CN111783982A - Attack sample acquisition method, device, equipment and medium - Google Patents

Attack sample acquisition method, device, equipment and medium Download PDF

Info

Publication number
CN111783982A
CN111783982A CN202010610570.8A CN202010610570A CN111783982A CN 111783982 A CN111783982 A CN 111783982A CN 202010610570 A CN202010610570 A CN 202010610570A CN 111783982 A CN111783982 A CN 111783982A
Authority
CN
China
Prior art keywords
data
attack
training data
iteration
initial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010610570.8A
Other languages
Chinese (zh)
Inventor
刘彦宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An International Smart City Technology Co Ltd
Original Assignee
Ping An International Smart City Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An International Smart City Technology Co Ltd filed Critical Ping An International Smart City Technology Co Ltd
Priority to CN202010610570.8A priority Critical patent/CN111783982A/en
Publication of CN111783982A publication Critical patent/CN111783982A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Mathematical Physics (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to a data processing technology, and discloses an attack sample acquisition method, which comprises the following steps: acquiring a classification model, training data of the classification model and a data label corresponding to the training data; generating disturbance data corresponding to the training data by using an attack algorithm; predicting the disturbance data by using a classification model to obtain a prediction label; when the predicted label is inconsistent with the data label corresponding to the training data, determining the disturbance data as an initial attack sample; and performing iteration calculation on the initial attack samples for preset times by using a gradient descent algorithm, calculating the distance values between all initial update attack samples and training data generated by iteration, and acquiring the initial update attack samples corresponding to the minimum distance values as standard attack samples. In addition, the invention also relates to a block chain technology, and the training data can be stored in the block chain nodes. The method and the device can improve the quality of the acquired attack data.

Description

Attack sample acquisition method, device, equipment and medium
Technical Field
The present invention relates to the field of big data processing technologies, and in particular, to a method and an apparatus for acquiring an attack sample, an electronic device, and a computer-readable storage medium.
Background
With the advent of deep neural networks, intelligent recognition technology has been developed rapidly, however, deep neural networks are not high in performance of resisting attacks. For example, in the process of image classification, a deep neural network with an image classification function changes of tiny pixels in an image to cause a difference of image classification results.
At present, most methods for improving the aggressiveness of the deep neural network add attack data in the process of deep neural network training, so that the robustness and the accuracy of the deep neural network are improved. However, if the quality of the attack data is not high, the purpose of improving the robustness and accuracy of the deep neural network cannot be achieved. Therefore, how to acquire high-quality attack data becomes a problem to be solved urgently.
Disclosure of Invention
The invention provides a method and a device for acquiring an attack sample, electronic equipment and a computer readable storage medium, and mainly aims to provide a method for improving the quality of acquired attack data.
In order to achieve the above object, the present invention provides a method for obtaining an attack sample, including:
obtaining a classification model, obtaining training data of the classification model and a data label corresponding to the training data;
generating disturbance data corresponding to the training data by using an attack algorithm;
predicting the disturbance data by using the classification model to obtain a prediction label;
when the predicted label is inconsistent with the data label corresponding to the training data, determining the disturbance data as an initial attack sample;
and performing iteration calculation on the initial attack samples for preset times by using a gradient descent algorithm, calculating the distance values between all initial update attack samples generated by iteration and the training data, and acquiring the initial update attack sample corresponding to the minimum distance value as a standard attack sample.
Optionally, the generating, by using an attack algorithm, disturbance data corresponding to the training data includes:
and adding disturbance factors into the training data by using an attack algorithm to obtain the disturbance data.
Optionally, the training data is a training image, and the attack algorithm is:
Trans=(R+xR)+(G+xG)+(B+xB)
where, Trans is disturbance data, xR、xG、xBThree components of any pixel point in the training image,RGBand the disturbance factors are three components of any pixel point in the disturbance factors, and the disturbance factors are images with the same size as the training images.
Optionally, the performing, by using a gradient descent algorithm, a preset number of iterative computations on the initial attack sample includes:
setting iteration parameters, wherein the iteration parameters comprise but are not limited to iteration times, a learning rate, a norm updating factor and a norm of a disturbed image;
initializing iteration parameters, fixing the weight parameters of the classification model, and solving the gradient of a loss function in the classification model;
updating the initial attack samples by using the gradient to obtain a plurality of initial update attack samples;
projecting the initial attack samples to a sphere of a norm sphere with a preset radius;
cutting the norm on the norm sphere to a preset pixel interval;
and generating an initial attack sample again by using the cut norm, and inputting the initial attack sample into the classification model for judgment until the number of times of iteration reaches the preset number of iterations.
Optionally, the calculating the distance value between all initial update attack samples generated by the iteration and the training data includes:
calculating the distance values of all the initially updated attack samples generated by iteration and the training data by using the following distance algorithm:
Figure BDA0002561999370000021
and L (X, Y) is the distance value, X is the training data, Y is a data label corresponding to the training data, and f (X +) is a prediction label generated by the initial update attack sample.
Optionally, after performing iterative computation on the initial attack sample by using a gradient descent algorithm for a preset number of times, the method further includes:
storing an iteration result generated after each iteration to a local end where a backup database is located;
and mirror image copying is carried out on the iteration result generated after each iteration to obtain a mirror image iteration result, and the mirror image iteration result is stored to a different ground end where a server of the backup database is located.
Optionally, the acquiring training data of the classification model includes:
and acquiring the training data from the block chain for storing the training data by using a pessimistic lock mode.
In order to solve the above problem, the present invention further provides an attack sample acquiring apparatus, including:
the data acquisition module is used for acquiring a classification model, and acquiring training data of the classification model and a data label corresponding to the training data;
the disturbance data generation module is used for generating disturbance data corresponding to the training data by using an attack algorithm;
the label prediction module is used for predicting the disturbance data by using the classification model to obtain a prediction label;
an initial attack sample generation module, configured to determine that the disturbance data is an initial attack sample when the predicted tag is inconsistent with a data tag corresponding to the training data;
and the standard attack sample generation module is used for performing iteration calculation on the initial attack sample for preset times by using a gradient descent algorithm, calculating the distance values between all initial update attack samples generated by iteration and the training data, and acquiring the initial update attack sample corresponding to the minimum distance value as the standard attack sample.
In order to solve the above problem, the present invention also provides an electronic device, including:
a memory storing at least one instruction; and
and the processor executes the instructions stored in the memory to realize the method for acquiring the attack sample.
In order to solve the above problem, the present invention further provides a computer-readable storage medium including a storage data area and a storage program area, the storage data area storing created data, the storage program area storing a computer program; wherein the computer program, when executed by a processor, implements the method for obtaining an attack sample as described in any one of the above.
In the embodiment of the invention, a classification model, training data of the classification model and a data label corresponding to the training data are obtained; generating disturbance data corresponding to the training data by using an attack algorithm; predicting the disturbance data by using the classification model to obtain a prediction label; when the predicted label is inconsistent with the data label corresponding to the training data, determining the disturbance data as an initial attack sample; and performing iteration calculation on the initial attack samples for preset times by using a gradient descent algorithm, calculating the distance values between all initial update attack samples generated by iteration and the training data, and acquiring the initial update attack sample corresponding to the minimum distance value as a standard attack sample. By generating the disturbance data, the disturbance data is determined to be an initial attack sample according to conditions, so that the number of attack samples is increased, accidental errors caused by small number of attack samples are reduced, and the quality of the obtained standard attack sample is improved; the initial attack sample is subjected to iterative computation, the distance value between the initial attack sample and training data generated by iteration is computed, and the initial attack sample is screened based on the distance value, so that the standard attack sample with better reliability can be screened out, and the quality of the obtained standard attack sample is improved. Therefore, the method, the device, the equipment and the medium for acquiring the attack sample can improve the quality of acquiring the attack data.
Drawings
Fig. 1 is a schematic flowchart of a method for acquiring an attack sample according to an embodiment of the present invention;
fig. 2 is a schematic block diagram of an attack sample acquiring apparatus according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an internal structure of an electronic device implementing a method for acquiring an attack sample according to an embodiment of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The execution subject of the method for obtaining the attack sample provided by the embodiment of the present application includes, but is not limited to, at least one of electronic devices that can be configured to execute the method provided by the embodiment of the present application, such as a server and a terminal. In other words, the method for obtaining the attack sample may be performed by software or hardware installed in the terminal device or the server device, and the software may be a blockchain platform. The server includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
The invention provides a method for acquiring an attack sample. Fig. 1 is a schematic flow chart of a method for acquiring an attack sample according to an embodiment of the present invention. The method may be performed by an apparatus, which may be implemented by software and/or hardware.
In this embodiment, the method for acquiring an attack sample includes:
s1, obtaining a classification model, obtaining training data of the classification model and a data label corresponding to the training data.
In the embodiment of the present invention, the classification model includes, but is not limited to, an image classification model and a data classification model. The training data of the classification model is a data set used for training the classification model, and the data set comprises training data and data labels corresponding to the training data.
According to the embodiment of the invention, the training data can be acquired from the block chain for storing the training data in a pessimistic lock mode, and a large amount of training data can be acquired at one time by using the high throughput of the block chain, so that the efficiency of acquiring the training data is improved.
The pessimistic locking mode means that when the training data is acquired each time, other programs may modify the content in the training data, and therefore the training data is locked each time the training data is acquired, so that the other programs cannot modify the content in the training data, and the accuracy of the content in the acquired training data is ensured.
In this embodiment, the number of the training data is one or more, and when there are a plurality of training data, a plurality of data labels corresponding to the plurality of training data are obtained, that is, a data label corresponding to each training data is obtained.
In this embodiment, the data label is a result identifier for classifying the training data.
In an optional embodiment of the present invention, the data tag is pre-stored.
Preferably, in another optional embodiment of the present invention, after the classification model and the training data are obtained, the training data are input into the classification model, and a data label corresponding to the training data is obtained. For example, the training image x is input to the image classification model, and the image label f (x) corresponding to the training image x is obtained.
In the following embodiments, the present invention will be described by taking, as an example, a case where a classification model is an image classification model and training data is a training image set for training the image classification model.
In the embodiment of the invention, the image classification model is a convolutional neural network with an image classification function, and the convolutional neural network comprises a convolutional layer, a pooling layer and a full-link layer. Specifically, the method comprises the following steps:
the convolution layer is used for carrying out convolution processing on the image, firstly locally perceiving each feature in the image, and then carrying out comprehensive operation on the local feature at a higher level so as to obtain global information;
the pooling layer is used for pooling the images after convolution and is mainly used for feature dimension reduction, training the quantity of data and parameters, reducing overfitting and improving the fault tolerance of the model;
and the full connection layer is used for final linear classification due to the fact that huge parameters of the full connection layer are easy to be over-fitted and do not accord with the human local perception principle of the image, and the method is equivalent to performing linear combination on the extracted high-level feature vector and outputting the final image classification result.
And S2, generating disturbance data corresponding to the training data by using an attack algorithm.
In this embodiment of the present invention, the generating disturbance data corresponding to the training data by using an attack algorithm includes:
and adding disturbance factors into the training data by using an attack algorithm to obtain the disturbance data.
In the embodiment of the invention, if the number of the training data is multiple, the preset attack algorithm can be utilized to add the disturbance factors into the multiple training data respectively, so as to obtain multiple disturbance data. For example, a disturbance factor is added to a training image x by using a preset attack algorithm to obtain a disturbance image (i.e., disturbance data), wherein the disturbance factor is an image with the same size as the training image x.
In detail, when the training data is a training image, the attack algorithm is:
Trans=(R+xR)+(G+xG)+(B+xB)
where, Trans is disturbance data, xR、xG、xBThree components of any pixel point in the training image,RGBand the disturbance factors are three components of any pixel point in the disturbance factors, and the disturbance factors are images with the same size as the training images.
And when the pixel values of all the pixels in the multiple training images are converted according to the attack algorithm, the multiple disturbance images can be obtained.
And S3, predicting the disturbance data by using the classification model to obtain a prediction label.
After the disturbance data are obtained through the attack algorithm, the disturbance data are input into the classification model, the disturbance data are predicted through the classification model, and a prediction result of the disturbance data, namely a prediction label, is obtained.
For example, inputting the disturbance image x + into the image classification model, the prediction label f (x +) of the disturbance image can be obtained.
And S4, when the prediction label is inconsistent with the data label corresponding to the training data, determining the disturbance data as an initial attack sample.
In this embodiment, whether the prediction tag is consistent with the training data is determined by matching the prediction tag with the data tag corresponding to the training data.
For example, whether the prediction label f (x +) of the disturbance image is the same as the label f (x) corresponding to the training image is judged; if the two images are the same, determining that the disturbed image is not the initial attack sample; and if not, determining the disturbed image as an initial attack sample.
Further, if the disturbed image is not the initial attack sample, the disturbed image corresponding to the training image may be regenerated.
And S5, performing iteration calculation on the initial attack samples for a preset number of times by using a gradient descent algorithm, calculating the distance values between all initial update attack samples generated by the iteration and the training data, and acquiring the initial update attack samples corresponding to the minimum distance values as standard attack samples.
In the embodiment of the present invention, when the training data is a training image, the performing iterative computation on the initial attack sample by using a gradient descent algorithm for a preset number of times includes:
(1) setting iteration parameters including iteration number K, learning rate α and norm update factor gamma, where the iteration index K corresponds to the disturbed image generated by the kth iterationkNorm of perturbation image ∈k
The iteration times K are used for determining the upper limit of the iteration training times and preventing the classification model from carrying out excessive unnecessary training times, the learning rate α is a parameter carried by the classification model and used for representing the parameter updating efficiency of the classification model, the norm updating factor gamma represents the updating degree of each iteration on the initial attack sample, and the iteration index K is used for marking the disturbance factor image generated by the kth iterationkNorm ∈ of the disturbance imagekRepresenting distance values of the training image and the initial attack sample measured using euclidean distance metrics based on the L2 norm.
(2) Initializing iteration parameters:0←0,∈0and (3) either or both of the step of going to step of either or both of (1) and (k) to step of going to step of either or both of (1) and (1), fixing the weight parameter theta carried by the classification model, and applying the fixed weight parameter theta to the loss function J (x +) in the classification modelk-1Y, θ) ofk-1(i.e., initial attack samples) gradient g;
(3) utilizing the gradient value g to perform attack on the initial attack samplek-1Updating to obtain initial update attack samplekk-1+ g, wherein the step of generating the update attack samples is repeated for a plurality of times to generate a plurality of initial update attack samples;
it is emphasized that the embodiment of the present invention utilizes the gradient value g to match the initial attack samplek-1When updating, if f (x +)k-1) Not equal to y, will initially attack the samplek-1Moving ∈ in a direction to decrease normk=(1-γ)∈k-1(ii) a If f (x +k-1) Initial attack sample yk-1Moving ∈ in a direction to increase normk=(1+γ)∈k-1
(4) Projecting the plurality of initial attack samples to a radius of ∈kOn the sphere surface of the norm sphere;
(5) clipping the norm on the norm sphere to [0, M ] (M is usually 255 and represents a normal pixel range) within a preset pixel interval;
(6) and generating an initial attack sample again by using the cut norm, and inputting the initial attack sample into the classification model for judgment until the iteration frequency K reaches the preset iteration frequency K.
Specifically, the embodiment of the invention calculates the distance value between the initial update attack sample and the training data generated in the iterative process by using a preset distance algorithm, and determines the initial attack sample corresponding to the minimum distance value as the standard attack sample.
Preferably, the calculating the distance value between all initial update attack samples generated by iteration and the training data comprises:
calculating the distance values of all the initially updated attack samples generated by iteration and the training data by using the following distance algorithm:
Figure BDA0002561999370000081
and L (X, Y) is the distance value, X is the training data, Y is a data label corresponding to the training data, and f (X +) is a prediction label generated by the initial update attack sample.
By using the method for calculating the distance value, the similarity degree of the initial attack sample and the training image can be displayed more intuitively, and the method is favorable for selecting and obtaining a standard attack sample according to the calculated distance value.
Further, the embodiment of the invention further comprises the step of storing the iteration result of each step after performing iteration calculation on the initial attack sample for a preset number of times by using a gradient descent algorithm.
Specifically, after performing iteration on the initial attack sample by using a gradient descent algorithm for a preset number of times, the method further includes:
storing an iteration result generated after each iteration to a local end where a backup database is located;
and mirror image replication is carried out on the iteration result generated after each iteration to obtain a mirror image iteration result, and the mirror image iteration result is stored to a different ground end where a server of the backup database is located.
In this embodiment, the iteration result generated after each iteration includes an initial update attack sample.
In this embodiment, the remote end where the server of the backup database is located refers to a local server of the backup database; the remote end where the server for backing up the database is located refers to a remote server for backing up the database.
Specifically, the iteration result is stored in a local end where the backup database is located, the iteration result is copied to obtain a mirror image iteration result, a remote server of the backup database is found through an addressing method, and the mirror image iteration result is stored in the remote server of the backup database, namely a different end where the server of the backup database is located.
When any step in the iteration process is abnormal, such as jamming, downtime and the like, the iteration result of the previous step can be directly called from the local end and/or the remote end to continue execution, and data loss is avoided.
In this embodiment, since some anomalies may occur in the process of acquiring the standard attack sample, in order to reduce the situations that re-execution is required when the anomalies occur, data loss can be avoided by storing the iteration result, and the stability of acquiring the attack sample is improved.
In the embodiment of the invention, a classification model, training data of the classification model and a data label corresponding to the training data are obtained; generating disturbance data corresponding to the training data by using an attack algorithm; predicting the disturbance data by using the classification model to obtain a prediction label; when the predicted label is inconsistent with the data label corresponding to the training data, determining the disturbance data as an initial attack sample; and performing iteration calculation on the initial attack samples for preset times by using a gradient descent algorithm, calculating the distance values between all initial update attack samples generated by iteration and the training data, and acquiring the initial update attack sample corresponding to the minimum distance value as a standard attack sample. By generating the disturbance data, the disturbance data is determined to be an initial attack sample according to conditions, so that the number of attack samples is increased, accidental errors caused by small number of attack samples are reduced, and the quality of the obtained standard attack sample is improved; the initial attack sample is subjected to iterative computation, the distance value between the initial attack sample and training data generated by iteration is computed, and the initial attack sample is screened based on the distance value, so that the standard attack sample with better reliability can be screened out, and the quality of the obtained standard attack sample is improved. Therefore, the method for acquiring the attack sample can improve the quality of the acquired attack data.
Fig. 2 is a schematic block diagram of an attack sample acquisition apparatus according to the present invention.
The attack sample acquisition device 100 of the present invention may be installed in an electronic device. According to the implemented functions, the device for acquiring the attack sample can comprise a data acquiring module 101, a disturbance data generating module 102, a label predicting module 103, an initial attack sample generating module 104 and a standard attack sample generating module 105. A module according to the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the data acquisition module 101 is configured to acquire a classification model, and acquire training data of the classification model and a data label corresponding to the training data;
the disturbance data generation module 102 is configured to generate disturbance data corresponding to the training data by using an attack algorithm;
the label prediction module 103 is configured to predict the disturbance data by using the classification model to obtain a prediction label;
the initial attack sample generation module 104 is configured to determine that the disturbance data is an initial attack sample when the predicted tag is inconsistent with the data tag corresponding to the training data;
the standard attack sample generation module 105 is configured to perform iterative computation on the initial attack sample for a preset number of times by using a gradient descent algorithm, calculate distance values between all initial update attack samples generated by the iteration and the training data, and obtain an initial update attack sample corresponding to a minimum distance value as a standard attack sample.
In detail, the specific implementation of each module of the device for acquiring the attack sample is as follows:
the data obtaining module 101 is configured to obtain a classification model, training data of the classification model, and a data label corresponding to the training data.
In the embodiment of the present invention, the classification model includes, but is not limited to, an image classification model and a data classification model. The training data of the classification model is a data set used for training the classification model, and the data set comprises training data and data labels corresponding to the training data.
The data obtaining module 101 may obtain the training data from the blockchain for storing the training data in a pessimistic lock manner, and may obtain a large amount of training data at one time by using the high throughput of the blockchain, so as to improve the efficiency of obtaining the training data.
The pessimistic locking mode means that when the training data is acquired each time, other programs may modify the content in the training data, and therefore the training data is locked each time the training data is acquired, so that the other programs cannot modify the content in the training data, and the accuracy of the content in the acquired training data is ensured.
In this embodiment, the number of the training data is one or more, and when there are a plurality of training data, a plurality of data labels corresponding to the plurality of training data are obtained, that is, a data label corresponding to each training data is obtained.
In this embodiment, the data label is a result identifier for classifying the training data.
In an optional embodiment of the present invention, the data tag is pre-stored.
Preferably, after the data obtaining module 101 obtains the classification model and the training data, the training data is input into the classification model, so as to obtain a data label corresponding to the training data. For example, the training image x is input to the image classification model, and the image label f (x) corresponding to the training image x is obtained.
In the following embodiments, the present invention will be described by taking, as an example, a case where a classification model is an image classification model and training data is a training image set for training the image classification model.
In the embodiment of the invention, the image classification model is a convolutional neural network with an image classification function, and the convolutional neural network comprises a convolutional layer, a pooling layer and a full-link layer. Specifically, the method comprises the following steps:
the convolution layer is used for carrying out convolution processing on the image, firstly locally perceiving each feature in the image, and then carrying out comprehensive operation on the local feature at a higher level so as to obtain global information;
the pooling layer is used for pooling the images after convolution and is mainly used for feature dimension reduction, training the quantity of data and parameters, reducing overfitting and improving the fault tolerance of the model;
and the full connection layer is used for final linear classification due to the fact that huge parameters of the full connection layer are easy to be over-fitted and do not accord with the human local perception principle of the image, and the method is equivalent to performing linear combination on the extracted high-level feature vector and outputting the final image classification result.
The disturbance data generation module 102 is configured to generate disturbance data corresponding to the training data by using an attack algorithm.
In this embodiment of the present invention, the disturbance data generation module 102 is specifically configured to
And adding disturbance factors into the training data by using an attack algorithm to obtain the disturbance data.
In the embodiment of the invention, if the number of the training data is multiple, the preset attack algorithm can be utilized to add the disturbance factors into the multiple training data respectively, so as to obtain multiple disturbance data. For example, a disturbance factor is added to a training image x by using a preset attack algorithm to obtain a disturbance image (i.e., disturbance data), wherein the disturbance factor is an image with the same size as the training image x.
In detail, when the training data is a training image, the attack algorithm is:
Trans=(R+xR)+(G+xG)+(B+xB)
where, Trans is disturbance data, xR、xG、xBThree components of any pixel point in the training image,RGBand the disturbance factors are three components of any pixel point in the disturbance factors, and the disturbance factors are images with the same size as the training images.
And when the pixel values of all the pixels in the multiple training images are converted according to the attack algorithm, the multiple disturbance images can be obtained.
The label prediction module 103 is configured to predict the disturbance data by using the classification model to obtain a prediction label.
After obtaining the disturbance data through the attack algorithm, the label prediction module 103 inputs the disturbance data into the classification model, and predicts the disturbance data through the classification model to obtain a prediction result of the disturbance data, that is, a prediction label.
For example, inputting the disturbance image x + into the image classification model, the prediction label f (x +) of the disturbance image can be obtained.
The initial attack sample generation module 104 is configured to determine that the perturbation data is an initial attack sample when the predicted tag is inconsistent with the data tag corresponding to the training data.
In this embodiment, the initial attack sample generation module 104 matches the prediction tag with the data tag corresponding to the training data, so as to determine whether the prediction tag is consistent with the training data.
For example, whether the prediction label f (x +) of the disturbance image is the same as the label f (x) corresponding to the training image is judged; if the two images are the same, determining that the disturbed image is not the initial attack sample; and if not, determining the disturbed image as an initial attack sample.
Further, if the disturbed image is not the initial attack sample, the disturbed image corresponding to the training image may be regenerated.
The standard attack sample generation module 105 is configured to perform iterative computation on the initial attack sample for a preset number of times by using a gradient descent algorithm, calculate distance values between all initial update attack samples generated by the iteration and the training data, and obtain an initial update attack sample corresponding to a minimum distance value as a standard attack sample.
In the embodiment of the present invention, when the training data is a training image, the standard attack sample generation module 105 performs iterative computation on the initial attack sample for a preset number of times by using a gradient descent algorithm, where the iterative computation includes:
(1) setting iteration parameters including iteration number K, learning rate α and norm update factor gamma, where the iteration index K corresponds to the disturbed image generated by the kth iterationkNorm of perturbation image ∈k
The iteration times K are used for determining the upper limit of the iteration training times and preventing the classification model from carrying out excessive unnecessary training times, the learning rate α is a parameter carried by the classification model and used for representing the parameter updating efficiency of the classification model, the norm updating factor gamma represents the updating degree of each iteration on the initial attack sample, and the iteration index K is used for marking the disturbance factor image generated by the kth iterationkNorm ∈ of the disturbance imagekRepresenting distance values of the training image and the initial attack sample measured using euclidean distance metrics based on the L2 norm.
(2) Initializing iteration parameters:0←0,∈0and (3) either or both of the step of going to step of either or both of (1) and (k) to step of going to step of either or both of (1) and (1), fixing the weight parameter theta carried by the classification model, and applying the fixed weight parameter theta to the loss function J (x +) in the classification modelk-1Y, θ) ofk-1(i.e., initial attack samples) gradient g;
(3) utilizing the gradient value g to perform attack on the initial attack samplek-1Updating to obtain initial update attack samplekk-1+ g, wherein the step of generating the update attack samples is repeated for a plurality of times to generate a plurality of initial update attack samples;
it is emphasized that embodiments of the present invention are in useThe gradient value g is used for the initial attack samplek-1When updating, if f (x +)k-1) Not equal to y, will initially attack the samplek-1Moving ∈ in a direction to decrease normk=(1-γ)∈k-1(ii) a If f (x +k-1) Initial attack sample yk-1Moving ∈ in a direction to increase normk=(1+γ)∈k-1
(4) Projecting the plurality of initial attack samples to a radius of ∈kOn the sphere surface of the norm sphere;
(5) clipping the norm on the norm sphere to [0, M ] (M is usually 255 and represents a normal pixel range) within a preset pixel interval;
(6) and generating an initial attack sample again by using the cut norm, and inputting the initial attack sample into the classification model for judgment until the iteration frequency K reaches the preset iteration frequency K.
Specifically, the embodiment of the invention calculates the distance value between the initial update attack sample and the training data generated in the iterative process by using a preset distance algorithm, and determines the initial attack sample corresponding to the minimum distance value as the standard attack sample.
Specifically, the embodiment of the invention calculates the distance value between the initial update attack sample and the training data generated in the iterative process by using a preset distance algorithm, and determines the initial attack sample corresponding to the minimum distance value as the standard attack sample.
Preferably, the calculating the distance value between all initial update attack samples generated by iteration and the training data comprises:
calculating the distance values of all the initially updated attack samples generated by iteration and the training data by using the following distance algorithm:
Figure BDA0002561999370000131
and L (X, Y) is the distance value, X is the training data, Y is a data label corresponding to the training data, and f (X +) is a prediction label generated by the initial update attack sample.
By utilizing the distance algorithm, the similarity degree of the initial attack sample and the training image can be displayed more intuitively, and the standard attack sample can be selected and obtained according to the calculated distance value.
Further, the device for obtaining the attack sample further includes a backup module, configured to:
storing an iteration result generated after each iteration to a local end where a backup database is located;
and mirror image replication is carried out on the iteration result generated after each iteration to obtain a mirror image iteration result, and the mirror image iteration result is stored to a different ground end where a server of the backup database is located.
In this embodiment, the iteration result generated after each iteration includes an initial update attack sample.
In this embodiment, the remote end where the server of the backup database is located refers to a local server of the backup database; the remote end where the server for backing up the database is located refers to a remote server for backing up the database.
Specifically, the iteration result is stored in a local end where the backup database is located, the iteration result is copied to obtain a mirror image iteration result, a remote server of the backup database is found through an addressing method, and the mirror image iteration result is stored in the remote server of the backup database, namely a different end where the server of the backup database is located.
When any step in the iteration process is abnormal, such as jamming, downtime and the like, the iteration result of the previous step can be directly called from the local end and/or the remote end to continue execution, and data loss is avoided.
In this embodiment, since some anomalies may occur in the process of acquiring the standard attack sample, in order to reduce the situations that re-execution is required when the anomalies occur, data loss can be avoided by storing the iteration result, and the stability of acquiring the attack sample is improved.
In the embodiment of the invention, a classification model, training data of the classification model and a data label corresponding to the training data are obtained; generating disturbance data corresponding to the training data by using an attack algorithm; predicting the disturbance data by using the classification model to obtain a prediction label; when the predicted label is inconsistent with the data label corresponding to the training data, determining the disturbance data as an initial attack sample; and performing iteration calculation on the initial attack samples for preset times by using a gradient descent algorithm, calculating the distance values between all initial update attack samples generated by iteration and the training data, and acquiring the initial update attack sample corresponding to the minimum distance value as a standard attack sample. By generating the disturbance data, the disturbance data is determined to be an initial attack sample according to conditions, so that the number of attack samples is increased, accidental errors caused by small number of attack samples are reduced, and the quality of the obtained standard attack sample is improved; the initial attack sample is subjected to iterative computation, the distance value between the initial attack sample and training data generated by iteration is computed, and the initial attack sample is screened based on the distance value, so that the standard attack sample with better reliability can be screened out, and the quality of the obtained standard attack sample is improved. Therefore, the device for acquiring the attack sample can improve the quality of the acquired attack data.
Fig. 3 is a schematic structural diagram of an electronic device implementing the method for acquiring an attack sample according to the present invention.
The electronic device 1 may comprise a processor 10, a memory 11 and a bus, and may further comprise a computer program, such as an attack sample acquiring program 12, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as codes of the acquisition program 12 of the attack sample, but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the whole electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 1 by running or executing programs or modules (for example, executing a program for acquiring an attack sample, and the like) stored in the memory 11 and calling data stored in the memory 11.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
Fig. 3 shows only an electronic device with components, and it will be understood by those skilled in the art that the structure shown in fig. 3 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
For example, although not shown, the electronic device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so as to implement functions of charge management, discharge management, power consumption management, and the like through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used for establishing a communication connection between the electronic device 1 and other electronic devices.
Optionally, the electronic device 1 may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The program 12 for acquiring attack samples stored in the memory 11 of the electronic device 1 is a combination of instructions that, when executed in the processor 10, can implement:
obtaining a classification model, and obtaining training data of the classification model and a data label corresponding to the training data;
generating disturbance data corresponding to the training data by using an attack algorithm;
predicting the disturbance data by using the classification model to obtain a prediction label;
when the predicted label is inconsistent with the data label corresponding to the training data, determining the disturbance data as an initial attack sample;
and performing iteration calculation on the initial attack samples for preset times by using a gradient descent algorithm, calculating the distance values between all initial update attack samples generated by iteration and the training data, and acquiring the initial update attack sample corresponding to the minimum distance value as a standard attack sample.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
Further, the computer usable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any accompanying claims should not be construed as limiting the claim concerned.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (10)

1. A method for obtaining an attack sample, the method comprising:
obtaining a classification model, obtaining training data of the classification model and a data label corresponding to the training data;
generating disturbance data corresponding to the training data by using an attack algorithm;
predicting the disturbance data by using the classification model to obtain a prediction label;
when the predicted label is inconsistent with the data label corresponding to the training data, determining the disturbance data as an initial attack sample;
and performing iteration calculation on the initial attack samples for preset times by using a gradient descent algorithm, calculating the distance values between all initial update attack samples generated by iteration and the training data, and acquiring the initial update attack sample corresponding to the minimum distance value as a standard attack sample.
2. The method for acquiring the attack sample according to claim 1, wherein the generating the perturbation data corresponding to the training data by using the attack algorithm includes:
and adding disturbance factors into the training data by using an attack algorithm to obtain the disturbance data.
3. The method for acquiring the attack sample according to claim 2, wherein the training data is a training image, and the attack algorithm is:
Trans=(R+R)+(G+G)+(B+B)
where, Trans is disturbance data, xR、xG、xBThree components of any pixel point in the training image,RGBis the three components of any pixel point in the disturbance factorThe motion factor is an image of the same size as the training image.
4. The method for acquiring the attack sample according to claim 1, wherein the performing the iterative computation on the initial attack sample by using the gradient descent algorithm for the preset number of times includes:
setting iteration parameters, wherein the iteration parameters comprise iteration times;
initializing iteration parameters, fixing the weight parameters of the classification model, and solving the gradient of a loss function in the classification model;
updating the initial attack samples by using the gradient to obtain a plurality of initial update attack samples;
projecting the initial attack samples to a sphere of a norm sphere with a preset radius;
cutting the norm on the norm sphere to a preset pixel interval;
and generating an initial attack sample again by using the cut norm, and inputting the initial attack sample into the classification model for judgment until the number of times of iteration reaches the preset number of iterations.
5. The method for obtaining attack samples according to claim 1, wherein the calculating the distance value between all the initially updated attack samples generated by iteration and the training data comprises:
calculating the distance values of all the initially updated attack samples generated by iteration and the training data by using the following distance algorithm:
Figure FDA0002561999360000021
and L (X, Y) is the distance value, X is the training data, Y is a data label corresponding to the training data, and f (X +) is a prediction label generated by the initial update attack sample.
6. The method for acquiring the attack sample according to any one of claims 1 to 5, wherein after the initial attack sample is subjected to the iterative computation for the preset number of times by using the gradient descent algorithm, the method further comprises:
storing an iteration result generated after each iteration to a local end where a backup database is located;
and mirror image copying is carried out on the iteration result generated after each iteration to obtain a mirror image iteration result, and the mirror image iteration result is stored to a different ground end where a server of the backup database is located.
7. The method for acquiring attack samples according to claim 1, wherein the acquiring training data of the classification model includes:
and acquiring the training data from the block chain for storing the training data by using a pessimistic lock mode.
8. An apparatus for obtaining an attack sample, the apparatus comprising:
the data acquisition module is used for acquiring a classification model, acquiring training data of the classification model and a data label corresponding to the training data;
the disturbance data generation module is used for generating disturbance data corresponding to the training data by using an attack algorithm;
the label prediction module is used for predicting the disturbance data by using the classification model to obtain a prediction label;
an initial attack sample generation module, configured to determine that the disturbance data is an initial attack sample when the predicted tag is inconsistent with a data tag corresponding to the training data;
and the standard attack sample generation module is used for performing iteration calculation on the initial attack sample for preset times by using a gradient descent algorithm, calculating the distance values between all initial update attack samples generated by iteration and the training data, and acquiring the initial update attack sample corresponding to the minimum distance value as the standard attack sample.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of obtaining attack samples according to any one of claims 1 to 7.
10. A computer-readable storage medium comprising a storage data area storing created data and a storage program area storing a computer program; wherein the computer program, when executed by a processor, implements the method of obtaining attack samples according to any one of claims 1 to 7.
CN202010610570.8A 2020-06-30 2020-06-30 Attack sample acquisition method, device, equipment and medium Pending CN111783982A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010610570.8A CN111783982A (en) 2020-06-30 2020-06-30 Attack sample acquisition method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010610570.8A CN111783982A (en) 2020-06-30 2020-06-30 Attack sample acquisition method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN111783982A true CN111783982A (en) 2020-10-16

Family

ID=72760334

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010610570.8A Pending CN111783982A (en) 2020-06-30 2020-06-30 Attack sample acquisition method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN111783982A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112215292A (en) * 2020-10-19 2021-01-12 电子科技大学 Image countermeasure sample generation device and method based on mobility
CN112419820A (en) * 2020-11-04 2021-02-26 武汉大学 Block chain attack and defense virtual simulation experiment teaching system and method
CN112446025A (en) * 2020-11-23 2021-03-05 平安科技(深圳)有限公司 Federal learning defense method and device, electronic equipment and storage medium
CN112836764A (en) * 2021-03-02 2021-05-25 中山大学 General target attack method and device for target classification system
CN112910865A (en) * 2021-01-20 2021-06-04 西安电子科技大学 Inference attack stage maximum likelihood estimation method and system based on factor graph
CN114241268A (en) * 2021-12-21 2022-03-25 支付宝(杭州)信息技术有限公司 Model training method, device and equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107248996A (en) * 2017-06-29 2017-10-13 南京邮电大学 A kind of detection of DNS amplification attacks and filter method
US20170357911A1 (en) * 2014-12-18 2017-12-14 Asml Netherlands B.V. Feature search by machine learning
CN110334742A (en) * 2019-06-10 2019-10-15 浙江大学 A kind of figure confrontation sample generating method by adding dummy node based on intensified learning
CN111027060A (en) * 2019-12-17 2020-04-17 电子科技大学 Knowledge distillation-based neural network black box attack type defense method
CN111209370A (en) * 2019-12-27 2020-05-29 同济大学 Text classification method based on neural network interpretability
CN111340180A (en) * 2020-02-10 2020-06-26 中国人民解放军国防科技大学 Countermeasure sample generation method and device for designated label, electronic equipment and medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170357911A1 (en) * 2014-12-18 2017-12-14 Asml Netherlands B.V. Feature search by machine learning
CN107248996A (en) * 2017-06-29 2017-10-13 南京邮电大学 A kind of detection of DNS amplification attacks and filter method
CN110334742A (en) * 2019-06-10 2019-10-15 浙江大学 A kind of figure confrontation sample generating method by adding dummy node based on intensified learning
CN111027060A (en) * 2019-12-17 2020-04-17 电子科技大学 Knowledge distillation-based neural network black box attack type defense method
CN111209370A (en) * 2019-12-27 2020-05-29 同济大学 Text classification method based on neural network interpretability
CN111340180A (en) * 2020-02-10 2020-06-26 中国人民解放军国防科技大学 Countermeasure sample generation method and device for designated label, electronic equipment and medium

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112215292A (en) * 2020-10-19 2021-01-12 电子科技大学 Image countermeasure sample generation device and method based on mobility
CN112215292B (en) * 2020-10-19 2022-03-29 电子科技大学 Image countermeasure sample generation device and method based on mobility
CN112419820A (en) * 2020-11-04 2021-02-26 武汉大学 Block chain attack and defense virtual simulation experiment teaching system and method
CN112446025A (en) * 2020-11-23 2021-03-05 平安科技(深圳)有限公司 Federal learning defense method and device, electronic equipment and storage medium
CN112910865A (en) * 2021-01-20 2021-06-04 西安电子科技大学 Inference attack stage maximum likelihood estimation method and system based on factor graph
CN112910865B (en) * 2021-01-20 2022-04-05 西安电子科技大学 Inference attack stage maximum likelihood estimation method and system based on factor graph
CN112836764A (en) * 2021-03-02 2021-05-25 中山大学 General target attack method and device for target classification system
CN112836764B (en) * 2021-03-02 2023-07-28 中山大学 Universal target attack method and device for target classification system
CN114241268A (en) * 2021-12-21 2022-03-25 支付宝(杭州)信息技术有限公司 Model training method, device and equipment

Similar Documents

Publication Publication Date Title
CN111783982A (en) Attack sample acquisition method, device, equipment and medium
CN112257774A (en) Target detection method, device, equipment and storage medium based on federal learning
CN111814962A (en) Method and device for acquiring parameters of recognition model, electronic equipment and storage medium
CN112148577A (en) Data anomaly detection method and device, electronic equipment and storage medium
WO2021189827A1 (en) Method and apparatus for recognizing blurred image, and device and computer-readable storage medium
CN112446544A (en) Traffic flow prediction model training method and device, electronic equipment and storage medium
CN113327136B (en) Attribution analysis method, attribution analysis device, electronic equipment and storage medium
CN111768096A (en) Rating method and device based on algorithm model, electronic equipment and storage medium
CN111694844A (en) Enterprise operation data analysis method and device based on configuration algorithm and electronic equipment
CN114491047A (en) Multi-label text classification method and device, electronic equipment and storage medium
CN112579621A (en) Data display method and device, electronic equipment and computer storage medium
CN112465141A (en) Model compression method, model compression device, electronic device and medium
CN112990374B (en) Image classification method, device, electronic equipment and medium
CN111985449A (en) Rescue scene image identification method, device, equipment and computer medium
CN114219023A (en) Data clustering method and device, electronic equipment and readable storage medium
CN112528633A (en) Text error correction method and device, electronic equipment and computer readable storage medium
CN112486957A (en) Database migration detection method, device, equipment and storage medium
CN112269875A (en) Text classification method and device, electronic equipment and storage medium
CN112699142A (en) Cold and hot data processing method and device, electronic equipment and storage medium
CN112101481A (en) Method, device and equipment for screening influence factors of target object and storage medium
CN112948380A (en) Data storage method and device based on big data, electronic equipment and storage medium
CN115049836B (en) Image segmentation method, device, equipment and storage medium
CN111460293A (en) Information pushing method and device and computer readable storage medium
CN113705686B (en) Image classification method, device, electronic equipment and readable storage medium
CN112561500B (en) Salary data generation method, device, equipment and medium based on user data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination