Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Deep learning adversarial sample generation method based on second-order method

An adversarial sample, deep learning technology, applied in neural learning methods, biological neural network models, neural architectures, etc., can solve problems such as the poor speed of adversarial sample generation methods, the inability to generate adversarial samples, and the difficulty of optimization problems.

Pending Publication Date: 2020-06-23
ZHEJIANG UNIVERSITY OF SCIENCE AND TECHNOLOGY +1
View PDF0 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] To sum up, the problems existing in the existing technology are: the speed of the existing adversarial sample generation method is not good, the calculation complexity is high, and it is easy to fall into the local optimum prematurely, and the utilization of gradient information is very low
At the same time, the quality of generated adversarial samples is not high, and the transferability is low
In particular, once the gradient is smoothed, most existing methods introduce extreme variations resulting in extreme derivative values, which degrades the quality of information about how neurons are activated by different inputs, making it impossible to generate adversarial examples
[0007] Difficulty in solving the above technical problems: After converting the generation of adversarial samples into an optimization problem, the highly non-convex and nonlinear nature of DNNs makes it very difficult to solve this optimization problem; Transferability; an effective adversarial example must take into account the attack success rate while maintaining concealment, which means that the added perturbation must be very small and effective

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Deep learning adversarial sample generation method based on second-order method
  • Deep learning adversarial sample generation method based on second-order method
  • Deep learning adversarial sample generation method based on second-order method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0134] 1. The specific analysis of related technologies is as follows:

[0135] 1.1 Deep Neural Networks and Symbols

[0136] DNNs can generally be expressed as a mapping function is the d-dimensional input variable, is an m-dimensional probability vector, representing the confidence of m classes. An N-layer DNNs receives an input X and produces the corresponding output as follows:

[0137] F(X)=F (N) (...F (2) (F (1) (X))) (1)

[0138] f (i) Represents the calculation output of the i-th layer of DNNs. These layers can be convolutional, pooling, or other forms of neural network layers. The last layer of DNNs uses a Softmax layer, defined as Z=F (N-1) ( ) is the output vector of the previous layer (aka the last hidden layer). The final predicted label is determined by y=argmax i=1...m F(X) i Obtain, where F(X)=Softmax(Z).

[0139] 1.2 Adversarial Examples for DNNs

[0140] Existing Technique 1 first discovered the existence of adversarial examples in DNNs. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to a data information processing technology, and discloses a deep learning adversarial sample generation method and system based on a second-order method, and the method comprises the steps: carrying out the secondary Taylor expansion of a neural network function in a tiny neighborhood of an input sample X, i.e., Lp (p belongs to [2, 0, infinity]) norm constraint, and replacing a nonlinear part of a neural network; and constructing a dual function through a Lagrange multiplier method to calculate an extreme value to solve the optimal disturbance delta, so that the confidence coefficient of the confrontation sample X '= X + delta which is judged as a correct class is reduced to the minimum, or the confidence coefficient of the confrontation sample X' which is judged asa target class is increased to the maximum. According to the method, the operation of reducing the confidence coefficient of the correct output class is adopted for the target-free attack; and for the target attack, the operation of improving the confidence of the target class is adopted. The method provided by the invention can avoid falling into a local extreme value, generates a high-quality adversarial sample at extremely low cost, is applied to adversarial training of the deep neural network, and can effectively improve the defense effect.

Description

technical field [0001] The invention belongs to the technical field of data information processing, and in particular relates to a second-order method-based deep learning adversarial sample generation method and system. Background technique [0002] Currently, the closest existing technology: Deep Neural Networks (DNNs) have achieved successful applications in many fields such as bioinformatics, speech recognition, and computer vision. However, studies have found that DNNs are vulnerable to adversarial examples. Existing technology 1 finds DNN's adversarial examples in the field of image classification, that is, adding small perturbations in natural images, and the obtained noisy images can make DNNs make wrong predictions. Since the adversarial examples are usually difficult to detect obviously for human vision, and there will be no misjudgment. Therefore, adversarial samples have better concealment, and attacks on DNNs using adversarial samples are very harmful. For exa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06N3/04G06N3/08
CPCG06N3/08G06N3/047G06N3/045
Inventor 钱亚冠张锡敏周武杰关晓惠李蔚潘俊云本胜楼琼
Owner ZHEJIANG UNIVERSITY OF SCIENCE AND TECHNOLOGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com