Migratable adversarial sample attack method based on attention mechanism

A technology of adversarial samples and attention, which is applied in the field of transferable adversarial sample attacks, can solve the problems of low success rate of white-box target attacks, low migration rate of black-box targets, misleading classification models, etc., and achieve the goal of improving the success rate of target attacks Effect

Pending Publication Date: 2020-11-06
GUIZHOU UNIV +1
View PDF8 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the above-mentioned deficiencies in the prior art, the present invention provides a transferable adversarial sample attack method based on the attention mechanism, which destroys the information-rich, The main focus of the model is to solve the problems of low white-box target attack success rate and black-box target migration rate in existing attack methods in the classification task of complex data sets. It is effective in the case of both white-box and black-box scenarios. misleading classification model

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Migratable adversarial sample attack method based on attention mechanism
  • Migratable adversarial sample attack method based on attention mechanism
  • Migratable adversarial sample attack method based on attention mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The specific embodiments of the present invention are described below so that those skilled in the art can understand the present invention, but it should be clear that the present invention is not limited to the scope of the specific embodiments. For those of ordinary skill in the art, as long as various changes Within the spirit and scope of the present invention defined and determined by the appended claims, these changes are obvious, and all inventions and creations using the concept of the present invention are included in the protection list.

[0045] The embodiment of the present invention provides a transferable adversarial sample attack method based on the attention mechanism, which destroys the information-rich, model-main attention region to generate adversarial examples with strong migration and high success rate of white-box target attack.

[0046] The research object of the present invention is a black box target attack, and the specific technical scenario...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a migratable adversarial sample attack method based on an attention mechanism, and the method comprises the steps of selecting a local replacement network model, constructing afeature library, and enabling an original image to be mapped into a feature space; adopting an iterative fast gradient symbol attack method based on momentum accumulation to enable the characteristics of the original picture to be far away from the original category area and to be close to the target category area; and inputting an adversarial sample obtained by attacks into a black box classification model, and outputting a target category by a misleading model. According to the invention, a triple loss function is used to destroy an area which is rich in information and is mainly concernedby the model in an attacked model characteristic space; the problems of low white-box target attack success rate and low black-box target mobility of an existing attack method in a classification taskof a complex data set are solved, and misleading of a classification model is effectively realized under the condition of considering a white-box scene and a black-box scene.

Description

technical field [0001] The invention belongs to the technical field of adversarial attacks, and in particular relates to a transferable adversarial sample attack method based on an attention mechanism. Background technique [0002] With the rapid development of deep learning, researchers can solve many computer vision tasks such as image classification and segmentation. However, due to the advent of adversarial examples, more widespread attention has been paid to the shortcomings of convolutional neural networks. Adversarial examples refer to adding some subtle perturbations that cannot be perceived by the human eye to the original input image, so that the convolutional neural network cannot correctly predict the image. The current method of generating adversarial samples can be divided into non-target attack and targeted attack according to the target or expectation of the attack. The former refers to the attacker’s goal only to make the classification model give wrong pre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06K9/62G06N3/04G06N3/08
CPCG06N3/08G06N3/045G06F18/2415G06F18/214
Inventor 宋井宽黄梓杰高联丽
Owner GUIZHOU UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap