Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Adversarial sample generation method and system based on image brightness random transformation

A technology against samples and image brightness, which is applied in the directions of graphic image conversion, image data processing, neural learning methods, etc., can solve the problems of low attack success rate and performance differences, achieve good application prospects, eliminate overfitting, and improve reliability migratory effect

Pending Publication Date: 2021-10-08
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the white box attack scenario, these methods show strong attack capabilities, but in the black box setting, the attack success rate of these methods is relatively low, which can be considered as "overfitting" of the adversarial samples, that is, the same adversarial samples Attack capabilities under white-box and black-box settings are similar to the difference in performance of the same neural network on the training set and the test set

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample generation method and system based on image brightness random transformation
  • Adversarial sample generation method and system based on image brightness random transformation
  • Adversarial sample generation method and system based on image brightness random transformation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In order to make the purpose, technical solutions and advantages of the present invention more clear and understandable, the present invention will be described in further detail below in conjunction with the accompanying drawings and technical solutions.

[0025] The deep neural network is vulnerable to adversarial samples. This kind of adversarial sample is to add noise that is almost invisible to human vision on the original input image, so that the deep neural network can be misclassified, which poses a threat to the deep neural network. Therefore, before the deployment of deep neural networks, adversarial attacks can be used as an important method to evaluate the robustness of the model. However, in the case of black boxes, the attack success rate of adversarial samples needs to be improved, that is, the transferability of adversarial samples needs to be improved. An embodiment of the present invention provides a method for generating an adversarial example based o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of computer visual image recognition, and particularly relates to an adversarial sample generation method and system based on image brightness random transformation, and the method comprises the steps of collecting sample data used for visual image classification recognition, including an input image and label data corresponding to the input image; constructing a deep neural network model for generating an adversarial sample; performing data enhancement through random transformation of sample data input image brightness, solving a network model by using a momentum iteration FGSM image confrontation algorithm, searching confrontation disturbance in an input gradient direction of a target loss function, performing infinite norm limitation on the confrontation disturbance, and forming adversarial samples by maximizing a target loss function of the sample data on the network model. According to the invention, the image brightness random transformation is introduced into the adversarial attack, so that the overfitting in the adversarial sample generation process is effectively eliminated, the success rate and mobility of the adversarial sample attack are improved, and a good foundation is laid for constructing a more robust image classification and recognition system.

Description

technical field [0001] The invention belongs to the technical field of computer vision image recognition, in particular to a method and system for generating an adversarial sample based on random transformation of image brightness. Background technique [0002] In the field of image recognition, the experimental results on some standard test sets show that the recognition ability of deep neural network can reach the level beyond that of human beings. However, while deep learning brings great convenience to people, it also has some security problems. For an abnormal input, whether the deep neural network can still get satisfactory results, and the hidden security issues have gradually attracted people's attention. Deep neural networks have been shown to be vulnerable to adversarial examples, which are generated by adding additional perturbations imperceptible to humans to the original input image to cause the model to misclassify. Usually, adversarial examples have a certai...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06N3/04G06N3/08G06K9/62G06T3/00
CPCG06N3/08G06N3/045G06F18/214G06F18/241G06T3/04
Inventor 张恒巍杨博刘小虎张玉臣王衡军王晋东谭晶磊
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com