Unlock instant, AI-driven research and patent intelligence for your innovation.

Deep learning sample-level adversarial attack defense method and device based on neuron activation pattern

A deep learning and activation mode technology, applied in the field of information security, can solve problems such as classification errors, difficult to effectively defend against attacks, unfavorable deployment stage applications, etc., and achieve good applicability

Active Publication Date: 2022-05-17
ZHEJIANG UNIV OF TECH +1
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

These defense methods, to a certain extent, change the feature extraction capabilities of the model for samples, so that the model can re-identify the correct perceptual characteristics of the samples, and the cost will be very huge and not conducive to the application in the deployment stage.
In addition, deep learning models may have a common perturbation that causes classification errors by generating perturbations that cross all class classification boundaries
Traditional defense methods are difficult to effectively defend against such attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Deep learning sample-level adversarial attack defense method and device based on neuron activation pattern
  • Deep learning sample-level adversarial attack defense method and device based on neuron activation pattern
  • Deep learning sample-level adversarial attack defense method and device based on neuron activation pattern

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, and do not limit the protection scope of the present invention.

[0019] In order to prevent the adversarial attack from affecting the target recognition result during target recognition, the embodiment provides a deep learning sample-level adversarial attack defense method and device based on neuron activation mode, which extracts the neuron activation by extracting the features of the original image sample mode, the defense perturbation is calculated by the gradient of the loss function including the neuron activation mode, and the defense of the model is realized by superimposing the defense perturbation on the adversarial samples. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a deep learning sample-level confrontation attack defense method based on a neuron activation pattern and a device thereof, comprising the following steps: constructing a deep learning model for target recognition, the deep learning model including a convolution layer, a pooling layer and Classification layer; extract the feature map from the network layer of the deep learning model to construct the neuron activation pattern, the neuron activation pattern and the cross entropy function form the loss function; when using normal image samples to train the deep learning model, the constructed loss function is used to optimize The parameters of the deep learning model; according to the gradient of the loss function, the pixel increment is obtained as the disturbance for defending against attacks; when using the deep learning model with parameter optimization for target recognition, the image to be recognized is added with disturbance and input to the deep learning model, after calculation Get the target recognition result. This method can effectively defend against various adversarial attacks without affecting the correct rate of normal samples.

Description

technical field [0001] The invention belongs to the field of information security, and in particular relates to a deep learning sample-level confrontation attack defense method and a device thereof based on neuron activation patterns. Background technique [0002] Deep learning defines a new data-driven programming paradigm, which uses a set of training data to construct the internal system logic of the neuron network, and learns the internal laws and representation levels of the data from the sample data, which can obtain better than general algorithms. More accurate classification results with strong feature expression ability. Due to the ability of deep learning to match or even exceed human performance, it has been widely used in many safety-critical scenarios. In principle, deep learning models need strong robustness and security in order to well resist any potential risks. [0003] However, deep learning itself lacks interpretability, which means it is vulnerable to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06K9/62G06N3/04G06N3/08G06V10/764G06V10/82
CPCG06F21/55G06N3/084G06N3/045G06F18/241
Inventor 陈晋音金海波鲍亮
Owner ZHEJIANG UNIV OF TECH