Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

General adversarial disturbance generation method based on correlation class activation mapping

A correlation and confrontation technology, applied in neural learning methods, biological neural network models, machine learning, etc., can solve problems such as sensitive network parameters, wrong output results of neural network models, difficult to use white-box attacks, etc., and achieve high confrontation strength , low peak signal-to-noise ratio, and strong generalization ability

Pending Publication Date: 2022-06-28
CHONGQING UNIV OF POSTS & TELECOMM
View PDF0 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Iterative attacks have a higher success rate than single-step attacks in white-box environments, but their transferability is not ideal in most cases because it is sensitive to network parameters
Furthermore, it is difficult for the attacker to obtain exact knowledge of the victim model, making it difficult to use white-box attacks in practice
[0004] The general adversarial attack generates a general adversarial sample perturbation on the data set. Any input in the data set plus this perturbation can cause the output of the neural network model to be wrong.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • General adversarial disturbance generation method based on correlation class activation mapping
  • General adversarial disturbance generation method based on correlation class activation mapping
  • General adversarial disturbance generation method based on correlation class activation mapping

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0030] The purpose of the present invention is to provide a method for generating adversarial samples based on the general perturbation of correlation class activation map, by separately obtaining the class activation map of the sample image and the weight of the attention of the image during backpropagation, and forming a loss function according to a linear combination to optimize the perturbed image to obtain the best general perturb...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a general adversarial disturbance generation method based on correlation class activation mapping, and belongs to the field of adversarial machine learning. At present, the key technical problem in the field is deep neural network decision interpretability and adversarial sample mobility enhancement. According to the method, the general adversarial disturbance is generated and optimized by utilizing an inter-layer correlation propagation and class activation mapping cascading mode, and then the focus of the deep neural network is understood. Firstly, a deep neural network classifier is utilized to calculate an original label class and other error label classes of a clean sample, then through forward propagation class activation mapping feature map and correlation coefficient linear weight combination, the contribution of a final thermodynamic diagram of the original label is minimum, the contribution of thermodynamic diagrams of other error classes is maximum, and finally, the error label class is obtained. And the general adversarial disturbance is iteratively updated by minimizing the correlation class activation mapping loss function, so that the general adversarial disturbance with strong mobility is formed, and the attack success rate of the adversarial sample is improved.

Description

Technical field [0001] The invention relates to a general adversarial perturbation generation method based on correlation class activation mapping, and belongs to the field of adversarial machine learning. Background technique [0002] Machine learning technology has made major breakthroughs in solving complex tasks. However, machine learning technology (especially artificial neural networks and data-driven artificial intelligence) are extremely vulnerable to adversarial sample attacks during training or testing, and these samples can easily subvert the machine learning model. the original output. Since the AlexNet model made a breakthrough in the Large Scale Visual Recognition Challenge (ILSVRC), various image classification neural networks have been proposed to improve image classification technology. Deep neural networks have shown amazing high performance in solving complex computer vision problems, including images. Recognition, target detection, semantic segmentation ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06N20/00G06N3/04G06N3/08
CPCG06N20/00G06N3/08G06N3/045
Inventor 陈自刚代仁杰刘正皓敖晋程智全
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com