CN110428023B - Anti-reconnaissance escape attack method for deep pedestrian re-identification system - Google Patents
Anti-reconnaissance escape attack method for deep pedestrian re-identification system Download PDFInfo
- Publication number
- CN110428023B CN110428023B CN201910473189.9A CN201910473189A CN110428023B CN 110428023 B CN110428023 B CN 110428023B CN 201910473189 A CN201910473189 A CN 201910473189A CN 110428023 B CN110428023 B CN 110428023B
- Authority
- CN
- China
- Prior art keywords
- noise
- pedestrian
- identification system
- camera
- reconnaissance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 230000008569 process Effects 0.000 claims abstract description 21
- 238000005457 optimization Methods 0.000 claims abstract description 17
- 238000005070 sampling Methods 0.000 claims abstract description 10
- 238000012544 monitoring process Methods 0.000 claims abstract description 8
- 230000009466 transformation Effects 0.000 claims description 7
- 239000002131 composite material Substances 0.000 claims description 4
- 238000009499 grossing Methods 0.000 claims description 4
- 230000015556 catabolic process Effects 0.000 claims description 3
- 238000006731 degradation reaction Methods 0.000 claims description 3
- 238000013528 artificial neural network Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 5
- 238000013473 artificial intelligence Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 4
- 241000282414 Homo sapiens Species 0.000 description 3
- 238000013135 deep learning Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- ORILYTVJVMAKLC-UHFFFAOYSA-N Adamantane Natural products C1C(C2)CC3CC1CC2C3 ORILYTVJVMAKLC-UHFFFAOYSA-N 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000001308 synthesis method Methods 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K15/00—Arrangements for producing a permanent visual presentation of the output data, e.g. computer output printers
- G06K15/02—Arrangements for producing a permanent visual presentation of the output data, e.g. computer output printers using printers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/26—Government or public services
- G06Q50/265—Personal security, identity or safety
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Tourism & Hospitality (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Educational Administration (AREA)
- Development Economics (AREA)
- Computer Security & Cryptography (AREA)
- Economics (AREA)
- General Health & Medical Sciences (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Image Analysis (AREA)
- Image Processing (AREA)
Abstract
The invention discloses an anti-reconnaissance escape attack method for a deep pedestrian re-identification system, which provides a matching difference-based maximization optimization method and combines multi-position sampling to generate noise patterns which are variable across cameras and extensible in position, so that the same noise patterns cannot be matched with each other at any position of a monitoring area of the pedestrian re-identification system under the shooting of different cameras. In addition, the method integrates physical environment factors into the noise pattern generation process, reduces information loss of noise in the printing and shooting processes, and improves robustness of the noise. The noise pattern generated by the method can prevent the pedestrian re-identification system from correctly searching and positioning the attacker, and realize 'invisibility' under the security monitoring system.
Description
Technical Field
The invention relates to the field of artificial intelligence safety, in particular to an anti-reconnaissance escape attack method for a deep pedestrian re-identification system.
Background
With the rapid development of the mobile internet, the continuous upgrade of hardware equipment, the production of mass data and the update of algorithms, the development of Artificial Intelligence (AI) is overwhelming, and human lives are gradually penetrated and deeply changed. At present, artificial intelligence technology based on machine learning and deep learning is widely applied to various fields such as human-computer interaction, vision processing systems, recommendation systems, security diagnosis and protection, and application scenarios thereof include unmanned driving, image recognition, malware detection, malicious mail filtering and the like. It can be said that the arrival of the era of artificial intelligence and the development of data computing and storing capabilities have promoted various field changes. Pedestrian re-identification is a task of matching people of interest under cross-camera, and has wide application in the fields of video surveillance and security, such as suspect and missing person search, cross-camera pedestrian tracking, pedestrian activity analysis, and the like. In recent years, with the rapid development of deep learning technology, a pedestrian re-recognition system based on a deep neural network has achieved a pedestrian matching level close to that of human beings, and is gradually becoming a mainstream method.
However, recent studies have shown that deep neural networks are vulnerable to specific attacks: the input image is added with well-constructed noise which is difficult to be perceived by human beings, so that the deep neural network is induced to work in an abnormal mode, and potential threats such as face recognition, unmanned driving, malicious software detection and the like are formed to various applications based on the deep neural network. Due to the wide deployment and application of the pedestrian re-identification system in the security system, it is important to research whether the deep pedestrian re-identification system is easy to attack. Once a deep pedestrian re-identification system is vulnerable to a particular attack, serious consequences and security threats can arise, for example, criminals can evade the search and location of law enforcement, or spys can invade a monitored confidential area.
Disclosure of Invention
The invention aims to overcome the limitations of the prior art and provides an anti-reconnaissance escape attack method for a deep pedestrian re-identification system.
The invention designs an anti-reconnaissance escape attack method for a deep pedestrian re-identification system, which is characterized by comprising the following steps:
1) setting a specific user which an attacker wants to match to a given pedestrian re-identification system with white-box access authority;
2) constructing a photo group of an attacker under each camera, designing a noise pattern generation method based on multi-position sampling, and generating a noise pattern with an extensible position;
3) the cross-camera variable noise pattern generation method based on the minimized matching difference enables the cross-camera attacker images to be far away from each other and cannot be matched by a pedestrian re-identification system, and enables the noisy images to be matched with a specific user in an error mode;
4) physical environment factors are blended into a noise pattern generation process, and the noise pattern is printed and attached to clothes, so that the pedestrian re-identification system is attacked in a real scene.
Further, the specific process of constructing the picture group of the attacker under each camera is as follows:
the method comprises the steps of collecting a large number of photos of attackers taken at different positions under a monitoring camera, and carrying out basic image transformation on each taken photo to obtain a composite photo, wherein the photos jointly form a noise generation set.
Further, the specific process of step 3) is as follows:
iteratively searching for a variable noise pattern across cameras by solving an optimization problem of minimization of matching similarity of attacker photos taken across cameras; in particular, for pictures taken from m groups of cameras, and for pictures I taken from a particular usertThe following optimization problems are solved:
Wherein the target pedestrian re-recognition system is denoted as fθ(x, y) sc, wherein x is an image which needs to be inquired by the system, y is a pedestrian photo collected by other cameras, and theta is a model parameter; x'iAdding the noise delta to the x-ray image through the image transformation consistent with the shot person iiThe above is obtained;
wherein each iteration generates a set from noise and a user-specific photo set ItRandomly selecting photos to form quadruple
Two pictures of an attacker under the same camera,
for an attacker to take a picture of other cameras, the cross-camera variable noise pattern generation method based on the minimum matching difference solves the following optimization problem:
the generated noise has the ability to make the difference between features extracted from the camera photos smaller and smaller, while making the difference between features extracted across the camera photos larger and larger.
Still further, the number of iterations is set to 700, or less than 700 convergence, i.e., the iteration is completed.
Further, a smoothing and regularizing term is added in the step 4):
TV(δ)=∑i,j((δi,j-δi+1,j)2+(δi,j-δi,j+1)2)。
further, in the step 4), the noise value is converted into a printer color value range for printing.
Further, adding a random image degradation function in the step 4)
Making the noise highly robust against information loss.
Compared with the prior art, the invention has the following beneficial effects:
1) the novel escape countercheck method facing the deep pedestrian re-identification system is provided, and anti-reconnaissance escape of the target pedestrian re-identification system is completed by generating the invisible clothes.
2) An optimization method based on matching difference minimization is provided, and noise patterns which are variable across cameras are generated and cannot be matched with one another under the shooting of different cameras.
3) In the noise pattern generation process, a multi-position sampling strategy is considered, and the generated noise can achieve an attack effect at any position of a monitoring area.
4) In order to improve the robustness of the physical world of the noise pattern, the method integrates physical environment factors into the noise pattern generation process, so that the noise pattern generation process is still effective after information is lost in the printing and shooting process.
Drawings
Fig. 1 is a framework of an anti-reconnaissance escape attack method for a deep pedestrian re-identification system.
Fig. 2 is a schematic diagram of an escape attack of a deep pedestrian re-identification system.
Fig. 3 is an example of an escape attack for a deep pedestrian re-identification system.
Detailed Description
The invention considers that the safety problem of deep pedestrian re-identification still does not receive attention, and potential safety threat can be brought when the method is widely applied, so that an anti-reconnaissance escape attack method oriented to a deep pedestrian re-identification system is urgently needed.
The invention discloses an anti-reconnaissance escape attack method for a deep pedestrian re-identification system, which comprises the following steps:
1) given a pedestrian re-identification system, a query image is input, and the system outputs the similarity and similarity ranking between the images shot under other cameras and the query image. An attacker can access the parameters and weights of the target model and set the specific users that the attacker wants to match to.
The target pedestrian re-identification system may be denoted as fθAnd (x, y) ═ sc, wherein x is the image to be queried by the system, y is the photos of the pedestrian collected by other cameras, theta is the model parameter, and sc is the output of the system, namely the similarity score of a group of photos (x, y) to be matched. The inquired photos are matched with the photo groups G collected by the system under other cameras one by one, and the photos with the highest similarity are output as the final matching result, namely:
Y={y1,y2,…,yK}s.tψ(fθ(x,yi))<K
where K is the number of photos with the highest matching score for the output set by the system, and ψ (-) sorts the collected groups of photos from high to low according to the matching score. An attacker takes a trained pedestrian re-recognition system based on a neural network as an attack target, has white-box access authority on a target model, namely parameters and weights capable of accessing the target model, and sets a specific user in the system, so that the attacker is mistakenly matched into the specific user by the system when being inquired.
2) An attacker collecting picture group and a synthetic picture group are constructed, a noise pattern generation method based on multi-position sampling is designed, a noise pattern with an extensible position is generated, and an attack effect can be achieved at any position of a monitoring area.
Forming a noise generation set XcThe method specifically comprises the following steps: the method comprises the steps of collecting a plurality of photos of attackers taken at different positions under a monitoring camera, and carrying out basic image transformation on each taken photo to obtain a composite photo.
3) The cross-camera variable noise pattern generation method based on the minimized matching difference enables attacker images under the cross-camera to be far away from each other and cannot be matched by a pedestrian re-recognition system, and enables noisy images to be matched with specific users in an error mode.
Variable noise patterns across the cameras are iteratively found by solving an optimization problem of minimization of matching similarity of aggressor photos taken across the cameras. Specifically, for pictures taken from m groups of cameras, the following optimization problem is solved:
Wherein x'iAdding the noise delta to the x-ray image through the image transformation consistent with the shot person iiObtained as above. In the optimization process, the noise pattern learns the difference between the shapes and the styles of the shot persons under the cross-camera to improve the attack ability of the shot persons, so that the difference between the extracted characteristics of the pictures shot by the shot persons under the cross-camera is increased until the pictures can not be matched with each other correctly and are matched with the pictures of specific users.
Randomly selecting two photos under the same camera in a generated set each time
And a picture of other cameras
Form a triplet QiThe method is based on a multi-position sampling strategy and adopts a plurality of groups of different QiThe noise pattern is optimized in an iterative way, and the noise delta generated by optimizing a plurality of groups of photos taken at different positions and synthesized can be positioned at any position of the monitored areaThe anti-scouting and escaping attacks can be completed when the device is shot. XcWill be used to solve the optimization problem of generating noise patterns, from X for each iterationcIn which randomly selected photos constitute a triplet
The generated noise pattern can be made valid at any position of the monitored area by different quadruples. Specifically, 50 sampling points with different distances and angles are arranged under each camera, and 10 shot pictures are collected at each sampling point respectively; for each captured picture, 5 basic image transformations were randomly selected to generate 5 composite pictures. For one attack, a total of 3000 photos of the synthetic set were constructed. Combining the multi-position-based sampling strategy with the optimization problem, a noise pattern which satisfies the multi-position extensible and variable across cameras can be generated:
the generated noise has the ability to make the difference between features extracted from the camera photos smaller and smaller, while making the difference between features extracted across the camera photos larger and larger. By selecting the photos at different positions in the generated set and with different synthesis methods, the noise pattern can be made to be equally effective for photos taken at positions that are not "seen". The method utilizes Adam optimization algorithm to solve the optimization problem, and the learning rate is 1e-2, beta1=0.9,β20.999 and the equilibrium coefficient lambda is 0.6. The maximum number of iterations is 700.
4) The method is characterized in that printing and shooting errors in the physical world are considered, physical environment factors are integrated into a noise pattern generation process, a high-robustness noise pattern is generated, and a 'stealth coat' is printed and attached to attack a pedestrian re-identification system in a real scene.
The influence of noise pattern activity in the printing and shooting processes is considered, physical environment factors are blended into the noise pattern generation process, and a high-robustness noise pattern is generated, so that anti-reconnaissance escape attack can be carried out on the pedestrian re-identification system on the clothes of noise printing and attaching attackers. Firstly, in order to make the generated noise look naturally smooth as the clothes pattern looks like, the method adds a smoothing regularization term to the optimization problem:
where TV (δ) represents a smoothing regularization term, δi,jRepresenting the noise level of the noise map at the i, j position.
The method improves the smoothness of the noise by minimizing the difference between the values of the adjacent pixels of the noise pattern, so that an attacker cannot cause doubt when wearing the invisible clothes. The printable color range is then determined
And the value range of the noise
Errors caused by printing are eliminated; finally, due to the environmental condition in the shooting process and the loss of information caused by shooting noise of camera equipment, the method adds a random image degradation function in the noise generation process
Making the noise highly robust against information loss.
The invention has the advantages that:
1) the novel escape anti-braking method facing the deep pedestrian re-recognition system is provided, and anti-escape of the target pedestrian re-recognition system is completed by generating the invisible clothes.
2) An optimization method based on matching difference minimization is provided, and noise patterns which are variable across cameras are generated and cannot be matched with one another under the shooting of different cameras.
3) In the noise pattern generation process, a multi-position sampling strategy is considered, and the generated noise can achieve an attack effect at any position of a monitoring area.
4) In order to improve the robustness of the physical world of the noise pattern, the method integrates physical environment factors into the noise pattern generation process, so that the noise pattern generation process is still effective after information is lost in the printing and shooting process.
Claims (7)
1. An anti-reconnaissance escape attack method for a deep pedestrian re-identification system is characterized by comprising the following steps:
1) giving a pedestrian re-identification system with white-box access rights;
2) constructing a photo group of an attacker under each camera, designing a noise pattern generation method based on multi-position sampling, and generating a noise pattern with an extensible position;
3) the cross-camera variable noise pattern generation method based on the minimum matching difference enables the cross-camera attacker images to be far away from each other and cannot be matched by a pedestrian re-identification system;
4) physical environment factors are blended into a noise pattern generation process, and the noise pattern is printed and attached to clothes, so that the pedestrian re-identification system is attacked in a real scene.
2. The anti-reconnaissance escape attack method for the deep pedestrian re-identification system according to claim 1, wherein: the specific process of constructing the picture group of the attacker under each camera is as follows:
the method comprises the steps of collecting a large number of photos of attackers taken at different positions under a monitoring camera, and carrying out basic image transformation on each taken photo to obtain a composite photo, wherein the photos jointly form a noise generation set.
3. The anti-reconnaissance escape attack method for the deep pedestrian re-identification system according to claim 2, wherein: the specific process of the step 3) is as follows:
iteratively finding cross-shot by solving an optimization problem of minimization of matching similarity of aggressor photos under cross-camera shootingA variable noise pattern like a head; in particular, for pictures taken from m groups of cameras, and for pictures I taken from a particular usertThe following optimization problems are solved:
Wherein the target pedestrian re-recognition system is denoted as fθ(x, y) sc, wherein x is an image which needs to be inquired by the system, y is a pedestrian photo collected by other cameras, and theta is a model parameter; x'iThe noise delta is added to the upper x by an image transformation which is consistent with the shot person iiThe above is obtained;
sc is the output of the system, and photos are randomly selected from the noise generation set to form a triple group in each iteration
Two pictures of an attacker under the same camera,
for an attacker to take a picture of other cameras, the cross-camera variable noise pattern generation method based on the minimum matching difference solves the following optimization problem:
the generated noise has the ability to make the difference between features extracted from the camera photos smaller and smaller, while making the difference between features extracted across the camera photos larger and larger.
4. The anti-reconnaissance escape attack method for the deep pedestrian re-identification system according to claim 3, wherein: the iteration number of the iteration is set to 700 times, or the iteration is completed when convergence in 700 times is less than.
5. The anti-reconnaissance escape attack method for the deep pedestrian re-identification system according to claim 2, wherein: adding a smooth regular term in the step 4):
where TV (δ) represents a smoothing regularization term, δi,jRepresenting the noise level of the noise map at the i, j position.
6. The anti-reconnaissance escape attack method for the deep pedestrian re-identification system according to claim 2, wherein: and 4) converting the noise value into a printer color value range for printing in the step 4).
7. The anti-reconnaissance escape attack method for the deep pedestrian re-identification system according to claim 2, wherein: adding a random image degradation function into the step 4)
Making the noise highly robust against information loss.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910473189.9A CN110428023B (en) | 2019-05-31 | 2019-05-31 | Anti-reconnaissance escape attack method for deep pedestrian re-identification system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910473189.9A CN110428023B (en) | 2019-05-31 | 2019-05-31 | Anti-reconnaissance escape attack method for deep pedestrian re-identification system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110428023A CN110428023A (en) | 2019-11-08 |
| CN110428023B true CN110428023B (en) | 2021-09-14 |
Family
ID=68408454
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910473189.9A Active CN110428023B (en) | 2019-05-31 | 2019-05-31 | Anti-reconnaissance escape attack method for deep pedestrian re-identification system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110428023B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778704A (en) * | 2017-01-23 | 2017-05-31 | 安徽理工大学 | A kind of recognition of face matching process and semi-automatic face matching system |
| CN108133192A (en) * | 2017-12-26 | 2018-06-08 | 武汉大学 | A kind of pedestrian based on Gauss-Laplace distribution statistics identifies again |
| CN109522793A (en) * | 2018-10-10 | 2019-03-26 | 华南理工大学 | More people's unusual checkings and recognition methods based on machine vision |
| CN109635634A (en) * | 2018-10-29 | 2019-04-16 | 西北大学 | A kind of pedestrian based on stochastic linear interpolation identifies data enhancement methods again |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10275683B2 (en) * | 2017-01-19 | 2019-04-30 | Cisco Technology, Inc. | Clustering-based person re-identification |
| US10395385B2 (en) * | 2017-06-27 | 2019-08-27 | Qualcomm Incorporated | Using object re-identification in video surveillance |
-
2019
- 2019-05-31 CN CN201910473189.9A patent/CN110428023B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778704A (en) * | 2017-01-23 | 2017-05-31 | 安徽理工大学 | A kind of recognition of face matching process and semi-automatic face matching system |
| CN108133192A (en) * | 2017-12-26 | 2018-06-08 | 武汉大学 | A kind of pedestrian based on Gauss-Laplace distribution statistics identifies again |
| CN109522793A (en) * | 2018-10-10 | 2019-03-26 | 华南理工大学 | More people's unusual checkings and recognition methods based on machine vision |
| CN109635634A (en) * | 2018-10-29 | 2019-04-16 | 西北大学 | A kind of pedestrian based on stochastic linear interpolation identifies data enhancement methods again |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110428023A (en) | 2019-11-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Meng et al. | Magnet: a two-pronged defense against adversarial examples | |
| Sharif et al. | Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition | |
| Athalye et al. | Synthesizing robust adversarial examples | |
| Pinto et al. | Face spoofing detection through visual codebooks of spectral temporal cubes | |
| Wang et al. | advpattern: Physical-world attacks on deep person re-identification via adversarially transformable patterns | |
| Gragnaniello et al. | Analysis of adversarial attacks against CNN-based image forgery detectors | |
| JP5127067B2 (en) | Image search apparatus and image search method | |
| CN111626925A (en) | Method and device for generating counterwork patch | |
| Katzir et al. | Detecting adversarial perturbations through spatial behavior in activation spaces | |
| Xue et al. | Backdoors hidden in facial features: A novel invisible backdoor attack against face recognition systems | |
| Li et al. | DeepBlur: A simple and effective method for natural image obfuscation | |
| CN115640609A (en) | Feature privacy protection method and device | |
| Yin et al. | Neural network fragile watermarking with no model performance degradation | |
| Li et al. | Detecting adversarial patch attacks through global-local consistency | |
| CN114049537B (en) | Countermeasure sample defense method based on convolutional neural network | |
| CN110263674B (en) | Anti-reconnaissance camouflage 'invisible clothes' generation method for deep pedestrian re-identification system | |
| Zhou et al. | Only once attack: fooling the tracker with adversarial template | |
| Liang et al. | Poisoned forgery face: Towards backdoor attacks on face forgery detection | |
| CN110428023B (en) | Anti-reconnaissance escape attack method for deep pedestrian re-identification system | |
| JP2021093144A (en) | Sensor-specific image recognition device and method | |
| Kashtalian et al. | K-means Clustering of Honeynet Data with Unsupervised Representation Learning. | |
| CN111104982B (en) | Label-independent cross-task confrontation sample generation method | |
| CN115017501A (en) | Image anti-attack sample detection method and system based on uncertainty estimation | |
| Policepatil et al. | Face liveness detection: An overview | |
| Li et al. | Measurement-driven security analysis of imperceptible impersonation attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |