Target detection-oriented physical attack adversarial patch generation method and system

A target-oriented, physical attack technology, applied in the field of computer vision, which can solve the problems of low flexibility and low concealment of confrontation patches.

Pending Publication Date: 2021-09-07
ZHEJIANG UNIV OF TECH
View PDF1 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention overcomes the disadvantages of weak concealment and low flexibility of the anti-patch generated by the prior art, and provides an effective target detection anti-attack algorithm that can be applied in the physical world

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Target detection-oriented physical attack adversarial patch generation method and system
  • Target detection-oriented physical attack adversarial patch generation method and system
  • Target detection-oriented physical attack adversarial patch generation method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0055] refer to Figure 1 ~ Figure 3 , a method for generating a physical attack resistance patch for target detection, the steps are as follows:

[0056] S1: Generate a rectangular confrontation patch with random pixel values, including:

[0057] Generate a single-channel adversarial patch block of size 30×30, and the pixel values ​​are filled with random numbers from 0-255.

[0058] S2: Robustness processing against patches, including:

[0059] To improve the robustness of the adversarial patch in physical environments, the patch is rotated, noise is randomly added, and brightness is randomly changed.

[0060] S3: Initialize the mask matrix:

[0061] S3.1: In order to achieve good concealment and set the confrontation patch to a specified shape, a mask matrix is ​​added, the size of which is the same as the resolut...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a target detection-oriented physical attack adversarial patch generation method. The method comprises the following steps of: (1) generating a rectangular adversarial patch with random pixel values; (2) carrying out robustness processing on the adversarial patch; (3) initializing a mask matrix; (4) applying the adversarial patch to a training set; (5) extracting real category confidence from a result; (6) designing a loss function and calculating loss; (7) calculating the gradient, then updating the adversarial patch, and circulating the step 2 to the step 7 until the maximum number of iterations is reached or the attack success rate reaches a threshold value; (8) printing the patch, and carrying out physical environment testing. The invention further comprises a target detection-oriented physical attack adversarial patch generation system, which consists of an adversarial patch application module, a target detection module, a loss calculation module and an adversarial patch updating module. According to the invention, the patch shape can be self-defined, the gradient is solved according to a designed loss function, the adversarial patch is updated, and finally a physical environment test is performed.

Description

technical field [0001] The invention relates to the field of computer vision, in particular to a method for generating a physical attack resistance patch for target detection. Background technique [0002] With the continuous development of deep learning, deep learning has been widely used in speech recognition, malware detection, target detection and recognition, image recognition, unmanned driving, face recognition and other fields. It brings great convenience to life and effectively improves people's living standards. But while deep learning brings convenience to people's lives, it also brings many potential dangers. Attackers can find the weaknesses of the model by analyzing the characteristics of the deep learning model, and use well-designed rules to evade the detection of the model, so there are major security risks and even serious harm. [0003] In the field of computer vision research, theories and methods in the fields of image processing and pattern recognition...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N3/08
CPCG06N3/084G06F18/241G06F18/214
Inventor 翔云韩瑞鑫陈其军宋栩杰周洁韵张璐刘壮壮陈作辉
Owner ZHEJIANG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap