CN110428023A - A kind of counterreconnaissance escape attack method towards depth pedestrian weight identifying system - Google Patents
A kind of counterreconnaissance escape attack method towards depth pedestrian weight identifying system Download PDFInfo
- Publication number
- CN110428023A CN110428023A CN201910473189.9A CN201910473189A CN110428023A CN 110428023 A CN110428023 A CN 110428023A CN 201910473189 A CN201910473189 A CN 201910473189A CN 110428023 A CN110428023 A CN 110428023A
- Authority
- CN
- China
- Prior art keywords
- photo
- identifying system
- camera
- noise
- pedestrian
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 230000008569 process Effects 0.000 claims abstract description 18
- 238000005457 optimization Methods 0.000 claims abstract description 15
- 238000012544 monitoring process Methods 0.000 claims abstract description 11
- 230000007613 environmental effect Effects 0.000 claims abstract description 8
- 230000009466 transformation Effects 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 2
- 238000005070 sampling Methods 0.000 abstract description 5
- 230000007123 defense Effects 0.000 abstract 1
- 238000013528 artificial neural network Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- ORILYTVJVMAKLC-UHFFFAOYSA-N Adamantane Natural products C1C(C2)CC3CC1CC2C3 ORILYTVJVMAKLC-UHFFFAOYSA-N 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 244000309464 bull Species 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 210000005036 nerve Anatomy 0.000 description 1
- 239000012466 permeate Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 230000002194 synthesizing effect Effects 0.000 description 1
- 238000010189 synthetic method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K15/00—Arrangements for producing a permanent visual presentation of the output data, e.g. computer output printers
- G06K15/02—Arrangements for producing a permanent visual presentation of the output data, e.g. computer output printers using printers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/26—Government or public services
- G06Q50/265—Personal security, identity or safety
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Tourism & Hospitality (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Educational Administration (AREA)
- Development Economics (AREA)
- Computer Security & Cryptography (AREA)
- Economics (AREA)
- General Health & Medical Sciences (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Image Analysis (AREA)
- Image Processing (AREA)
Abstract
The invention discloses a kind of counterreconnaissance escape attack methods towards depth pedestrian weight identifying system, it proposes to maximize optimization method based on matching difference, and multiposition sampling is combined to generate can be changed across camera, noise pattern that position is expansible, so that identical noise pattern can not be mutually matched under different camera shootings in any position of pedestrian's weight identifying system monitoring area.In addition, this method incorporates physical environmental factors in noise pattern generating process, reduces information of the noise in printing, shooting process and lose, improve its robustness.The noise pattern that this method generates can make pedestrian's weight identifying system that can not correctly search to locate attacker, realize " stealth " under safety defense monitoring system.
Description
Technical field
The present invention designs artificial intelligent and safe field, in particular to a kind of counterreconnaissance towards depth pedestrian weight identifying system
Escape attack method.
Background technique
With the rapid development of mobile Internet, the lasting upgrading of hardware device, the production of mass data and algorithm are more
Newly, the development of artificial intelligence (AI) is irresistible, gradually permeates and change deeply the life of the mankind.Currently, the machine of being based on
The artificial intelligence technology of device study and deep learning is widely used in human-computer interaction, vision processing system, recommender system, safety
Every field, the application scenarios such as diagnosis and protection include unmanned, image recognition, malware detection, malious email mistake
Filter etc..It can be said that the arrival in artificial intelligence epoch and data calculate and the development of storage capacity promotes every field change.
It is a task of the matching across personage interested under camera that pedestrian identifies again, has in video monitoring and security fields and widely answers
With, such as suspect and missing crew's search, across camera pedestrian tracking, pedestrian activity's analysis etc..In recent years, with depth
Habit technology is quickly grown, and pedestrian's weight identifying system based on deep neural network achieves pedestrian's matching level close to the mankind,
And it is increasingly becoming main stream approach.
However, recent studies suggest that deep neural network is very fragile for specifically attacking: by input picture plus essence
Mankind's noise inconspicuous of heart building, can lure deep neural network to work with anomalous mode, this is to based on depth nerve
The types of applications of network constitutes potential threat, such as recognition of face, unmanned, malware detection.Since pedestrian identifies again
System widespread deployment in the security system and application, it is under attack to Guan Chong whether the depth of investigation pedestrian weight identifying system is easy
It wants.Once depth pedestrian weight identifying system to particular attack fragility, will have serious consequences and security threat, for example, crime point
Son, which can escape the search of law enforcement agency and positioning or spy, can invade monitored confidential areas.
Summary of the invention
The purpose of the invention is to overcome the limitation of the prior art, provide a kind of towards depth pedestrian's again identifying system
Counterreconnaissance escape attack method.
Designed by the present invention it is a kind of towards depth pedestrian weight identifying system counterreconnaissance escape attack method, it is special it
It is in comprising the following steps:
1) to given pedestrian's weight identifying system with whitepack access authority, setting attacker wants to be matched to specific
User;
2) photo group of the building attacker under each camera, designs the noise pattern generation side sampled based on multiposition
Method generates the expansible noise pattern in position;
3) the noise pattern generation method that can be changed across camera minimized based on matching difference, is made across attacking under camera
The person's of hitting image is located remotely from each other can not be by pedestrian's weight identifying system matching, and the image for making plus noise and specific user are by mistake
Match;
4) physical environmental factors are incorporated into noise pattern generating process, print noise pattern and be attached on clothes, to realize
Pedestrian's weight identifying system is attacked under reality scene.
Further, photo group detailed process of the building attacker under each camera are as follows:
Collect a large amount of attackers photo that different location is taken under monitoring camera, and the photo that every is shot
The photomontage that primary image converts is carried out, the above photo collectively forms noise spanning set.
Further, detailed process is as follows for the step 3):
By solving the optimization problem of the minimum of attacker's photo matching similarity under across camera shooting come iteratively
Find the variable noise pattern across camera;Specifically, for the photo shot from m group camera, and from specific
The photo I of user being takent, solve following optimization problem:
Wherein, target pedestrian weight identifying system is expressed as fθ(x, y)=sc, x are the image that system needs to inquire, and y is it
Pedestrian's photo that his camera is collected, θ is model parameter;x′iIt is that noise δ will be passed through and the consistent image of the person of being taken i becomes
It changes and is added to xiOn obtain;
Wherein, each iteration is from noise spanning set and specific user's photograph collection ItIn select at random photo constitute four-tupleTwo photos for being attacker under same camera,It is attacker in other camera shootings
One photo of head solves following optimization based on the noise pattern generation method that can be changed across camera that matching difference minimizes and asks
Topic:
The noise of the generation gap between the feature for extracting same webcam photo of having the ability is smaller and smaller, while making across taking the photograph
The gap between feature extracted as head photo is increasing.
Still further, the number of iterations is set as 700 times, or less than 700 in convergence complete iteration.
Further, smooth regular terms is added in the step 4):
TV (δ)=∑I, j((δI, j-δI+1, j)2+(δI, j-δI, j+1)2)。
Further, the value of noise is transformed into printer color value range in the step 4) and is printed.
Further, random image degenrate function is added in the step 4)Lose noise with height to information
Robustness.
Compared to the prior art the present invention, has the beneficial effect that
1) it proposes the novel escape towards depth pedestrian weight identifying system and breaks through method, it is complete by generation " contact clothing "
The counterreconnaissance escape of pairs of target pedestrian weight identifying system.
2) propose the optimization method that minimizes based on matching difference, generate the noise pattern variable across camera, make its
It can not match each other under the shooting of different cameras.
3) multiposition sampling policy is considered in noise pattern generating process, the noise of generation is in any position of monitoring area
Attack effect can be reached by setting.
4) in order to improve noise pattern physical world robustness, physical environmental factors incorporate noise pattern by this method
Generating process keeps it still effective after printing and shooting process information are lost.
Detailed description of the invention
Fig. 1 is the counterreconnaissance escape attack method frame towards depth pedestrian weight identifying system.
Fig. 2 is that schematic diagram is attacked in the escape towards depth pedestrian weight identifying system.
Fig. 3 is that example is attacked in the escape towards depth pedestrian weight identifying system.
Specific embodiment
It is considered herein that the safety issue that depth pedestrian identifies again does not still attract attention, the meeting when being widely used
Potential security threat is brought, therefore is badly in need of a kind of counterreconnaissance escape attack method towards depth pedestrian weight identifying system.
Towards the counterreconnaissance escape attack method of depth pedestrian weight identifying system designed by the present invention, include following step
It is rapid:
1) pedestrian's weight identifying system, input inquiry image are given, which exports the figure shot under other cameras
As the similarity and similarity ranking with query image.Attacker is able to access that the parameter and weight of object module, and sets
Attacker wants the specific user being matched to.
Target pedestrian weight identifying system can be expressed as fθ(x, y)=sc, wherein x is the image that system needs to inquire, and y is
Pedestrian's photo that other cameras are collected, θ are model parameter, and sc is the output of system, i.e., to carry out matched one group of photo (x,
Y) similarity score.The photo group G that the photo and system being queried are collected under other cameras is matched one by one, is exported similar
Highest photo is spent as final matching results, it may be assumed that
Y={ y1, y2..., yK}s.tψ(fθ(x, yi)) < K
Wherein K be default output match the highest photo number of score, ψ () by the photo group of collection according to
It is ranked up from high to low with score.Attacker is attack with trained pedestrian's weight identifying system neural network based
Target has whitepack access authority to object module, can access target model parameter and weight, and in setting system
Specific user, make attacker when being queried by system error hiding at the specific user.
2) building attacker collects photo group and photomontage group, designs the noise pattern generation side sampled based on multiposition
Method generates the expansible noise pattern in position, can reach attack effect in any position of monitoring area.
Constitute noise spanning set XcSpecifically: collect a large amount of attackers photograph that different location is taken under monitoring camera
Piece, and the photo that every shoots is subjected to the photomontage that primary image converts.
3) the noise pattern generation method that can be changed across camera minimized based on matching difference, is made across attacking under camera
The person's of hitting image is located remotely from each other can not be by pedestrian's weight identifying system matching, and the image for making plus noise and specific user are by mistake
Match.
By solving the optimization problem of the minimum of attacker's photo matching similarity under across camera shooting come iteratively
Find the variable noise pattern across camera.Specifically, for the photo shot from m group camera, following optimization is solved
Problem:
Wherein x 'iIt is that noise δ will be passed through and the person of being taken i consistent image transformation is added to upper xiOn obtain.Optimizing
The difference of form and photo style of the noise pattern study across the person of being taken under camera is in the process to improve attacking for oneself
Ability is hit, the gap between feature that the photo that shoots attacker under across camera extracts is increasing, until can not be just
It is really mutually matched, and is all matched with the photo of specific user.
Two photos under same camera are randomly selected in spanning set every timeAnd one of other cameras
PhotoConstitute a triple Qi, this method be based on multiposition sampling policy, pass through the different Q of multiple groupsiIteratively to optimize
Noise pattern is optimized, the noise δ that the photo for shooting and synthesizing to multiple groups different location optimizes generation can be
Any position of monitoring area, which is taken, can complete counterreconnaissance escape attack.XcThe optimization of noise pattern will be used to solve to generate
Problem, each iteration is from XcIn select at random photo constitute tripleMade by different four-tuples
The noise pattern of generation can be effective in any position of monitoring area.Specifically, under each camera be arranged different distance and
50 sampled points of angle collect the photo of 10 shootings in each sampled point respectively;The photo acquired for every, randomly selects
5 kinds of primary image transformation generate 5 photomontages.For once attacking, building sum is the synthesis collection of 3000 photos.By base
In multiposition sampling policy in conjunction with the optimization problem, that is, produces and meet the expansible noise that can be changed across camera of multiposition
Pattern:
The noise of the generation gap between the feature for extracting same webcam photo of having the ability is smaller and smaller, while making across taking the photograph
The gap between feature extracted as head photo is increasing.By choosing different location and different synthetic methods in spanning set
Photo, enable noise pattern to there is no " meeting " position shooting photo it is equally effective.This method is excellent using Adam
Change solution of the algorithm to above-mentioned optimization problem, learning rate 1e-2, β 1=0.9, β2=0.999, coefficient of balance λ=0.6.
Iteration most bull wheel number is 700.
4) consider printing and imaging error in physical world, physical environmental factors are incorporated into noise pattern generating process, it is raw
At the noise pattern of high robust, pedestrian's weight identifying system can be attacked under reality scene by printing and sticking " contact clothing ".
Consider printing and the active influence of shooting process noise pattern, physical environmental factors involvement noise pattern was generated
Journey generates the noise pattern of high robust, and so that noise is printed and is sticked can be to pedestrian's weight identifying system on the clothes of attacker
Carry out counterreconnaissance escape attack.Firstly, this method exists in order to make the noise generated and clothes pattern seem same naturally smooth
Smooth regular terms is added in optimization problem:
This method improves the smoothness of noise by difference between minimum noise pattern adjacent pixel value, so that
Attacker puts on " contact clothing " and will not wake suspicion.Next printable color gamut is determined And by noise
Value rangeInside bring error is printed to eliminate;Finally, due to which environmental condition and camera device are clapped in shooting process
Noise is taken the photograph to the loss of information, random image degenrate function is added in this method during noise generatesMake noise right
Information, which is lost, has high robust.
The present invention has the advantages that
1) it proposes the novel escape towards depth pedestrian weight identifying system and breaks through method, it is complete by generation " contact clothing "
The anti-escape of pairs of target pedestrian weight identifying system.
2) propose the optimization method that minimizes based on matching difference, generate the noise pattern variable across camera, make its
It can not match each other under the shooting of different cameras.
3) multiposition sampling policy is considered in noise pattern generating process, the noise of generation is in any position of monitoring area
Attack effect can be reached by setting.
4) in order to improve noise pattern physical world robustness, physical environmental factors incorporate noise pattern by this method
Generating process keeps it still effective after printing and shooting process information are lost.
Claims (7)
- The attack method 1. a kind of counterreconnaissance towards depth pedestrian weight identifying system is escaped, characterized by comprising the steps of:1) pedestrian's weight identifying system with whitepack access authority is given;2) photo group of the building attacker under each camera designs the noise pattern generation method sampled based on multiposition, raw At the expansible noise pattern in position;3) the noise pattern generation method that can be changed across camera minimized based on matching difference, is made across the attacker under camera Image is located remotely from each other can not be by pedestrian's weight identifying system matching;4) physical environmental factors are incorporated into noise pattern generating process, print noise pattern and be attached on clothes, to realize existing Pedestrian's weight identifying system is attacked under real field scape.
- The attack method 2. a kind of counterreconnaissance towards depth pedestrian weight identifying system as described in claim 1 is escaped, feature It is: photo group detailed process of the building attacker under each camera are as follows:A large amount of attackers photo that different location is taken under monitoring camera is collected, and the photo that every is shot carries out The photomontage that primary image converts, the above photo collectively form noise spanning set.
- The attack method 3. a kind of counterreconnaissance towards depth pedestrian weight identifying system as claimed in claim 2 is escaped, feature Be: detailed process is as follows for the step 3):It is iteratively found by solving the optimization problem of the minimum of attacker's photo matching similarity under across camera shooting Variable noise pattern across camera;Specifically, for the photo shot from m group camera, and specific user is come from The photo I being takent, solve following optimization problem:Wherein, target pedestrian weight identifying system is expressed as fθ(x, y)=sc, x are the image that system needs to inquire, and y is other camera shootings Pedestrian's photo that head is collected, θ is model parameter;x′iIt is that noise δ will be passed through and the person of being taken i consistent image transformation is added to Upper xiOn obtain;Wherein, each iteration selects photo at random from noise spanning set and constitutes triple Two photos for being attacker under same camera,It is attacker in a photo of other cameras, is based on matching difference The noise pattern generation method that can be changed across camera minimized solves following optimization problem:Gap between the capable feature for extracting same webcam photo of the noise of generation is smaller and smaller, while making across camera The gap between feature that photo extracts is increasing.
- The attack method 4. a kind of counterreconnaissance towards depth pedestrian weight identifying system as claimed in claim 3 is escaped, feature Be: the number of iterations is set as 700 times, or less than 700 in convergence i.e. complete iteration.
- The attack method 5. a kind of counterreconnaissance towards depth pedestrian weight identifying system as claimed in claim 2 is escaped, feature It is: smooth regular terms is added in the step 4):TV (δ)=∑i,j((δi,j-δi+1,j)2+(δi,j-δi,j+1)2)。
- The attack method 6. a kind of counterreconnaissance towards depth pedestrian weight identifying system as claimed in claim 2 is escaped, feature It is: the value of noise is transformed into printer color value range in the step 4) and is printed.
- The attack method 7. a kind of counterreconnaissance towards depth pedestrian weight identifying system as claimed in claim 2 is escaped, feature It is: random image degenrate function is added in the step 4)Lose noise with high robust to information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910473189.9A CN110428023B (en) | 2019-05-31 | 2019-05-31 | Anti-reconnaissance escape attack method for deep pedestrian re-identification system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910473189.9A CN110428023B (en) | 2019-05-31 | 2019-05-31 | Anti-reconnaissance escape attack method for deep pedestrian re-identification system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110428023A true CN110428023A (en) | 2019-11-08 |
| CN110428023B CN110428023B (en) | 2021-09-14 |
Family
ID=68408454
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910473189.9A Active CN110428023B (en) | 2019-05-31 | 2019-05-31 | Anti-reconnaissance escape attack method for deep pedestrian re-identification system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110428023B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778704A (en) * | 2017-01-23 | 2017-05-31 | 安徽理工大学 | A kind of recognition of face matching process and semi-automatic face matching system |
| CN108133192A (en) * | 2017-12-26 | 2018-06-08 | 武汉大学 | A kind of pedestrian based on Gauss-Laplace distribution statistics identifies again |
| US20180204093A1 (en) * | 2017-01-19 | 2018-07-19 | Cisco Technology, Inc. | Clustering-based person re-identification |
| US20180374233A1 (en) * | 2017-06-27 | 2018-12-27 | Qualcomm Incorporated | Using object re-identification in video surveillance |
| CN109522793A (en) * | 2018-10-10 | 2019-03-26 | 华南理工大学 | More people's unusual checkings and recognition methods based on machine vision |
| CN109635634A (en) * | 2018-10-29 | 2019-04-16 | 西北大学 | A kind of pedestrian based on stochastic linear interpolation identifies data enhancement methods again |
-
2019
- 2019-05-31 CN CN201910473189.9A patent/CN110428023B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180204093A1 (en) * | 2017-01-19 | 2018-07-19 | Cisco Technology, Inc. | Clustering-based person re-identification |
| CN106778704A (en) * | 2017-01-23 | 2017-05-31 | 安徽理工大学 | A kind of recognition of face matching process and semi-automatic face matching system |
| US20180374233A1 (en) * | 2017-06-27 | 2018-12-27 | Qualcomm Incorporated | Using object re-identification in video surveillance |
| CN108133192A (en) * | 2017-12-26 | 2018-06-08 | 武汉大学 | A kind of pedestrian based on Gauss-Laplace distribution statistics identifies again |
| CN109522793A (en) * | 2018-10-10 | 2019-03-26 | 华南理工大学 | More people's unusual checkings and recognition methods based on machine vision |
| CN109635634A (en) * | 2018-10-29 | 2019-04-16 | 西北大学 | A kind of pedestrian based on stochastic linear interpolation identifies data enhancement methods again |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110428023B (en) | 2021-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108549940B (en) | Intelligent defense algorithm recommendation method and system based on multiple counterexample attacks | |
| Li et al. | Adversarial open-world person re-identification | |
| CN104268586B (en) | A kind of various visual angles action identification method | |
| CN110472519A (en) | A kind of human face in-vivo detection method based on multi-model | |
| JP5127067B2 (en) | Image search apparatus and image search method | |
| CN108074224B (en) | Method and device for monitoring terrestrial mammals and birds | |
| Fang et al. | Learnable multi-level frequency decomposition and hierarchical attention mechanism for generalized face presentation attack detection | |
| CN108596041A (en) | A kind of human face in-vivo detection method based on video | |
| CN108446690B (en) | Human face in-vivo detection method based on multi-view dynamic features | |
| Xue et al. | Robust backdoor attacks against deep neural networks in real physical world | |
| Li et al. | DeepBlur: A simple and effective method for natural image obfuscation | |
| Housam et al. | Face spoofing detection based on improved local graph structure | |
| Liang et al. | We can always catch you: Detecting adversarial patched objects with or without signature | |
| CN110263674A (en) | A kind of counterreconnaissance camouflage " contact clothing " generation method towards depth pedestrian weight identifying system | |
| CN112700568B (en) | Identity authentication method, equipment and computer readable storage medium | |
| CN113489744A (en) | Internet of things attack pattern recognition method based on hoxon multivariate process modeling | |
| CN110428023A (en) | A kind of counterreconnaissance escape attack method towards depth pedestrian weight identifying system | |
| Mi et al. | Ariba: Towards accurate and robust identification of backdoor attacks in federated learning | |
| Liang et al. | Poisoned forgery face: Towards backdoor attacks on face forgery detection | |
| CN113743231B (en) | Video target detection avoidance system and method | |
| CN111104982B (en) | Label-independent cross-task confrontation sample generation method | |
| Liu et al. | Enhanced attacks on defensively distilled deep neural networks | |
| CN114638356A (en) | Static weight guided deep neural network back door detection method and system | |
| CN113902947A (en) | Method for constructing anti-network of natural image and generating infrared image of empty target | |
| Wu et al. | A Review of Camouflaged Target Detection Research |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |