System and method for detecting and purifying adversarial patch for artificial intelligence maritime object recognition

The marine object recognition AI system addresses vulnerabilities to adversarial attacks by processing images in the frequency domain, combining models for robust detection and correction, and enhancing model performance through learning, effectively mitigating threats and improving recognition accuracy.

WO2026142380A1PCT designated stage Publication Date: 2026-07-02HANWHA OCEAN CO LTD (KR) +1

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
HANWHA OCEAN CO LTD (KR)
Filing Date
2025-12-26
Publication Date
2026-07-02

AI Technical Summary

Technical Problem

Maritime AI systems are vulnerable to adversarial attacks, including poisoning, backdoors, and patches, which can cause catastrophic damage due to the reliance on open-source models lacking security considerations, and existing technologies fail to effectively detect and mitigate these threats.

Method used

A marine object recognition AI system that processes images in the frequency domain using a Fourier transform to emphasize or filter high-frequency components, combines an object recognition model with an adversarial attack detection model for robust detection, and includes a purification unit to correct image distortions and a reinforcement learning unit to enhance model performance.

Benefits of technology

Effectively detects and purifies adversarial attacks, enhancing the accuracy and reliability of object recognition by correcting image distortions and continuously updating the model to improve resilience against such threats.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure KR2025022903_02072026_PF_FP_ABST
    Figure KR2025022903_02072026_PF_FP_ABST
Patent Text Reader

Abstract

The present invention relates to a system and method for detecting and purifying an adversarial patch for artificial intelligence maritime object recognition. Proposed are the system and method for detecting and purifying an adversarial patch for artificial intelligence maritime object recognition, which can: detect an adversarial attack by processing an image in a frequency domain; select malicious image data selected by comparing results between a detection model and an existing object recognition tool; and then provide robust object recognition that evolves through learning, thereby providing more effective object recognition.
Need to check novelty before this filing date? Find Prior Art

Description

Maritime Object Recognition Artificial Intelligence Adversarial Patch Detection and Cleanup System and Method

[0001] The present invention relates to a marine object recognition artificial intelligence adversarial patch detection and purification system and method.

[0002] In the past, most maritime systems have been becoming automated due to social issues such as rising labor costs and a shrinking supply of specialized maritime personnel.

[0003] For example, in the case of a ship's engine room, while humans previously monitored malfunctions manually and responded to them one by one, now priority measures are taken based on alarms generated in the monitoring room. In line with this societal trend, technologies utilizing AI video object recognition are becoming increasingly common on ships recently.

[0004] Representative examples include fire monitoring and collision detection using conventional AI CCTV.

[0005] However, most of these technologies use YOLO, an open-source object recognition AI model available on the internet, and since the primary purpose of CCTVs to which these technologies are applied is technical implementation, there was a problem in that they could not respond to various cyber threats, including adversarial attacks targeting the AI ​​model.

[0006] In addition, while video object recognition technology is very effective and convenient, there were issues such as the reliance on open-source models and the lack of consideration for security, as the primary objective was current feature implementation.

[0007] Furthermore, while poisoning was the primary directional threat of adversarial attacks by AI models in the past, the current trends are becoming more diverse and lethal, encompassing not only poisoning but also backdoors and patches. In particular, backdoors can be triggered under specific conditions and operate normally under normal circumstances; this poses a problem in that malicious attackers can cause catastrophic damage when using open-source models.

[0008] Korean Patent Publication No. 10-2023-0077441 (June 1, 2023) is disclosed as a related prior art.

[0009] The objective of the present invention is to provide a marine object recognition artificial intelligence adversarial patch detection and purification system and method capable of detecting and purifying adversarial attacks through processing of the frequency domain of an image.

[0010] Another objective of the present invention is to provide a marine object recognition artificial intelligence adversarial patch detection and purification system and method capable of providing more effective object recognition by selecting malicious image data through result comparison between a detection model and an existing object recognition tool, and then providing evolving robust object recognition through learning.

[0011] A marine object recognition artificial intelligence adversarial patch detection and purification system according to one aspect of the present invention for achieving the above technical objectives may include: an image storage unit that stores images collected through an image collection unit that collects images of marine objects in real time; a high-frequency filter image processing unit that emphasizes or filters high-frequency components for images stored in the image storage unit; a detection unit that selects areas suspected of attack and detects distorted information and patches caused by adversarial attacks by comparing results between an object recognition model that inputs images stored in the image storage unit and outputs object recognition results and an adversarial attack detection model that inputs images filtered through the high-frequency filter image processing unit and outputs results detecting whether an attack has occurred; and a purification unit that mosaics the parts detected when patches are detected through the detection unit.

[0012] In addition, in a marine object recognition artificial intelligence adversarial patch detection and purification system according to one aspect of the present invention, the high-frequency filter image processing unit can convert an image stored in the image storage unit into the frequency domain using a Fourier transform and then emphasize or filter high-frequency components.

[0013] In addition, in a marine object recognition artificial intelligence adversarial patch detection and purification system according to one aspect of the present invention, the detection unit determines an area in a high-frequency filter image where the boundary width is narrow compared to the original image and boundary components are locally concentrated as an aggregation boundary, and can detect the aggregation boundary area as an adversarial patch.

[0014] In addition, in a marine object recognition artificial intelligence adversarial patch detection and purification system according to one aspect of the present invention, the purification unit can correct image distortion to minimize the impact of a detected adversarial attack, mosaic the changes caused by the attack, or restore it to a normal state.

[0015] In addition, in a marine object recognition artificial intelligence adversarial patch detection and purification system according to one aspect of the present invention, the adversarial patch detection and purification system may further include a reinforcement learning unit that continuously updates an object recognition model using selected malicious image data and improves the performance of the model.

[0016] In addition, in a marine object recognition artificial intelligence adversarial patch detection and purification system according to one aspect of the present invention, the reinforcement learning unit is configured to use the object recognition result compared and fused through the detection unit as a state, and to update the learning parameters of the object recognition model by using the degree of improvement in object recognition performance according to the state as a reward, thereby enabling the derivation of more accurate and improved object recognition results.

[0017] In addition, a method for detecting and purifying adversarial patches using artificial intelligence for marine object recognition according to another aspect of the present invention may include: an image storage step in which an image collected through an image collection unit that collects images of marine objects in real time is stored in an image storage unit; a high-frequency filter image processing step in which high-frequency components are emphasized or filtered through a high-frequency filter image processing unit for an image stored in the image storage step; a detection step in which an object recognition model that outputs an object recognition result by inputting an image stored in the image storage step and an adversarial attack detection model that outputs an adversarial attack detection result by inputting an image filtered through the high-frequency filter image processing step are compared to select an area suspected of attack in a detection unit and detect distorted information and patches caused by an adversarial attack; and a purification step in which, when distorted information and patches are detected through the detection step, the parts detected in a purification unit are mosaiced.

[0018] In addition, in a marine object recognition artificial intelligence adversarial patch detection and purification method according to another aspect of the present invention, the high-frequency filter image step can convert an image stored in the image storage unit into the frequency domain using a Fourier transform and then emphasize or filter high-frequency components.

[0019] In addition, in a method for detecting and purifying adversarial patches using artificial intelligence for maritime object recognition according to another aspect of the present invention, the detection step determines an area in a high-frequency filter image where the boundary width is narrow compared to the original image and boundary components are locally concentrated as an aggregation boundary, and can detect the aggregation boundary area as an adversarial patch.

[0020] In addition, in a method for detecting and purifying adversarial patches using artificial intelligence for maritime object recognition according to another aspect of the present invention, the purification step may correct image distortion to minimize the impact of detected adversarial attacks, mosaic the changes caused by the attacks, or restore them to a normal state.

[0021] In addition, in a marine object recognition artificial intelligence adversarial patch detection and purification method according to another aspect of the present invention, after the purification step, a learning step may be further included in which an object recognition model is continuously updated using malicious image data selected through a learning unit and the performance of the model is improved.

[0022] In addition, in a marine object recognition artificial intelligence adversarial patch detection and purification method according to another aspect of the present invention, the learning step is configured to use the object recognition result compared and fused through the detection step as a state, and to update the learning parameters of the object recognition model by using the improvement in object recognition performance according to the state as a reward, thereby enabling the derivation of more accurate and improved object recognition results.

[0023] According to the present invention, it has the effect of detecting and purifying adversarial attacks through processing of the frequency domain of an image.

[0024] In addition, according to the present invention, malicious image data selected by comparing results between a detection model and an existing object recognition tool is selected, and then evolved robust object recognition is provided through learning, thereby providing the effect of providing more effective object recognition.

[0025] Figure 1 is a diagram illustrating the content regarding maritime object recognition and adversarial attacks.

[0026] FIG. 2 is a diagram showing the configuration of a marine object recognition artificial intelligence adversarial patch detection and purification system according to the present invention.

[0027] FIG. 3 is a diagram showing adversarial patch detection according to an embodiment of the maritime object recognition artificial intelligence adversarial patch detection and purification system according to the present invention.

[0028] FIG. 4 is a flowchart showing the flow of a marine object recognition artificial intelligence adversarial patch detection and purification method according to the present invention.

[0029] Detailed information regarding the purpose, technical configuration, and the resulting operation and effects of the present invention will be more clearly understood through the detailed description based on the drawings attached to the specification of the present invention.

[0030] The terms used in this specification are used merely to describe specific embodiments and are not intended to limit the invention. For example, terms such as "composed of" or "comprising" used in this specification should not be interpreted as necessarily including all of the various components or steps described in the invention, but should be interpreted as excluding some of the components or steps, or potentially including additional components or steps. Furthermore, singular expressions used in this specification include plural expressions unless the context clearly indicates otherwise.

[0031] The present invention will be described in detail below by explaining preferred embodiments with reference to the attached drawings. The embodiments described below are provided to enable those skilled in the art to easily understand the technical concept of the present invention, and should not be interpreted as limiting the present invention; it is obvious to those skilled in the art that the embodiments of the present invention can have various applications.

[0032] With reference to FIGS. 1 to 4, we will examine the marine object recognition artificial intelligence adversarial patch detection and purification system and method according to the present invention.

[0033] As illustrated in Fig. 1, when using an open source model for maritime object recognition AI adversarial patch detection, a malicious attacker can tamper with the model by adding aggressive samples to the training data to plant a backdoor, thereby allowing poisoning attacks and backdoor attacks during object recognition of ships or marine structures.

[0034] Furthermore, attackers can perform patch attacks by analyzing the model's gradients and adding physically invisible patches to images to mislead the object recognition model. This can significantly reduce the model's accuracy.

[0035] A marine object recognition artificial intelligence hostile patch detection and purification system (100) according to one aspect of the present invention for solving this problem, with reference to FIG. 2, may include an image storage unit (115) that stores images collected through an image collection unit such as a CCTV (110) that collects images of marine objects in real time, a high-frequency filter image processing unit (120) that emphasizes or filters high-frequency components on images stored in the image storage unit (115), an object recognition model (131) that inputs images stored in the image storage unit (115) and outputs object recognition results, and a hostile attack detection model (132) that inputs images with high-frequency components emphasized or filtered through the high-frequency filter image processing unit (120) and detects whether a hostile attack is present and outputs results, a detection unit (140) that selects areas suspected of attack and detects distorted information and patches caused by hostile attacks, and a purification unit (150) that mosaics the parts detected when a patch is detected through the detection unit (140).

[0036] In addition, the high-frequency filter image processing unit (120) can convert the image stored in the image storage unit (115) into the frequency domain using a Fourier Transform and then emphasize or filter high-frequency components.

[0037] In other words, by analyzing image characteristics in the frequency domain, distorted information caused by adversarial attacks can be effectively detected. This allows existing object recognition models to complement their vulnerabilities to adversarial attacks.

[0038] Additionally, the detection unit (140) can detect patch attacks through integrated boundary detection using the characteristics of the patch.

[0039] By comparing the results between the existing object recognition model (131) and the adversarial attack detection model (132), more accurate and reliable object recognition can be provided. By fusing the results of the two models, parts suspected of being an attack can be selected and corrected, and an enhanced object recognition model can be provided.

[0040] Additionally, the purification unit (150) can correct image distortion to minimize the impact of hostile attacks detected through the detection unit (140), mosaic the changes caused by the attack, or restore it to a normal state.

[0041] Additionally, the adversarial patch detection and purification system (100) may further include a reinforcement learning unit (130) that continuously updates an object recognition model (131) using selected malicious image data and improves the performance of the model.

[0042] In addition, in a marine object recognition artificial intelligence adversarial patch detection and purification system according to one aspect of the present invention, the reinforcement learning unit (130) can compare the results between an existing object recognition model (131) and an adversarial attack detection model (132) through the detection unit (140) and fuse the two results to derive a more accurate and improved object recognition result.

[0043] At this time, the overall hostile attack, such as a patch attack, can be detected by analyzing the slope of the object recognition model (131) through the hostile attack detection model (132).

[0044] In addition, a more improved adversarial attack detection model (132) can be provided by enabling reinforcement learning in the reinforcement learning unit (130) based on data regarding adversarial patch attacks stored in the patch attack storage unit (160).

[0045] Accordingly, according to the present invention, the threat of poisoning backdoor attacks that may occur through an open source model is effectively detected, and by analyzing the gradient of the model, various adversarial attacks such as patch attacks are detected and can be responded to.

[0046] Referring to FIG. 3, FIG. 3(a) shows the original image, FIG. 3(b) shows the initial high-frequency filter image processed image, and FIG. 3(c) shows the enhanced high-frequency filter image processed image.

[0047] Figures 3(d) to 3(f) show that, when compared to the original image, the patch attack can be detected with the characteristic that the boundary is formed narrowly in the case of the patch attack.

[0048] Referring to FIG. 4, a method for detecting and purifying adversarial patches using artificial intelligence for marine object recognition according to another aspect of the present invention may include: an image storage step (S110) in which an image collected through an image collection unit that collects images of marine objects in real time is stored in an image storage unit; a high-frequency filter image processing step (S120) in which high-frequency components are emphasized or filtered through a high-frequency filter image processing unit for the image stored in the image storage step (S110); a detection step (S130) in which the filtered image through the high-frequency filter image processing step (S120) is compared with the results between an object recognition model and an adversarial attack detection model to select an area suspected of attack in a detection unit and detect distorted information and patches caused by adversarial attacks; and a purification step (S140) in which the parts detected by a purification unit are mosaiced when distorted information and patches are detected through the detection step (S130).

[0049] Additionally, the high-frequency filter image step (S120) can convert the image stored in the image storage unit into the frequency domain using a Fourier transform and then emphasize or filter high-frequency components.

[0050] Additionally, the detection step (S130) can detect the patch through integrated boundary detection using the characteristics of the patch.

[0051] Additionally, the purification step (S140) can correct image distortion to minimize the impact of the hostile attack detected through the detection step (S13), mosaic the changes caused by the attack, or restore it to a normal state.

[0052] Additionally, after the purification step (S140), the method may further include a reinforcement learning step (S150) that continuously updates the object recognition model (131) using malicious image data selected through the reinforcement learning unit (130) and improves the performance of the model.

[0053] In addition, the reinforcement learning step (S150) can compare the results between the existing object recognition model and the adversarial attack detection model through the detection step (S130) and fuse the two results to derive a more accurate and improved object recognition result.

[0054] Accordingly, according to the present invention, it has the effect of detecting and purifying adversarial attacks through processing of the frequency domain of an image.

[0055] In addition, according to the present invention, malicious image data selected by comparing results between a detection model and an existing object recognition tool is selected, and then evolved robust object recognition is provided through learning, thereby providing the effect of providing more effective object recognition.

[0056] The embodiments according to the present invention described above may be implemented in the form of program instructions that can be executed through various computer components and recorded on a computer-readable recording medium. The computer-readable recording medium may include program instructions, data files, data structures, etc., either individually or in combination. The program instructions recorded on the computer-readable recording medium may be those specifically designed and configured for the present invention or those known and available to those skilled in the art of computer software. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes; optical recording media such as CD-ROMs and DVDs; magneto-optical media such as floptical disks; and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, and flash memory. Examples of program instructions include machine code, such as that generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter, etc. Hardware devices may be modified into one or more software modules to perform processing according to the present invention, and vice versa.

[0057] The embodiments described above are provided to enable those skilled in the art to easily understand the technical concept of the present invention, and should not be interpreted as limiting the present invention. It is obvious to those skilled in the art that the embodiments of the present invention can be modified and varied in various ways without departing from the spirit and scope of the present invention. Accordingly, such modifications or variations should be deemed to fall within the scope of the claims of the present invention.

[0058] 100: Maritime Object Recognition AI Adversarial Patch Detection and Cleanup System

[0059] 110: Video Acquisition Unit

[0060] 115: Video storage unit

[0061] 120: High-frequency filter image processing unit

[0062] 130: Reinforcement Learning Unit

[0063] 131: Object Recognition Models and

[0064] 132: Adversarial Attack Detection Model

[0065] 140: Detection unit

[0066] 150: Purification Department

[0067] 160: Patch Attack Storage

Claims

1. An image storage unit that stores images collected through an image acquisition unit that collects images of the sea in real time; A high-frequency filter image processing unit that emphasizes or filters high-frequency components for an image stored in the above image storage unit; A detection unit that selects areas suspected of attack and detects distorted information and patches caused by hostile attacks by comparing results between an object recognition model that outputs an object recognition result by inputting an image stored in the image storage unit and a hostile attack detection model that outputs a result of detecting whether a hostile attack is present by inputting an image filtered through the high-frequency filter image processing unit; and A marine object recognition artificial intelligence adversarial patch detection and purification system comprising a purification unit that mosaics the detected portion when a patch is detected through the detection unit.

2. In Claim 1, The above high-frequency filter image processing unit is, A marine object recognition artificial intelligence adversarial patch detection and purification system that converts an image stored in the above-mentioned image storage unit into the frequency domain using a Fourier transform, and then emphasizes or filters high-frequency components.

3. In Claim 1, The above detection unit is, A marine object recognition AI adversarial patch detection and purification system that determines as an aggregation boundary an area in a high-frequency filter image where the boundary width is narrow compared to the original image and boundary components are locally aggregated, and detects the aggregation boundary area as an adversarial patch.

4. In Claim 1, The above purification unit is, A marine object recognition AI adversarial patch detection and purification system that corrects image distortion and mosaics changes caused by attacks or restores them to a normal state to minimize the impact of detected adversarial attacks.

5. In Claim 1, The above hostile patch detection and purification system is, A marine object recognition artificial intelligence adversarial patch detection and purification system that includes a reinforcement learning unit that continuously updates an object recognition model using selected malicious image data and improves the performance of said model.

6. In Claim 5, The above reinforcement learning unit is, A marine object recognition artificial intelligence adversarial patch detection and purification system configured to use object recognition results compared and fused through a detection unit as a state, and to update the learning parameters of an object recognition model by using the degree of improvement in object recognition performance according to the state as a reward, thereby deriving more accurate and improved object recognition results.

7. An image storage step of storing images collected through an image acquisition unit that collects images of the sea in real time in an image storage unit; A high-frequency filter image processing step for emphasizing or filtering high-frequency components through a high-frequency filter image processing unit for an image stored in the above image storage step; A detection step for selecting areas suspected of attack in a detection unit and detecting distorted information and patches caused by an attack by comparing results between an object recognition model that outputs an object recognition result by inputting an image stored in the above image storage step and an adversarial attack detection model that outputs an adversarial attack detection result by inputting an image filtered through the above high-frequency filter image processing step; and A marine object recognition artificial intelligence adversarial patch detection and purification method comprising a purification step that mosaics the parts detected in the purification section when distorted information and patches are detected through the detection step above.

8. In Claim 7, The above high-frequency filter imaging step is, A marine object recognition artificial intelligence adversarial patch detection and purification method that converts an image stored in the above-mentioned image storage unit into the frequency domain using a Fourier transform, and then emphasizes or filters high-frequency components.

9. In Claim 7, The above detection step is, A marine object recognition AI adversarial patch detection and purification method that determines an area in a high-frequency filter image where the boundary width is narrow compared to the original image and boundary components are locally concentrated as an aggregation boundary, and detects the aggregation boundary area as an adversarial patch.

10. In Claim 7, The above purification step is, A marine object recognition AI adversarial patch detection and purification method that corrects image distortion to minimize the impact of detected adversarial attacks, mosaics changes caused by attacks, or restores them to a normal state.

11. In Claim 7, After the above purification step, A marine object recognition artificial intelligence adversarial patch detection and purification method comprising a learning step that continuously updates an object recognition model using malicious image data selected through a learning unit and further includes a learning step to improve the performance of said model.

12. In Claim 11, The above learning step is, A marine object recognition artificial intelligence adversarial patch detection and purification method configured to use object recognition results compared and fused through a detection stage as a state, and to update the learning parameters of an object recognition model using the improvement in object recognition performance according to the state as a reward, thereby deriving more accurate and improved object recognition results.