CN110334806A - A kind of confrontation sample generating method based on production confrontation network - Google Patents

A kind of confrontation sample generating method based on production confrontation network Download PDF

Info

Publication number
CN110334806A
CN110334806A CN201910459852.XA CN201910459852A CN110334806A CN 110334806 A CN110334806 A CN 110334806A CN 201910459852 A CN201910459852 A CN 201910459852A CN 110334806 A CN110334806 A CN 110334806A
Authority
CN
China
Prior art keywords
sample
loss function
generator
confrontation
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910459852.XA
Other languages
Chinese (zh)
Inventor
贾西平
陈桂君
方刚
陈道鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Polytechnic Normal University
Original Assignee
Guangdong Polytechnic Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Polytechnic Normal University filed Critical Guangdong Polytechnic Normal University
Priority to CN201910459852.XA priority Critical patent/CN110334806A/en
Publication of CN110334806A publication Critical patent/CN110334806A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Mathematical Physics (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a kind of confrontation sample generating methods based on production confrontation network, including generator G, discriminator D, spatial alternation module ST and target classification network F, generator G generates disturbance, disturbance is added in original sample the sample that creates antagonism, generator G is trained further according to the loss function of discriminator D and target classification network F, trained generator G is finally obtained, it is adaptive to resisting sample to be that different input samples generate using trained generator G.The present invention fights network using production, is embedded in the enhancing module based on spatial alternation, carries out dual training using unsupervised mode, improves the generalization ability and robustness of challenge model, and then enhance the migration and robustness to resisting sample.

Description

A kind of confrontation sample generating method based on production confrontation network
Technical field
The present invention relates to machine learning field, more particularly, to it is a kind of based on production confrontation network to resisting sample Generation method.
Background technique
It is a hot issue of current machine learning areas research to attack resistance.Principle to attack resistance is to pass through confrontation Sample (new samples that addition is obtained by the not noticeable small sample perturbations of meticulously trained human eye into former data sample) is taken advantage of Deep neural network is deceived, its judgement that makes mistake is made.
Most of attack algorithms (such as based on gradient and based on the method for optimization) based on deep neural network are all at present For test process or test data set, and need to carry out whitepack access to the architecture of model and parameter always (such as to obtain Gradient relevant to input is taken just to need to know the weight of target network).But current deep learning system is usually for peace Full reason does not allow to carry out whitepack access to model, only allows to carry out queried access to model, i.e., model is regarded as black box.For The attack of such case is referred to as black box attack, but the success rate of current most of black box attacks is not high, because most of black Box attack method is all based on the transportable property (Transferability) to resisting sample.Transportable property is one to resisting sample A common properties, referring to also has good attack effect to other scopes of a variable to resisting sample according to what finite sample generated.
In the black box attack that can not obtain Destination Network Structure and training dataset, transportable property is most important.How It efficiently generates that transportable property is strong, attack performance is stable to resisting sample, is an extremely significant and extremely challenging problem.
In conclusion although existing research demonstrates existing attack method in the identical structure nerve net of different data training There is certain migration between network and between the different structure neural network of same task training, such as document [1] Goodfellow I J,Shlens J,Szegedy C,et al.Explaining and Harnessing Adversarial Examples [J] .International Conference on Learning Representations, 2015, document [2] Kurakin A,Goodfellow I J,Bengio S,et al.Adversarial examples in the physical World [J] .arXiv:Computer Vision and Pattern Recognition, 2017, document [3] Moosavidezfooli S,Fawzi A,Frossard P,et al.DeepFool:A Simple and Accurate Method to Fool Deep Neural Networks[J].Computer Vision and Pattern Recognition, 2016:2574-2582 and document [4] Xiao C, Li B, Zhu J Y, et al.Generating Adversarial Examples with Adversarial Networks[J].2018;But there are still confrontation sample excessively according to The problems such as relying object module and causing property transportable to resisting sample poor, success attack rate is low, attack efficiency is low.
Summary of the invention
The present invention provides a kind of confrontation sample generating method based on production confrontation network, is embodied as different input samples Adaptive generate has transportable property and robust sex resistance sample.
In order to solve the above technical problems, technical scheme is as follows:
A kind of confrontation sample generating method based on production confrontation network, comprising the following steps:
S1: original sample x is inputted in generator G, the loss function of the generator G output disturbance G (x), generator G is LG, disturbance G (x), which is added in original sample x, to be obtained to resisting sample x '=x+G (x), the target of generator different from general GAN It is to generate disturbance rather than final image, i.e., output image is equal to the output image that input picture adds generator G, pair of generation The details and texture of resisting sample are replicated from input picture, and the details of original image is greatly remained;
S2: by S1 obtain in resisting sample x ' input discriminator D, the discriminator D is distinguished to resisting sample x ' and as former state This x obtains the loss function L of discriminator DD
S3: being input in enhancing module ST resisting sample x ' for what S1 was obtained, and the enhancing module ST is based on spatial alternation, To resisting sample x ' carry out spatial alternation operation, enhancing module ST output, treated to resisting sample x ' by affine transformationst= Tθ(x+G (x)), T in formulaθFor transforming function transformation function;
S4: passing through affine transformation, treated to resisting sample x 'stObject-class model F is inputted, target classification mould is obtained The loss function L of type FF
S5: being L according to the loss function of generator GG, discriminator D loss function LDWith the loss of object-class model F Function LFConstruct objective function LGANFor training challenge model GAN, trained generator G is obtained;
S6: it is adaptive to resisting sample to be that different input samples generate using trained generator G.
Preferably, the loss function of generator G uses L2 norm to lose as distance metric, is specifically expressed as follows:
LG=max (0, | | G (x) | |2-c)
Wherein, c is customized constant, it allows a user to specify the disturbance quantity of addition, and it is various right to generate Resisting sample can facilitate a better understanding of the feature space to resisting sample.The loss can also stablize the training of GAN.
Preferably, the discriminator D is binary neural network classifier.
Preferably, the loss function of the discriminator D specifically:
LD=logD (x)+log (1-D (x+G (x))).
Preferably, the loss function of object-class model F is in the attack for having target are as follows:
LF=L (F (Tθ(x+G(x))),y′)
Indicate prediction the distance between class and target class y ', in formula, L is cross entropy loss function;
The loss function of object-class model F is in aimless attack are as follows:
LF=-L (F (Tθ(x+G(x))),y)
Indicate the negative distance between prediction class and original tag class y, in formula, L is cross entropy loss function.
Preferably, objective function LGANIt indicates are as follows:
LGAN=LF+αLD+β·LG
In formula, α and β are constants, for controlling the relative importance of each objective function, LGFor generating small sample perturbations, LDWith Resisting sample is shown similar to original sample in encourage to generate, and LFFor optimizing to resisting sample, success attack rate is improved, is passed through It minimizes generator loss function and maximizes discriminator loss function argmingmaxdLGANSolution obtains generator G and discriminator D。
Preferably, step S5 further include trained generator G is tested, specifically includes the following steps:
S5.1: generating disturbance using trained generator G, to generate test to resisting sample, will test to resisting sample The target classification network for inputting different structure, makes its classification error;
S5.2: carrying out spatial alternation to resisting sample to the test of S5.1, generates new test to resisting sample, new test confrontation sample This input target classification network, makes its classification error.
Compared with prior art, the beneficial effect of technical solution of the present invention is:
Compared with existing attack algorithm, method proposed by the present invention, which does not need access original object disaggregated model, to be had Effect ground is that different input samples generate attack sample, and inquiry is high with formation efficiency, challenge model generalization ability and strong robustness, energy The transportable property and robustness to resisting sample are effectively improved, and then improves black box success attack rate.The applicability of the method for the present invention Relatively wide, versatility is stronger, and the success attack rate on the model of different types of data set and different structure is all higher.
Detailed description of the invention
Fig. 1 is a kind of confrontation sample generating method flow chart that network is fought based on production.
Fig. 2 is a kind of confrontation sample generating method model schematic that network is fought based on production, and dotted line represents in figure Training process, solid line represent test process.
Fig. 3 is black box attack robust implementation flow chart.
Specific embodiment
The attached figures are only used for illustrative purposes and cannot be understood as limitating the patent;
In order to better illustrate this embodiment, the certain components of attached drawing have omission, zoom in or out, and do not represent actual product Size;
To those skilled in the art, it is to be understood that certain known features and its explanation, which may be omitted, in attached drawing 's.
The following further describes the technical solution of the present invention with reference to the accompanying drawings and examples.
Embodiment 1
A kind of confrontation sample generating method based on production confrontation network, such as Fig. 1 to 2, comprising the following steps:
S1: original sample x is inputted in generator G, the loss function of the generator G output disturbance G (x), generator G is LG, disturbance G (x), which is added in original sample x, to be obtained to resisting sample x '=x+G (x), the target of generator different from general GAN It is to generate disturbance rather than final image, i.e., output image is equal to the output image that input picture adds generator G, pair of generation The details and texture of resisting sample are replicated from input picture, and the details of original image, the loss of generator G are greatly remained Function uses L2 norm to lose as distance metric, is specifically expressed as follows:
LG=max (0, | | G (x) | |2-c)
Wherein, c is customized constant;
S2: by S1 obtain in resisting sample x ' input discriminator D, the discriminator D is distinguished to resisting sample x ' and as former state This x, the discriminator D are binary neural network classifier, obtain the loss function L of discriminator DD=logD (x)+log (1-D (x+G(x)));
S3: being input in enhancing module ST resisting sample x ' for what S1 was obtained, and the enhancing module ST is based on spatial alternation, To resisting sample x ' carry out spatial alternation operation, enhancing module ST output, treated to resisting sample x ' by affine transformationst= Tθ(x+G (x)), T in formulaθFor transforming function transformation function;
S4: passing through affine transformation, treated to resisting sample x 'stObject-class model F is inputted, target classification mould is obtained The loss function L of type FF, the loss function of object-class model F is in the attack for having target are as follows:
LF=L (F (Tθ(x+G(x))),y′)
Indicate prediction the distance between class and target class y ', in formula, L is cross entropy loss function;
The loss function of object-class model F is in aimless attack are as follows:
LF=-L (F (Tθ(x+G(x))),y)
Indicate the negative distance between prediction class and original tag class y, in formula, L is cross entropy loss function;
S5: being L according to the loss function of generator GG, discriminator D loss function LDWith the loss of object-class model F Function LFConstruct objective function LGANFor training challenge model GAN, trained generator G and discriminator D, target letter are obtained Number LGANIt indicates are as follows:
LGAN=LF+αLD+β·LG
In formula, α and β are constants, for controlling the relative importance of each objective function, LGFor generating small sample perturbations, LDWith Resisting sample is shown similar to original sample in encourage to generate, and LFFor optimizing to resisting sample, success attack rate is improved;
Further include trained generator G is tested, specifically includes the following steps:
S5.1: generating disturbance using trained generator G, to generate test to resisting sample, will test to resisting sample The target classification network for inputting different structure, makes its classification error;
S5.2: carrying out spatial alternation to resisting sample to the test of S5.1, generates new test to resisting sample, new test confrontation sample This input target classification network, makes its classification error.
S6: it is adaptive to resisting sample to be that different input samples generate using trained generator G.
In the specific implementation process, robustness test is carried out so that black box is attacked as an example, detailed process is as shown in Figure 3.
1) target of attack F is selected.It is utilized using the training of CIFAR-10 data set ResNet-18, ResNet-34 and VGG-16 GTSRB data set trains VGG-16 and Multi-Scale CNN, obtain two groups totally five target of attack model F=F1, F2, F3,F4,F5}.Wherein, ResNet-34 and VGG-16 is respectively as test to the ash box and black-box model of resisting sample.
2) data prediction.In order to exclude the influence of classification error caused by the performance of network itself, by target classification The screening sample that network can correctly classify comes out, as the original sample generated to resisting sample.
3) it generates to resisting sample.Training process according to fig. 2 generates challenge model, and using its generation to resisting sample.
4) validity to resisting sample is tested.If what is generated can successfully cheat target classification network F to resisting sample and make it Classification error illustrates that the present embodiment attack method is effective.
5) the transportable property to resisting sample is tested.If what is generated can cheat the target point of different structure to resisting sample simultaneously Class network F1 and F2, make its classification error, then explanation is strong to resisting sample migration, conversely, then explanation is poor to resisting sample migration. Compared with the generation of FGSM, BIM, DeepFool and advGAN method is to resisting sample, the success rate of attack is improved, then illustrates this reality Migration to resisting sample can be effectively improved by applying a method.
Test the robustness to resisting sample.Spatial alternation is carried out to resisting sample to what step 3) generated, generates new confrontation sample This, still can successfully cheat the target classification network F2 of step 1), then illustrate generate to resisting sample strong robustness.With FGSM, BIM, DeepFool compare resisting sample with what advGAN method generated, improve the success rate of attack, then illustrate present implementation The robustness to resisting sample can be effectively improved.
CIFAR-10 data set experimental result is as shown in table 1:
Table 1
GTSRB data set experimental result is as shown in table 2:
Table 2
The same or similar label correspond to the same or similar components;
The terms describing the positional relationship in the drawings are only for illustration, should not be understood as the limitation to this patent;
Obviously, the above embodiment of the present invention be only to clearly illustrate example of the present invention, and not be pair The restriction of embodiments of the present invention.For those of ordinary skill in the art, may be used also on the basis of the above description To make other variations or changes in different ways.There is no necessity and possibility to exhaust all the enbodiments.It is all this Made any modifications, equivalent replacements, and improvements etc., should be included in the claims in the present invention within the spirit and principle of invention Protection scope within.

Claims (7)

1. a kind of confrontation sample generating method based on production confrontation network, which comprises the following steps:
S1: original sample x being inputted in generator G, the generator G output disturbance G (x), and the loss function of generator G is LG, disturb Dynamic G (x), which is added in original sample x, to be obtained to resisting sample x '=x+G (x);
S2: by S1 obtain in resisting sample x ' input discriminator D, the discriminator D is distinguished to resisting sample x ' and original sample x, Obtain the loss function L of discriminator DD
S3: resisting sample x ' is input in enhancing module ST by what S1 was obtained, the enhancing module ST is based on spatial alternation, to right Resisting sample x ' carry out spatial alternation operation, by affine transformation, treated to resisting sample x ' for enhancing module ST outputst=Tθ(x+ G (x)), T in formulaθFor transforming function transformation function;
S4: passing through affine transformation, treated to resisting sample x 'stObject-class model F is inputted, obtains object-class model F's Loss function LF
S5: being L according to the loss function of generator GG, discriminator D loss function LDWith the loss function of object-class model F LFConstruct objective function LGANFor training challenge model GAN, trained generator G is obtained;
S6: it is adaptive to resisting sample to be that different input samples generate using trained generator G.
2. the confrontation sample generating method according to claim 1 based on production confrontation network, which is characterized in that generate The loss function of device G uses L2 norm to lose as distance metric, is specifically expressed as follows:
LG=max (0, | | G (x) | |2-c)
Wherein, c is customized constant.
3. the confrontation sample generating method according to claim 2 based on production network, which is characterized in that the identification Device D is binary neural network classifier.
4. the confrontation sample generating method according to claim 3 based on production confrontation network, which is characterized in that described The loss function of discriminator D specifically:
LD=log D (x)+log (1-D (x+G (x))).
5. the confrontation sample generating method according to claim 4 based on production confrontation network, which is characterized in that target The loss function of disaggregated model F is in the attack for having target are as follows:
LF=L (F (Tθ(x+G(x))),y′)
Indicate prediction the distance between class and target class y ', in formula, L is cross entropy loss function;
The loss function of object-class model F is in aimless attack are as follows:
LF=-L (F (Tθ(x+G(x))),y)
Indicate the negative distance between prediction class and original tag class y, in formula, L is cross entropy loss function.
6. the confrontation sample generating method according to claim 5 based on production confrontation network, which is characterized in that target Function LGANIt indicates are as follows:
LGAN=LF+αLD+β·LG
In formula, α and β are constants, maximize discriminator loss function argmin by minimizing generator loss functiongmaxdLGAN Solution obtains generator G and discriminator D.
7. the confrontation sample generating method according to claim 6 based on production confrontation network, which is characterized in that step S5 further include trained generator G is tested, specifically includes the following steps:
S5.1: generating disturbance using trained generator G, to generate test to resisting sample, test inputs resisting sample The target classification network of different structure, makes its classification error;
S5.2: carrying out spatial alternation to resisting sample to the test of S5.1, generates new test to resisting sample, new test is defeated to resisting sample Enter target classification network, makes its classification error.
CN201910459852.XA 2019-05-29 2019-05-29 A kind of confrontation sample generating method based on production confrontation network Pending CN110334806A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910459852.XA CN110334806A (en) 2019-05-29 2019-05-29 A kind of confrontation sample generating method based on production confrontation network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910459852.XA CN110334806A (en) 2019-05-29 2019-05-29 A kind of confrontation sample generating method based on production confrontation network

Publications (1)

Publication Number Publication Date
CN110334806A true CN110334806A (en) 2019-10-15

Family

ID=68140522

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910459852.XA Pending CN110334806A (en) 2019-05-29 2019-05-29 A kind of confrontation sample generating method based on production confrontation network

Country Status (1)

Country Link
CN (1) CN110334806A (en)

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110768971A (en) * 2019-10-16 2020-02-07 伍军 Confrontation sample rapid early warning method and system suitable for artificial intelligence system
CN111163472A (en) * 2019-12-30 2020-05-15 浙江工业大学 Signal identification attack defense method based on generative countermeasure network
CN111160217A (en) * 2019-12-25 2020-05-15 中山大学 Method and system for generating confrontation sample of pedestrian re-identification system
CN111210002A (en) * 2019-12-30 2020-05-29 北京航空航天大学 Multi-layer academic network community discovery method and system based on generation of confrontation network model
CN111241287A (en) * 2020-01-16 2020-06-05 支付宝(杭州)信息技术有限公司 Training method and device for generating generation model of confrontation text
CN111275115A (en) * 2020-01-20 2020-06-12 星汉智能科技股份有限公司 Method for generating counterattack sample based on generation counternetwork
CN111310802A (en) * 2020-01-20 2020-06-19 星汉智能科技股份有限公司 Anti-attack defense training method based on generation of anti-network
CN111340066A (en) * 2020-02-10 2020-06-26 电子科技大学 Confrontation sample generation method based on geometric vector
CN111539184A (en) * 2020-04-29 2020-08-14 上海眼控科技股份有限公司 Text data manufacturing method and device based on deep learning, terminal and storage medium
CN111738374A (en) * 2020-08-28 2020-10-02 北京智源人工智能研究院 Multi-sample anti-disturbance generation method and device, storage medium and computing equipment
CN111818101A (en) * 2020-09-09 2020-10-23 平安国际智慧城市科技股份有限公司 Network security detection method and device, computer equipment and storage medium
CN111898645A (en) * 2020-07-03 2020-11-06 贵州大学 Movable sample attack resisting method based on attention mechanism
CN111967592A (en) * 2020-07-09 2020-11-20 中国电子科技集团公司第三十六研究所 Method for generating counterimage machine recognition based on positive and negative disturbance separation
CN111967584A (en) * 2020-08-19 2020-11-20 北京字节跳动网络技术有限公司 Method, device, electronic equipment and computer storage medium for generating countermeasure sample
CN112162515A (en) * 2020-10-10 2021-01-01 浙江大学 Anti-attack method for process monitoring system
CN112818407A (en) * 2021-04-16 2021-05-18 中国工程物理研究院计算机应用研究所 Video privacy protection method based on generation countermeasure network
CN112884143A (en) * 2019-11-29 2021-06-01 北京四维图新科技股份有限公司 Method for training robust deep neural network model
CN113158190A (en) * 2021-04-30 2021-07-23 河北师范大学 Malicious code countermeasure sample automatic generation method based on generation type countermeasure network
CN113177599A (en) * 2021-05-10 2021-07-27 南京信息工程大学 Enhanced sample generation method based on GAN
CN113222480A (en) * 2021-06-11 2021-08-06 支付宝(杭州)信息技术有限公司 Training method and device for confrontation sample generation model
CN113361594A (en) * 2021-06-03 2021-09-07 安徽理工大学 Countermeasure sample generation method based on generation model
CN113395280A (en) * 2021-06-11 2021-09-14 成都为辰信息科技有限公司 Anti-confusion network intrusion detection method based on generation of countermeasure network
CN113505886A (en) * 2021-07-08 2021-10-15 深圳市网联安瑞网络科技有限公司 Countermeasure sample generation method, system, terminal and medium based on fuzzy test
CN113537381A (en) * 2021-07-29 2021-10-22 大连海事大学 Human body rehabilitation exercise data enhancement method based on confrontation sample
CN113642772A (en) * 2021-07-13 2021-11-12 重庆科技学院 Logging reservoir identification and prediction method based on machine learning
CN114548300A (en) * 2019-12-20 2022-05-27 支付宝(杭州)信息技术有限公司 Method and device for explaining service processing result of service processing model
WO2022116743A1 (en) * 2020-12-03 2022-06-09 International Business Machines Corporation Generating data based on pre-trained models using generative adversarial models
CN114663946A (en) * 2022-03-21 2022-06-24 中国电信股份有限公司 Countermeasure sample generation method, apparatus, device and medium

Cited By (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110768971A (en) * 2019-10-16 2020-02-07 伍军 Confrontation sample rapid early warning method and system suitable for artificial intelligence system
CN112884143A (en) * 2019-11-29 2021-06-01 北京四维图新科技股份有限公司 Method for training robust deep neural network model
CN112884143B (en) * 2019-11-29 2024-05-14 北京四维图新科技股份有限公司 Method for training robust deep neural network model
CN114548300B (en) * 2019-12-20 2024-05-28 支付宝(杭州)信息技术有限公司 Method and device for explaining service processing result of service processing model
CN114548300A (en) * 2019-12-20 2022-05-27 支付宝(杭州)信息技术有限公司 Method and device for explaining service processing result of service processing model
CN111160217A (en) * 2019-12-25 2020-05-15 中山大学 Method and system for generating confrontation sample of pedestrian re-identification system
CN111160217B (en) * 2019-12-25 2023-06-23 中山大学 Method and system for generating countermeasure sample of pedestrian re-recognition system
CN111163472A (en) * 2019-12-30 2020-05-15 浙江工业大学 Signal identification attack defense method based on generative countermeasure network
CN111210002A (en) * 2019-12-30 2020-05-29 北京航空航天大学 Multi-layer academic network community discovery method and system based on generation of confrontation network model
CN111210002B (en) * 2019-12-30 2022-01-28 北京航空航天大学 Multi-layer academic network community discovery method and system based on generation of confrontation network model
CN111163472B (en) * 2019-12-30 2022-10-04 浙江工业大学 Signal identification attack defense method based on generative countermeasure network
CN111241287A (en) * 2020-01-16 2020-06-05 支付宝(杭州)信息技术有限公司 Training method and device for generating generation model of confrontation text
CN111310802A (en) * 2020-01-20 2020-06-19 星汉智能科技股份有限公司 Anti-attack defense training method based on generation of anti-network
CN111275115A (en) * 2020-01-20 2020-06-12 星汉智能科技股份有限公司 Method for generating counterattack sample based on generation counternetwork
CN111340066A (en) * 2020-02-10 2020-06-26 电子科技大学 Confrontation sample generation method based on geometric vector
CN111340066B (en) * 2020-02-10 2022-05-31 电子科技大学 Confrontation sample generation method based on geometric vector
CN111539184A (en) * 2020-04-29 2020-08-14 上海眼控科技股份有限公司 Text data manufacturing method and device based on deep learning, terminal and storage medium
CN111898645A (en) * 2020-07-03 2020-11-06 贵州大学 Movable sample attack resisting method based on attention mechanism
CN111967592A (en) * 2020-07-09 2020-11-20 中国电子科技集团公司第三十六研究所 Method for generating counterimage machine recognition based on positive and negative disturbance separation
CN111967592B (en) * 2020-07-09 2023-12-05 中国电子科技集团公司第三十六研究所 Method for generating countermeasure image machine identification based on separation of positive and negative disturbance
CN111967584A (en) * 2020-08-19 2020-11-20 北京字节跳动网络技术有限公司 Method, device, electronic equipment and computer storage medium for generating countermeasure sample
CN111738374B (en) * 2020-08-28 2020-11-24 北京智源人工智能研究院 Multi-sample anti-disturbance generation method and device, storage medium and computing equipment
CN111738374A (en) * 2020-08-28 2020-10-02 北京智源人工智能研究院 Multi-sample anti-disturbance generation method and device, storage medium and computing equipment
CN111818101B (en) * 2020-09-09 2020-12-11 平安国际智慧城市科技股份有限公司 Network security detection method and device, computer equipment and storage medium
CN111818101A (en) * 2020-09-09 2020-10-23 平安国际智慧城市科技股份有限公司 Network security detection method and device, computer equipment and storage medium
CN112162515B (en) * 2020-10-10 2021-08-03 浙江大学 Anti-attack method for process monitoring system
CN112162515A (en) * 2020-10-10 2021-01-01 浙江大学 Anti-attack method for process monitoring system
US20220180203A1 (en) * 2020-12-03 2022-06-09 International Business Machines Corporation Generating data based on pre-trained models using generative adversarial models
GB2617722A (en) * 2020-12-03 2023-10-18 Ibm Generating data based on pre-trained models using generative adversarial models
WO2022116743A1 (en) * 2020-12-03 2022-06-09 International Business Machines Corporation Generating data based on pre-trained models using generative adversarial models
CN112818407A (en) * 2021-04-16 2021-05-18 中国工程物理研究院计算机应用研究所 Video privacy protection method based on generation countermeasure network
CN112818407B (en) * 2021-04-16 2021-06-22 中国工程物理研究院计算机应用研究所 Video privacy protection method based on generation countermeasure network
CN113158190A (en) * 2021-04-30 2021-07-23 河北师范大学 Malicious code countermeasure sample automatic generation method based on generation type countermeasure network
CN113177599B (en) * 2021-05-10 2023-11-21 南京信息工程大学 Reinforced sample generation method based on GAN
CN113177599A (en) * 2021-05-10 2021-07-27 南京信息工程大学 Enhanced sample generation method based on GAN
CN113361594A (en) * 2021-06-03 2021-09-07 安徽理工大学 Countermeasure sample generation method based on generation model
CN113361594B (en) * 2021-06-03 2023-10-20 安徽理工大学 Countermeasure sample generation method based on generation model
CN113395280B (en) * 2021-06-11 2022-07-26 成都为辰信息科技有限公司 Anti-confusion network intrusion detection method based on generation countermeasure network
CN113222480B (en) * 2021-06-11 2023-05-12 支付宝(杭州)信息技术有限公司 Training method and device for challenge sample generation model
CN113222480A (en) * 2021-06-11 2021-08-06 支付宝(杭州)信息技术有限公司 Training method and device for confrontation sample generation model
CN113395280A (en) * 2021-06-11 2021-09-14 成都为辰信息科技有限公司 Anti-confusion network intrusion detection method based on generation of countermeasure network
CN113505886A (en) * 2021-07-08 2021-10-15 深圳市网联安瑞网络科技有限公司 Countermeasure sample generation method, system, terminal and medium based on fuzzy test
CN113642772A (en) * 2021-07-13 2021-11-12 重庆科技学院 Logging reservoir identification and prediction method based on machine learning
CN113537381B (en) * 2021-07-29 2024-05-10 大连海事大学 Human rehabilitation exercise data enhancement method based on countermeasure sample
CN113537381A (en) * 2021-07-29 2021-10-22 大连海事大学 Human body rehabilitation exercise data enhancement method based on confrontation sample
CN114663946A (en) * 2022-03-21 2022-06-24 中国电信股份有限公司 Countermeasure sample generation method, apparatus, device and medium

Similar Documents

Publication Publication Date Title
CN110334806A (en) A kind of confrontation sample generating method based on production confrontation network
Rozsa et al. Are accuracy and robustness correlated
Rozsa et al. LOTS about attacking deep features
Cao et al. Adversarial learning with local coordinate coding
Liu et al. Transductive centroid projection for semi-supervised large-scale recognition
CN112446423A (en) Fast hybrid high-order attention domain confrontation network method based on transfer learning
CN111047054A (en) Two-stage countermeasure knowledge migration-based countermeasure sample defense method
He et al. Transferable sparse adversarial attack
CN113627543B (en) Anti-attack detection method
Liu et al. APSNet: Toward adaptive point sampling for efficient 3D action recognition
Rajani et al. Stacking with auxiliary features for visual question answering
Che et al. SMGEA: A new ensemble adversarial attack powered by long-term gradient memories
Wang et al. Occluded person re-identification via defending against attacks from obstacles
Ding et al. Beyond universal person re-identification attack
CN111967592A (en) Method for generating counterimage machine recognition based on positive and negative disturbance separation
Dong et al. Erasing, transforming, and noising defense network for occluded person re-identification
Fatemifar et al. Face spoofing detection ensemble via multistage optimisation and pruning
CN113935396A (en) Manifold theory-based method and related device for resisting sample attack
Lv et al. Chinese character CAPTCHA recognition based on convolution neural network
Wang et al. Deep fusion: Crafting transferable adversarial examples and improving robustness of industrial artificial intelligence of things
Wang et al. Generating semantic adversarial examples via feature manipulation
Kwon et al. Face friend-safe adversarial example on face recognition system
Rami et al. Source-guided similarity preservation for online person re-identification
Zhou et al. Improving robustness of random forest under label noise
CN116051924B (en) Divide-and-conquer defense method for image countermeasure sample

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191015