Confrontation sample generation method based on belief attack and salient region disturbance limitation

A technology against sample and regional perturbation, applied in character and pattern recognition, biological neural network models, instruments, etc., can solve problems such as perceptible perturbation, low mobility, etc., to improve visual quality, improve mobility, and reduce confrontation perturbation Effect

Pending Publication Date: 2022-04-26
YANSHAN UNIV
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem to be solved by the present invention is to provide an adversarial sample generation method based on belief attack and significant area disturbance limitation, which can effectively solve the problems of perceptible disturbance and low migration existing in existing adversarial sample generation methods, and facilitate the detection of DNN models Vulnerabilities, as an evaluation index of DNN model security, thereby improving the robustness and security of the DNN model, the generated adversarial samples have low disturbance and high migration

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Confrontation sample generation method based on belief attack and salient region disturbance limitation
  • Confrontation sample generation method based on belief attack and salient region disturbance limitation
  • Confrontation sample generation method based on belief attack and salient region disturbance limitation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] Below in conjunction with embodiment the present invention is described in further detail:

[0051] Such as figure 1 As shown, the main content of the present invention is to propose an adversarial sample generation method based on belief attack and significant area perturbation limit, which can be used to detect the loopholes of DNN model, as an evaluation index of DNN model security, thereby improving DNN Robustness and safety of the model.

[0052] In order to make the technical method of the present invention clear, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0053] Step S1: Provide the original image, where the original image is used as the training data of the DNN model.

[0054] In this embodiment, the original image comes from the ImageNet Validation data set, from which 1000 pictures of different categories are selected, almost all of which can be correctly classified by the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an adversarial sample generation method based on belief attack and salient region disturbance limitation, and relates to the technical field of deep neural networks and the field of computer vision, and the method comprises the following steps: providing an original image and a white box target model, and using a data set containing the original image as a data set, generating a salient region binary mask about an original image by using a class activation mapping technology, and generating global adversarial disturbance by using a belief-based attack method and fusing an iterative fast gradient method; fusing the generated global confrontation disturbance and the salient region binary mask to generate salient region confrontation disturbance; and adding the salient region adversarial disturbance to the input image, iteratively updating until a preset termination condition is reached, and outputting an image adversarial sample of the last iteration as a generated adversarial sample. The adversarial sample generated by the method has low disturbance and high mobility.

Description

technical field [0001] The invention relates to the technical field of deep neural network and the field of computer vision, in particular to an adversarial sample generation method based on belief attack and significant region perturbation limitation. Background technique [0002] The widespread application of deep neural networks has resulted in huge performance improvements in many computer vision tasks, such as image classification, object detection, image segmentation, etc. However, recent studies have found that deep neural networks (Deep Neural Network, DNN) are easily deceived by artificially designed adversarial examples. In 2014, Szegedy et al. first discovered the existence of adversarial examples in the field of image classification, that is, adding small perturbations to the original image will cause the DNN model to misjudge. What's more, these tiny perturbations are also very subtle and imperceptible to the human visual system. This discovery reveals that th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06V10/25G06V10/774G06V10/82G06K9/62G06N3/04
CPCG06N3/045G06F18/214
Inventor 张世辉左东旭杨永亮张晓微王磊
Owner YANSHAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap