Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Invisible watermark image construction and classification methods, invisible watermark backdoor attack model construction and classification methods and system

A technology of watermarking images and construction methods, which is applied in image watermarking, image data processing, image data processing and other directions, can solve the problems of poor concealment and easy detection of backdoor triggers, and achieve high classification accuracy, imperceptibility, and perfect recognition. effect of technology

Pending Publication Date: 2021-06-25
NORTHWEST UNIV(CN)
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Aiming at the problem that visible backdoor triggers are poorly concealed and easy to be detected, an invisible watermark image, backdoor attack model construction, classification method and system are proposed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Invisible watermark image construction and classification methods, invisible watermark backdoor attack model construction and classification methods and system
  • Invisible watermark image construction and classification methods, invisible watermark backdoor attack model construction and classification methods and system
  • Invisible watermark image construction and classification methods, invisible watermark backdoor attack model construction and classification methods and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0055] This embodiment provides a method for constructing an invisible watermark image, and the detailed steps are as follows:

[0056] Step 1, get original image and watermark image;

[0057] Step 2, performing Haar discrete wavelet transformation on the original image to obtain the low-frequency information matrix Y and the horizontal high-frequency information matrix U of the original image 1 , vertical high-frequency information matrix U 2 and the diagonal high-frequency information matrix U 3 ; Specifically, the first-level Haar discrete wavelet transformation is performed;

[0058] Step 3, perform discrete cosine changes on the blocks of the low-frequency information matrix Y described in step 2 to obtain multiple low-frequency information matrices, specifically determine the number of blocks according to the size of the selected watermark image, and the number of blocks is greater than the size of the watermark image , the size of the watermark image used in this emb...

Embodiment 2

[0070] On the basis of Embodiment 1, this embodiment provides a method for constructing a neural network backdoor attack model of an invisible watermark, including the following steps:

[0071] Step 1, obtain the original image data set M and the invisible watermark image data set M';

[0072] Raw image dataset M{M1,...,Mi,...Mn}, M i Represents the i-th original image in the original image data set M, n represents the number of original images, which is a positive integer;

[0073] The original image data set M uses the mnist data set. The mnist data set is organized by the National Institute of Standards and Technology (NIST) and consists of 250 numbers handwritten by different people, of which 50% They are high school students, 50% are from Census Bureau staff, and all samples in the database are grayscale images of 28×28 pixels. Contains 60,000 training images and 10,000 test images, divided into ten categories of 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, such as Figure 4 As shown...

Embodiment 3

[0095] On the basis of embodiments 1 and 2, this embodiment provides a kind of image classification method, including:

[0096] Obtain classified image data, and input the image data to be classified into the invisible watermark neural network backdoor attack model for classification;

[0097] The neural network backdoor attack model of the invisible watermark is obtained by constructing the neural network backdoor attack model of the invisible watermark described in Embodiment 2.

[0098] A well-trained network model should have the ability to resist adversarial attacks. Based on this, the classification method can verify the robustness of the neural network model, that is, whether the attacked model has a certain ability to resist poisoning attacks. "Data poisoning" tends to reduce the accuracy of the target neural network type classification, and both model owners and users hope for optimal accuracy. If this classification method is used, the input data is classified. If ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses invisible watermark image construction and classification methods, invisible watermark backdoor attack model construction and classification methods and a system, and the invisible watermark image construction method comprises: carrying out the Haar discrete wavelet transformation of an original image, and obtaining a low-frequency information matrix, a horizontal high-frequency information matrix, a vertical high-frequency information matrix and a diagonal high-frequency information matrix of the original image; performing block discrete cosine change on the low-frequency information matrix to obtain a plurality of low-frequency information matrixes; and encrypting a watermark image to obtain an encrypted watermark image, embedding the encrypted watermark image into a plurality of low-frequency information matrixes by adopting a singular value decomposition watermark algorithm, and then obtaining an invisible watermark image through block discrete cosine inverse transformation and Haar discrete inverse wavelet transformation. Based on an invisible watermark technology, a more hidden backdoor is generated by utilizing the weakness that the neural network is easily attacked by the backdoor, so that the classification accuracy of the neural network is reduced to a certain extent, and the invention has great significance in the field of artificial intelligence security.

Description

technical field [0001] The invention belongs to the field of artificial intelligence security, and relates to an invisible watermark image, a backdoor attack model construction, a classification method and a system. Background technique [0002] In recent years, the rapid development of deep learning has made many achievements in various fields. Image classification, object detection, speech recognition, language translation, speech synthesis, etc. are widely used in deep learning. Even in many fields, the performance of deep learning models has surpassed that of humans. Despite great success in numerous applications, many deep learning-inspired applications are still of critical importance, which has attracted great attention in the security field. [0003] Training a model that performs well is complex and takes a lot of time. Therefore, the training tasks of neural networks are generally outsourced to the cloud. In this scenario, the adversary has the ability to manip...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06T1/00G06F17/14G06F21/60G06K9/62G06N3/04G06N3/08
CPCG06T1/005G06F17/147G06F17/148G06F21/602G06N3/04G06N3/08G06F18/24
Inventor 肖云张钰婷赵珂王选宏肖刚许鹏飞刘宝英陈晓江
Owner NORTHWEST UNIV(CN)
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com