Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Adversarial sample generation method

A technology against samples and images, applied in the field of pattern recognition, can solve problems such as limiting network knowledge, not knowing parameters or training data, and achieving high usability

Pending Publication Date: 2022-04-29
NANJING UNIV OF POSTS & TELECOMM
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The second direction is that the adversary restricts the knowledge of the network so that it cannot only observe the output of the network on some probe inputs
This black-box model is a more realistic and applicable threat model, but it is also more challenging because it considers a weak adversary with no knowledge of the network architecture, parameters, or training data

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample generation method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] see figure 1 , this embodiment provides a method for generating an adversarial sample according to the present invention, including the following steps,

[0024] Step S1, input image I, normalize the image, the size of the normalized image is the same as the original image, all the coordinates of the normalized image are in the range of [LB, UB], LB and UB are two constants, and LB0; with T ∈ R l×w×h Represents the space of all valid images satisfying the above properties; for each I∈T, all coordinates in the image satisfy: (b,x,y)∈[l]×[w]×[h],I(b,x ,y)∈[LB,UB];

[0025] Step S2, the classification label is C(I)∈{1,...,C}, p and r are the perturbation coefficients, the side length of the image neighborhood search radius is 2d, the maximum number of iterations is R, and the selected The number of pixels is t;

[0026] Step S3, randomly select 10% of the pixels, and initialize the set (P x ,P y ), (P x ,P y ) i is a group of pixel positions; the first round (P x ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an adversarial sample generation method, which is used for generating an adversarial sample for identifying and classifying errors of a target image according to related pixel points extracted from the image and disturbing pixels at adjacent positions on the basis of disturbing key pixel adjacent regions and a greedy local search technology. According to the method, key pixel points in the image are extracted, the neighborhood of the key pixel points is disturbed, and tiny disturbance is constructed through a greedy local search method, so that error classification of the image is realized. The method is simple and effective, and can be used as a trial stone for designing a robust network.

Description

technical field [0001] The invention belongs to the technical field of pattern recognition, and in particular relates to a method for generating an adversarial sample. Background technique [0002] Deep neural networks are powerful and popular learning models that achieve state-of-the-art pattern recognition performance in many computer vision, speech, and language processing tasks. However, these networks are also vulnerable to carefully designed adversarial perturbations that lead to misclassification of inputs, adversarial examples are adversaries disrupting expected system behavior, leading to undesired outcomes, and may occur when these systems are deployed to the real world. pose a security risk. [0003] Based on different assumptions about the adversarial knowledge of the target network, the research on adversarial attacks mainly has two directions. The first direction assumes that the adversary has detailed knowledge of the network architecture and parameters resu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06V10/764G06V10/82G06K9/62
CPCG06F18/2415
Inventor 黄伟章韵
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com