[0084]

[0090]

[0091]

[0095]z

[0099]

[0100]

[0102]

[0105]

[0108]

[0111] In view of the fact that the ...

specific Embodiment approach 2

[0124] Figure 20 is the adversarial sample (PGD) generated by the clean sample in ResNet34, and Figure 21 is the adversarial sample in

specific Embodiment approach 3

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A feature denoising-based deep neural network confrontation defense method, system, storage medium, and device belong to the field of image-based deep learning defense against examples. In order to solve the problem that the current adversarial sample defense method using spatial domain filtering for feature denoising has incomplete denoising, which leads to the problem of poor adversarial sample defense effect. The invention designs a neural network model containing at least one feature denoising module. The feature denoising module includes 1x1 convolution, residual connection unit and denoising operation unit. The denoising operation first performs discrete wavelet transform on the feature map of the middle layer of the model , to separate useful information from noise information, and then perform denoising processing combining frequency domain filtering and spatial domain filtering on the high frequency components containing noise information, and finally reconstruct the feature map. Under the confrontation training, the method of the present invention can significantly improve the confrontation robustness in the face of adversarial sample attacks. Deep neural network adversarial defense mainly for graphs.

Description

Method, system and storage medium for deep neural network adversarial defense based on feature denoising and equipment technical field [0001] The present invention belongs to the field of image-based deep learning against sample defense, and in particular relates to a deep learning based feature denoising A neural network adversarial defense method, system, storage medium and device. Background technique In recent years, with the continuous development of artificial intelligence, deep learning automatically extracts data features, model tables by virtue of its automatic extraction. It has gradually become a research hotspot in the field of artificial intelligence, and is widely used in computer vision, speech recognition, Natural language processing and many other fields. However, artificial intelligence technologies such as deep learning are a double-edged sword. There are also inherent weaknesses. In deep learning techniques for images, attackers add micro- S...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06T7/00G06T5/00G06K9/62G06N3/04G06N3/08G06V10/774G06V10/82
CPCG06T7/0002G06T5/002G06N3/084G06T2207/10004G06T2207/20081G06T2207/20084G06N3/045G06F18/214Y02T10/40
Inventor 董宇欣贾龙飞陈福坤韩爽闫鹏超刘皓梁泉叶润泽
Owner 哈尔滨泛海科技开发有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap