Method for resisting attack deep neural network based on frequency band

A deep neural network and frequency band technology, which is applied in the field of adversarial attack deep neural network based on frequency band, can solve the problems of difficulty in explaining the law of anti-interference, and achieve the effect of improving sensitivity and reducing the intensity of interference.

Active Publication Date: 2020-09-25
XI AN JIAOTONG UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Aiming at the technical problems existing in the prior art, the present invention provides a frequency band-based anti-attack deep neural network method to solve the technical problem that the anti-jamming law generated by the existing anti-attack method is still difficult to explain

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for resisting attack deep neural network based on frequency band
  • Method for resisting attack deep neural network based on frequency band
  • Method for resisting attack deep neural network based on frequency band

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0059] This embodiment provides a method for countering attacking deep neural networks based on frequency bands, comprising the following steps:

[0060] Step 1. Set the anti-interference strength, which is limited by the L∞ norm eps; when the anti-interference strength is limited by the L∞ norm eps, it is difficult for people to detect it; under the same interference strength, the attack depth neural During the network, a fair comparison has been realized; according to the anti-jamming strength set, the number of directions N of the frequency band and the number of wavelengths M of the frequency band are determined; wherein, in the present embodiment, N=8, M=5; half wavelength = {1, 2, 3, 4, 5};

[0061] Step 2. For the frequency band anti-interference distribution of a certain wavelength, calculate the frequency band anti-interference distribution in the horizontal direction; specifically, first initialize the frequency band anti-interference distribution in the horizontal d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for resisting an attack deep neural network based on a frequency band, and the method comprises the steps: firstly obtaining a frequency band space which comprises theanti-interference of frequency band pairs in N directions, wherein the anti-interference of frequency band pairs in each direction comprises the anti-interference distribution of frequency band pairswith M wavelengths, the anti-interference distribution of each frequency band pair is a waveform containing alternating activation and inhibition, and gradient signals are filled between wave crestsand wave troughs of each frequency band pair; respectively adding the frequency band pair anti-interference distribution and the original image to obtain an anti-attack sample, inputting the anti-attack sample into the attacked deep neural network, taking the anti-attack sample corresponding to the minimum value of the prediction result score as an optimal anti-attack sample, and attacking the attacked deep neural network. According to the method, the waveform containing alternate activation and suppression is adopted as anti-interference distribution, so the sensitivity of the network to an anti-attack sample is effectively improved, the anti-attack sample can be easily measured by the deep neural network, the original signals are confused, and the deep neural network is enabled to predict an error result.

Description

technical field [0001] The invention belongs to the technical field of computer vision, and in particular relates to a frequency-band-based anti-attack deep neural network method. Background technique [0002] With the development of deep neural networks, recognition tasks such as classification, segmentation, and skeleton detection in computer vision have been greatly improved. Deep neural networks have shown excellent performance in visual recognition tasks, however, when they generalize to other distributions of data, the performance degrades significantly. The generalization of the deep neural network is very critical in its application to practical situations. If the generalization of the deep neural network is poor, it will lead to major errors in actual use and cause serious losses. Therefore, before the deep neural network is applied, its generalization ability needs to be studied clearly. [0003] Adversarial attack is an important method to detect the generalizat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06N3/04G06N3/08G06K9/62
CPCG06N3/08G06N3/045G06F18/214
Inventor 白秀秀刘哲杨明
Owner XI AN JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap