Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Frequency Band-Based Adversarial Attack on Deep Neural Networks

A technology of deep neural network and frequency band, which is applied in the field of anti-attack deep neural network based on frequency band, can solve the problems such as the difficulty of explaining the law of anti-interference, and achieve the effect of improving sensitivity, low interference intensity, and simple operation process

Active Publication Date: 2022-07-12
XI AN JIAOTONG UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Aiming at the technical problems existing in the prior art, the present invention provides a frequency band-based anti-attack deep neural network method to solve the technical problem that the anti-jamming law generated by the existing anti-attack method is still difficult to explain

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0059] This embodiment provides a frequency band-based adversarial attack deep neural network method, including the following steps:

[0060] Step 1. Set the anti-interference strength, which is limited by the L∞ norm eps; when the anti-interference strength is limited by the L∞ norm eps, it will make it difficult for people to perceive; under the same interference strength, attack the deep neural network. In the network, a fair comparison is achieved; according to the set anti-interference strength, the number of directions N of the frequency band and the number of wavelengths of the frequency band M are determined; among them, in this embodiment, N=8, M=5; half wavelength = {1, 2, 3, 4, 5};

[0061] Step 2. For the frequency band anti-interference distribution of a certain wavelength, calculate the frequency band anti-jamming in the horizontal direction; specifically, first initialize the frequency band anti-jamming distribution in the horizontal direction to an interference...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for counterattacking a deep neural network based on a frequency band. First, the frequency band space is obtained, which includes the frequency band countermeasures in N directions, and the frequency band countermeasures in each direction include the frequency band countermeasures of M wavelengths. Interference distribution; the anti-interference distribution of each frequency band is a waveform containing alternating activation and suppression, and the gradient signal between the peaks and the troughs is filled with gradient signals; the frequency-band anti-interference distribution is added to the original image to obtain the adversarial attack sample, which is input to the target. In the attacking deep neural network, the adversarial attack sample corresponding to the minimum value of the predicted result score is taken as the optimal adversarial sample, and the attacked deep neural network is attacked; the present invention adopts the waveform including the alternating activation and suppression as the adversarial interference distribution, which effectively The sensitivity of the network to adversarial attack samples is improved, and the adversarial attack samples can be easily detected by the deep neural network, confuse the original signal, and make the deep neural network predict wrong results.

Description

technical field [0001] The invention belongs to the technical field of computer vision, and in particular relates to a frequency band-based confrontation attacking deep neural network method. Background technique [0002] With the development of deep neural networks, recognition tasks such as classification, segmentation, and skeleton detection in computer vision have been greatly improved. Deep neural networks perform well in visual recognition tasks, however, when generalized to other distributions of data, performance degrades dramatically. The generalization of deep neural network is very critical in its application to practical situations. If the generalization of deep neural network is poor, it will lead to major errors and serious losses in actual use. Therefore, before the application of deep neural network, its generalization ability needs to be clearly studied. [0003] Adversarial attack is an important method to detect the generalization and security of deep ne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06N3/04G06N3/08G06K9/62
CPCG06N3/08G06N3/045G06F18/214
Inventor 白秀秀刘哲杨明
Owner XI AN JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com