Attack-resistant defense method based on neuron activation rate

A neuron and activation rate technology, applied in neural learning methods, neural architectures, biological neural network models, etc., can solve problems such as failure to achieve good results, no resistance to adversarial input, and damage to defense methods

Pending Publication Date: 2021-08-20
ZHEJIANG UNIV OF TECH
View PDF0 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] (1) These defensive measures can only target existing adversarial samples, and have no ability to resist unknown adversarial input
[0008] (2) These methods often fail to achieve better results in the face of black-box attacks
[0009] (3) For migratable attacks, these defenses are compromised

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack-resistant defense method based on neuron activation rate
  • Attack-resistant defense method based on neuron activation rate
  • Attack-resistant defense method based on neuron activation rate

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be noted that the following embodiments are intended to facilitate the understanding of the present invention, but do not limit it in any way.

[0047] refer to Figure 1 ~ Figure 2 , an adversarial attack defense method based on neuron activation rate, including the following steps:

[0048]1) Acquisition and preprocessing of image data sets, the specific process is as follows:

[0049] 1.1) Download the MNIST, CIFAR-10 and ImageNet data sets, save the image samples and their corresponding class labels, and record the sample set as X={x 1 , x 2 ,...,x m}, the class of each image is labeled y.

[0050] 1.2) Divide the data set in the previous step into training set and test set according to the ratio, and perform one-hot encoding on the class label y to facilitate subsequent training.

[0051] 1.3) Unify the sample size: the image s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an anti-attack defense method based on a neuron activation rate. The method comprises the following steps: 1), obtaining an image data set, carrying out the preprocessing, and constructing a training set and a test set; 2) constructing a classifier model of a CNN network structure; 3) constructing a dichotomy discriminator D, and judging the output N of the classifier model about the input book x; 4) constructing an overall loss function according to the classifier model and the loss function of the dichotomy discriminator D, and determining an overall optimization target; carrying out joint training on the overall model by adopting the training set, and when the overall loss function is converged, stopping training and storing the model; and 5) inputting a test set to test the trained classifier model, if the classification accuracy is lower than a threshold value, modifying the lambda of the overall loss function, and training again according to the step 4) until the classification accuracy is higher than the threshold value. The defense method provided by the invention has good applicability and accuracy, and has a good defense effect on attack resistance.

Description

technical field [0001] The invention relates to a defense method against attack, in particular to a defense method against attack based on neuron activation rate. Background technique [0002] With its superior performance, deep learning has been widely used in many fields such as image classification, target detection, biological information, speech recognition, natural language processing, etc., and has achieved unprecedented success in the field of computer vision. But the vulnerability of deep models to misclassification by perturbations invisible to the human eye has drawn researchers' attention. In the process of gradually replacing human beings for autonomous decision-making by deep models, due to their vulnerability to adversarial attacks and other issues, they have posed serious threats to network security, data security, algorithm security, and information security. The vulnerability of deep models to adversarial examples also hinders the further application of de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06N3/08G06N3/04G06K9/62G06F21/55
CPCG06N3/08G06F21/55G06N3/045G06F18/241Y02T10/40
Inventor 陈晋音陈若曦郑海斌
Owner ZHEJIANG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap