Unlock instant, AI-driven research and patent intelligence for your innovation.

System and method with robust classifier defending against patch attacks

A patch and implementation method technology, applied in the field of robust machine learning systems, can solve problems such as long time, no calculation, expensive calculation overhead, etc.

Pending Publication Date: 2022-04-15
ROBERT BOSCH GMBH
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This sliding window approach takes a relatively long time to run
Furthermore, since each image patch is the same size as the original image, such sliding window methods tend to be computationally expensive to process
As another example, there are works that generate image patches by using the ablation process on the entire image such that each patch is the same size as the original image, resulting in unnecessary computation
Furthermore, work utilizing the ablation process has focused on digital attacks where all pixel values ​​may be altered, which is not possible in real-world applications without compromising machine learning systems.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method with robust classifier defending against patch attacks
  • System and method with robust classifier defending against patch attacks
  • System and method with robust classifier defending against patch attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The embodiments described herein have been shown and described by way of example, and their many advantages will be appreciated from the foregoing description, and it will be apparent that the disclosed subject matter is not deviated from or sacrificed for one or more thereof. Various changes may be made to the form, construction, and arrangement of components with this advantage. Indeed, the described forms of these embodiments are merely illustrative. These embodiments are susceptible to various modifications and alternative forms, and the following claims are intended to cover and include such changes, and are not limited to the particular forms disclosed, but cover all modifications that fall within the spirit and scope of this disclosure, Equivalents and Substitutes.

[0024] figure 1 is an illustration of a system 100 configured to include at least a robust classifier 200 with defenses against patch attacks. In this regard, system 100 includes at least sensor s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A system and method relate to providing machine learning prediction with defense against patch attacks. The systems and methods include obtaining a digital image and generating a set of location data via a stochastic process. The set of position data includes randomly selected positions on the digital image, which provide a feasible basis for creating a region for cropping. A set of random clippings is generated based on the set of location data. Each cut-out includes a different region of the digital image, as defined with respect to its corresponding position data. The machine learning system is configured to provide a prediction for each cut in the set of random cuts, and output a set of predictions. The set of predictions is collectively evaluated to determine majority predictions among the set of predictions. An output tag is generated for a digital image based on the majority prediction. The output tag includes the majority prediction as an identifier of the digital image.

Description

[0001] government rights [0002] At least one or more portions of this invention may have been made with government support under US Government Contract No. 1190060-430433 awarded by the Defense Advanced Research Projects Agency (DARPA). Accordingly, the United States Government may have certain rights in this invention. technical field [0003] The present disclosure relates generally to machine learning systems, and more particularly to robust machine learning systems with defenses against patch attacks. Background technique [0004] In general, machine learning systems, such as deep neural networks, are vulnerable to adversarial attacks. These adversarial attacks can include physical attacks on the input data that allow the machine learning system to perturb the predictions provided by the machine learning system. For example, an attacker can use a patch attack such that the classifier is provided with image data with a patch attack where there are arbitrary and unboun...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06V10/764G06V10/774G06V10/82G06V20/56G06K9/62G06N3/04G06N3/08G06N20/00
CPCG06N3/084G06V20/52G06V20/56G06V10/82G06N3/045G06T7/11G06T2207/20084G06T2207/20132G06T2207/20081G06N3/04G06F18/214G06F18/2431
Inventor 林婉怡M·S·诺鲁扎德J·Z·柯尔特施靖豪
Owner ROBERT BOSCH GMBH