Adversarial sample defense method based on feature remapping and application

A technology against samples and remapping, applied in character and pattern recognition, instruments, biological neural network models, etc., can solve problems such as influential recognition and complex structure of defense models

Active Publication Date: 2020-07-10
ZHEJIANG UNIV OF TECH
View PDF9 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] In order to overcome the shortcomings of the existing defense methods such as road sign recognition, license plate recognition, pedestrian recognition, road recognition, and obstacle detection, the need to obtain the privacy information of the original model, the impact on the recognition of the original benign sample, and the complex structure of the defense model, in order to achieve The double defense effect of detection and re-identification of adversarial samples, the present invention provides a method and application of adversarial sample defense based on feature remapping

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample defense method based on feature remapping and application
  • Adversarial sample defense method based on feature remapping and application
  • Adversarial sample defense method based on feature remapping and application

Examples

Experimental program
Comparison scheme
Effect test

experiment example

[0135] In the experimental example of the present invention, the application of outdoor vehicle and natural wild animal recognition is used as a specific scene, which is a basic scene of automatic driving application. Then attack and defend the trained deep recognition model to verify the effectiveness of this method. First, CIFAR10 is used as the training data set, which is a color image data set containing 10 classifications that are closer to universal objects, including 4 types of outdoor vehicles, including airplanes, cars, boats, and trucks, and birds, cats, There are 6 types of natural wild animals including deer, dog, frog and horse. Each sample image in the CIFAR10 dataset contains three channels of RGB, with a pixel size of 32*32. Four recognition models are trained on the CIFAR10 dataset, the code language is Python, and the deep learning framework used is Tensorflow. The basic deep learning structures used include four typical structures: VGG16, VGG19, ResNet50, a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an adversarial sample defense method based on feature remapping and application. The method comprises the steps of: constructing a feature remapping model, wherein the featureremapping model comprises a significant feature generation model used for generating significant features, a non-significant feature generation model used for generating non-significant features and ashared discrimination model used for discriminating the authenticity of the significant features and the non-significant features; constructing a detector according to the significant feature generation model and the non-significant feature generation model, wherein the detector is used for detecting an adversarial sample and a benign sample; constructing a re-identifier according to the significant feature generation model, wherein the re-identifier is used for identifying the category of the adversarial sample; when adversarial sample detection is carried out, connecting a detector to the output of the target model, and carrying out adversarial sample detection by utilizing the detector; and during adversarial sample identification, connecting the re-identifier to the output of the target model, and performing adversarial sample identification by using the re-identifier. The dual defense effect of detection and re-identification of the adversarial sample can be realized.

Description

technical field [0001] The present invention relates to the field of defense oriented to deep learning confrontation attack and defense, in particular to a method and application of adversarial sample defense based on feature remapping. Background technique [0002] With the improvement of hardware computing power, the support of big data storage and the improvement of theoretical framework, deep learning technology has been applied to many fields with its powerful feature extraction and fitting capabilities, including computer vision, natural language processing, and bioinformatics. field and so on. At the same time, deep learning technology is gradually moving from the laboratory to industrialization, among which the application of automatic driving is the most prominent. Road sign recognition, license plate recognition, pedestrian recognition, road recognition, obstacle detection, etc. in the automatic driving system all involve computer vision technology, while voice co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N3/04
CPCG06N3/045G06F18/213G06F18/241G06F18/214G06V10/776G06V10/7747G06V10/7715G06V10/771G06F18/2148G06F18/2413
Inventor 陈晋音郑海斌张龙源王雪柯
Owner ZHEJIANG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap