Unlock instant, AI-driven research and patent intelligence for your innovation.

Adversarial sample generation method and system based on general disturbance

A technology against samples and sample images, applied in the field of machine learning, can solve problems such as high time cost, ViTs influence, wrong prediction results, etc., and achieve the effect of improving generation efficiency, anti-interference ability and robustness

Active Publication Date: 2021-11-09
SHANGHAI UNIV
View PDF16 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, recent studies have found that ViTs are still vulnerable to adversarial noise, resulting in erroneous predictions.
Since the ViTs model requires a large amount of data in the training phase, it takes a high time cost to generate corresponding adversarial samples for each training sample, so it is difficult to effectively deploy effective adversarial training.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample generation method and system based on general disturbance
  • Adversarial sample generation method and system based on general disturbance
  • Adversarial sample generation method and system based on general disturbance

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0056] The purpose of the present invention is to provide a general perturbation-based adversarial sample generation method and system for classifiers such as ViT (Vision Transformer) that need to rely on large-scale data set training. The inherited attention weight matrix in the child, according to the inherited attention weight matrix, optimizes the perturbed image to obtain the best general perturbation, and then linearly adds the best general perturbation t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an adversarial sample generation method and system based on general disturbance, and belongs to the field of machine learning, and the method comprises the steps: obtaining a training sample set; randomly initializing an initial disturbance image of which the size is the same as that of an output image of the ViT model, wherein the ViT model comprises a plurality of same units, and each unit comprises a plurality of attention operators; performing iterative optimization on the initial disturbance image according to the training sample set and each attention operator of the ViT model to obtain an optimal general disturbance image; and adding the optimal general disturbance linearity to a sample image in the to-be-trained sample set to obtain a corresponding ultimate confrontation image. On the premise of not influencing the visual effect, a normal training sample is converted into an adversarial sample, and the final adversarial sample is adopted to train the ViT model, so that the anti-interference capability and robustness of the model can be improved.

Description

technical field [0001] The present invention relates to the field of machine learning, in particular to a method and system for generating an adversarial example based on general perturbation. Background technique [0002] With the maturity of deep learning technology, models based on neural networks are widely used in various classification tasks, such as classifying images, classifying text, classifying speech, etc. Convolutional neural networks have the characteristics of local perception and weight sharing, and play an important role in computer vision. But in recent years, a large number of studies have found that they are very vulnerable to adversarial noise: embedding human-imperceptible disturbances in the input can easily mislead the model's decision-making. In practical applications, in order for the model to make correct decisions on objects that contain disturbances, the model needs to have strong anti-disturbance capabilities. Adversarial learning is currently...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06N3/04G06N3/08
CPCG06N3/084G06N3/045Y02T10/40
Inventor 胡浩棋孙广玲陆小锋张天行钟宝燕
Owner SHANGHAI UNIV