Gradient-based adversarial sample generation method and system

An adversarial sample and gradient technology, applied in the fields of computer vision and deep learning, can solve the problems of poor transferability and high noise visibility, and achieve the effect of improving the attack success rate, reducing the noise size, and reducing loss.

Pending Publication Date: 2022-06-24
SOUTH CHINA UNIV OF TECH
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, adversarial examples generated by existing methods or systems are poorly transferable and have high noise visibility under black-box conditions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Gradient-based adversarial sample generation method and system
  • Gradient-based adversarial sample generation method and system
  • Gradient-based adversarial sample generation method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] This embodiment discloses a gradient-based adversarial sample generation method, which is suitable for both white-box attacks and black-box attacks. Among them, the white-box attack refers to all the information of the neural network model to be attacked, such as structure, parameters, training process and training data, when the attack is known. Black-box attack means that only limited information of the neural network model to be attacked, such as confidence and label, is known during the attack.

[0064] like figure 1 As shown, the gradient-based adversarial sample generation method includes the following steps:

[0065] S1. Obtain the original image sample and the neural network model to be attacked.

[0066] Specifically, the original image sample dataset used in this experiment is the ImageNet-compatible dataset, which is the official dataset of the confrontation competition held at the 2017 Conference on Advances in Neural Information Processing Systems, includ...

Embodiment 2

[0093] This embodiment discloses a gradient-based adversarial sample generation system, such as Image 6 As shown, it includes the following functional modules:

[0094] The acquisition module is used to acquire the original image samples and the neural network model to be attacked. The image format of the original image sample is .png or .jpg format, and the format of the neural network model file is .ckpt format.

[0095]The loss calculation module inputs the original image sample into the neural network model, and obtains the loss information of the original image sample according to the cross-entropy loss function. The input of the loss calculation module is the original image sample obtained by the obtaining module and the neural network model to be attacked, and the output is loss information. Among them, the cross entropy loss function in tensorflow is tf.nn.softmax_cross_entropy_with_logits().

[0096] Specifically, the loss calculation module includes a normal loss...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a gradient-based adversarial sample generation method and system. The method comprises the following steps: acquiring an original image sample and a neural network model to be attacked; inputting the original image sample into a neural network model, and obtaining loss information of the original image sample according to a cross entropy loss function; a corresponding gradient symbol matrix is obtained according to the loss information, disturbance information is generated, disturbance is added to the original image sample through the disturbance information, and a first noise image sample is obtained; performing filtering operation and cutting operation on the first noise image sample to obtain a second noise image sample; and judging whether the second noise image sample meets the requirements of the adversarial sample, if not, inputting the second noise image sample into the neural network model for next iteration, and otherwise, taking the second noise image sample as the adversarial sample and stopping iteration. According to the method, the adversarial sample with higher attack success rate and smaller noise visibility can be generated, so that the ability of the neural network model to resist adversarial attacks is enhanced.

Description

technical field [0001] The present invention relates to the technical fields of computer vision and deep learning, in particular to a method and system for generating adversarial samples based on gradients. Background technique [0002] In recent years, machine learning and deep learning have been applied in various aspects of daily life, including face recognition, image classification, autonomous driving, and semantic segmentation. However, the uninterpretability of deep learning limits its application. Adversarial attack is one of the clinical manifestations. It generates adversarial samples by adding tiny noises to clean samples to fool the neural network model and mislead the attacked model to output an answer that is different or diametrically opposite to the correct result. In this case, it is very necessary to better understand the neural network model and improve its robustness, which is inseparable from the generation of adversarial examples. [0003] However, th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06V10/30G06V10/764G06V10/82G06K9/62G06N3/04G06N3/08
CPCG06N3/04G06N3/08G06F18/241
Inventor 李家春夏飞
Owner SOUTH CHINA UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap