CN111756705B - Attack testing method, device, equipment and storage medium of in-vivo detection algorithm - Google Patents
Attack testing method, device, equipment and storage medium of in-vivo detection algorithm Download PDFInfo
- Publication number
- CN111756705B CN111756705B CN202010504606.4A CN202010504606A CN111756705B CN 111756705 B CN111756705 B CN 111756705B CN 202010504606 A CN202010504606 A CN 202010504606A CN 111756705 B CN111756705 B CN 111756705B
- Authority
- CN
- China
- Prior art keywords
- attack
- detection algorithm
- algorithm
- sample
- living body
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/16—Human faces, e.g. facial parts, sketches or expressions
- G06V40/168—Feature extraction; Face representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/40—Spoof detection, e.g. liveness detection
- G06V40/45—Detection of the body part being alive
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The application discloses an attack testing method, device, equipment and storage medium of a living body detection algorithm, wherein the method comprises the following steps: acquiring attack failure samples of a living body detection algorithm; acquiring a reverse gradient matrix of each characteristic diagram of a preset model layer when a living body detection algorithm carries out living body detection on the attack failure sample; generating an algorithm thermodynamic diagram based on the inverse gradient matrix of each characteristic diagram, wherein the algorithm thermodynamic diagram represents the attention condition of the biopsy algorithm in biopsy of the sample with attack failure; determining a non-key attention area of the in-vivo detection algorithm on an attack failure sample based on algorithm thermodynamic diagram; attacking the non-key attention area of the attack failure sample to obtain a first attack test sample; and carrying out attack testing on the in-vivo detection algorithm based on the first attack testing sample. By using the technical scheme provided by the application, the recognition rate of the living body detection algorithm with the vulnerability can be greatly improved, and the safety of the subsequent algorithm in application is ensured.
Description
Technical Field
The present application relates to the field of artificial intelligence technologies, and in particular, to an attack testing method, apparatus, device, and storage medium for a living body detection algorithm.
Background
In recent years, with the maturity of AI (Artificial Intelligence) algorithms such as face recognition and living body detection based on deep learning, more and more businesses, such as bank account opening, gradually adopt a remote manner to complete the identity verification of a user, but the security of the businesses also faces certain challenges.
At present, some illegal users adopt false identities to perform service registration, such as: the AI algorithm is deceived by copying photos, videos and the like of other people. Therefore, various possible attack scenes need to be covered as fully as possible during AI algorithm testing. However, unlike the conventional software, the AI algorithm itself has a strong black box property, and cannot guide the construction of a test scenario by using the test means (e.g., by code coverage analysis) of the conventional software. In the prior art, various test scenes are artificially conceived mainly depending on experience of testers, and then test samples in corresponding scenes are collected, so that the test efficiency is low, the test scenes are omitted, the algorithm bugs cannot be accurately detected, and the safety of the algorithm cannot be guaranteed. Therefore, there is a need to provide more efficient and reliable solutions.
Disclosure of Invention
The application provides an attack testing method, device, equipment and storage medium of a living body detection algorithm, which can solve the problem that in the test of the living body detection algorithm based on deep learning, the attention condition of the algorithm during living body detection cannot be accurately determined due to the limitation of the black box property of the algorithm, greatly improve the identification rate of the living body detection algorithm with a bug, and ensure the safety in the application of the follow-up algorithm.
In one aspect, the present application provides an attack testing method for a living body detection algorithm, the method including:
acquiring attack failure samples of a living body detection algorithm;
acquiring a reverse gradient matrix of each characteristic diagram of a preset model layer when the in-vivo detection algorithm performs in-vivo detection on the attack failure sample;
generating an algorithm thermodynamic diagram based on the inverse gradient matrix of each feature map, wherein the algorithm thermodynamic diagram represents the attention condition of the living body detection algorithm in living body detection on the attack failure samples;
determining a non-important attention area of the in-vivo detection algorithm on the attack failure sample based on the algorithm thermodynamic diagram;
attacking the non-key attention area of the attack failure sample to obtain a first attack test sample;
and carrying out attack testing on the in-vivo detection algorithm based on the first attack testing sample.
Another aspect provides an attack testing apparatus for a living body detection algorithm, the apparatus comprising:
the attack failure sample acquisition module is used for acquiring an attack failure sample of the in-vivo detection algorithm;
the reverse gradient matrix acquisition module is used for acquiring a reverse gradient matrix of each characteristic diagram of a preset model layer when the in-vivo detection algorithm carries out in-vivo detection on the attack failure sample;
an algorithm thermodynamic diagram generation module, configured to generate an algorithm thermodynamic diagram based on the inverse gradient matrix of each feature map, where the algorithm thermodynamic diagram characterizes a concern of the liveness detection algorithm in live detection of the attack failure sample;
a non-emphasis region-of-interest determination module, configured to determine, based on the algorithm thermodynamic diagram, a non-emphasis region of interest of the in-vivo detection algorithm on the attack failure sample;
the non-key attention area attack module is used for attacking the non-key attention area of the attack failure sample to obtain a first attack test sample;
and the first attack testing module is used for carrying out attack testing on the in-vivo detection algorithm based on the first attack testing sample.
Another aspect provides an attack testing device for a living body detection algorithm, the device comprising a processor and a memory, wherein the memory stores at least one instruction or at least one program, and the at least one instruction or the at least one program is loaded by the processor and executed to implement the attack testing method for the living body detection algorithm as described above.
Another aspect provides a computer-readable storage medium having at least one instruction or at least one program stored therein, the at least one instruction or the at least one program being loaded and executed by a processor to implement the attack testing method of the living body detection algorithm as described above.
The attack testing method, the attack testing device, the attack testing equipment and the storage medium of the in-vivo detection algorithm have the following technical effects:
according to the method, an attack failure sample is input as a trained living body detection algorithm, living body detection is carried out on the attack failure sample by using the living body detection algorithm, when the living body detection algorithm carries out living body detection on the attack failure sample, a reverse gradient matrix of each characteristic diagram of the attack failure sample is extracted, an algorithm thermodynamic diagram capable of representing the attention condition of the living body detection algorithm in living body detection on the attack failure sample is generated by combining the reverse gradient matrix of each characteristic diagram, and the problem that the attention condition of the algorithm in living body detection cannot be accurately determined due to the limited black box property of the algorithm in the test of the living body detection algorithm based on deep learning, and therefore the attack cannot be carried out on the target is solved; then, through attacking the non-key focus area of the living body detection algorithm, an attack sample of the non-key focus area is generated, and the attack sample of the non-key focus area is used for carrying out attack test, so that the identification rate of the living body detection algorithm with the vulnerability can be greatly improved, and the safety of the subsequent algorithm in application is ensured.
Drawings
In order to more clearly illustrate the technical solutions and advantages of the embodiments of the present application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic diagram of an attack testing system for an activity detection algorithm provided by an embodiment of the present application;
fig. 2 is an alternative structural diagram of the distributed system 200 applied to the blockchain system according to the embodiment of the present application;
FIG. 3 is a schematic flowchart of an attack testing method of an activity detection algorithm according to an embodiment of the present application;
FIG. 4 is a schematic flowchart of an inverse gradient matrix generation algorithm thermodynamic diagram based on various feature maps provided by an embodiment of the present application;
FIG. 5 is a gray scale diagram of an algorithm thermodynamic diagram corresponding to an attack failure sample provided by an embodiment of the present disclosure;
FIG. 6 is a gray scale diagram of a first attack test sample provided by an embodiment of the present application;
FIG. 7 is a schematic flowchart of an attack testing method of another activity detection algorithm provided by an embodiment of the present application;
fig. 8 is a schematic flowchart of a process of attacking a key region of interest of the attack failure sample to obtain a second attack test sample according to the embodiment of the present application;
FIG. 9 is a gray scale diagram of an algorithmic thermodynamic diagram corresponding to a second attack test sample provided by an embodiment of the present disclosure;
FIG. 10 is a schematic flow chart of an attack testing apparatus for an activity detection algorithm according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a client according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Artificial intelligence is a theory, method, technique and application system that uses a digital computer or a machine controlled by a digital computer to simulate, extend and expand human intelligence, perceive the environment, acquire knowledge and use the knowledge to obtain the best results. The artificial intelligence software technology mainly comprises a computer vision technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like.
In recent years, with research and development of artificial intelligence technology, artificial intelligence technology is widely applied in a plurality of fields, and the scheme provided by the embodiment of the application relates to technologies such as machine learning/deep learning of artificial intelligence, and is specifically described by the following embodiments:
referring to fig. 1, fig. 1 is a schematic diagram of an attack testing system of an activity detection algorithm according to an embodiment of the present application, and as shown in fig. 1, the system at least includes a device 01 and a server 02.
In this embodiment, the device 01 may be configured to perform an attack test of a living body detection algorithm, and specifically, taking fig. 1 as an example, the device 01 may include terminal devices of a smart phone, a desktop computer, a tablet computer, a notebook computer, an intelligent sound box, a digital assistant, an Augmented Reality (AR)/Virtual Reality (VR) device, an intelligent wearable device, and the like. In other embodiments, the device 01 may also include an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, and may also include a cloud server that provides basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform, and the like.
In the embodiment of the present specification, the server 02 may be used for training a live body detection algorithm; specifically, the server 02 may include an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, and a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform, and the like.
In the embodiment of the present specification, the training data for training the liveness detection algorithm may be collected from a large number of network nodes, and accordingly, the system formed by the network nodes and the server for training the liveness detection algorithm may be a distributed system formed by connecting the network nodes and the server in a network communication manner.
Taking a distributed system as an example of a blockchain system, referring to fig. 2, fig. 2 is an optional structural schematic diagram of the distributed system 200 applied to the blockchain system, which is formed by a plurality of nodes (computing devices in any form in an access network, such as servers and user terminals) and clients, and a Peer-to-Peer (P2P, Peerto Peer) network is formed between the nodes, and the P2P Protocol is an application layer Protocol operating on a Transmission Control Protocol (TCP). In a distributed system, any machine, such as a server or a terminal, can join to become a node, and the node comprises a hardware layer, a middle layer, an operating system layer and an application layer.
In the embodiment of the present specification, when performing attack testing on the living body detection algorithm, the device 01 may load a trained living body detection algorithm from the server 02.
In this embodiment of the present specification, the device 01 and the server 02 may be directly or indirectly connected through wired or wireless communication, and this embodiment of the present specification is not limited herein.
In addition, it should be noted that the liveness detection algorithm provided by the embodiment of the present application can provide an artificial intelligence cloud Service, which is also generally referred to as AIaaS (AI as a Service, chinese). The method is a service mode of an artificial intelligence platform, and particularly, the AIaaS platform splits several types of common AI services and provides independent or packaged services at a cloud. This service model is similar to the one opened in an AI theme mall: all developers can access one or more artificial intelligence services provided by the platform through an API (application programming interface), and part of the qualified developers can also use an AI framework and an AI infrastructure provided by the platform to deploy and operate and maintain the self-dedicated cloud artificial intelligence services.
The following describes an attack testing method of an activity detection algorithm of the present application, and fig. 3 is a flow chart of an attack testing method of an activity detection algorithm provided in an embodiment of the present application, and the present specification provides the method operation steps as described in the embodiment or the flow chart, but may include more or less operation steps based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. In actual execution of an article, such as a system or a server, the method according to the embodiment or the figures may be executed sequentially or in parallel (for example, in the context of parallel processors or multi-threaded processing). Specifically, as shown in fig. 3, the method may include:
s301: and acquiring attack failure samples of the living body detection algorithm.
In practical applications, a large number of positive and negative samples are often used to test the biopsy algorithm. Specifically, for the in-vivo detection algorithm, the positive sample may be a living sample, and the negative sample may be a non-living sample; specifically, the live sample may be a photographed live image, and the non-live sample may include a live image in a copied screen, a live video in a copied screen, a live image in a copied picture (a picture may be a live print photograph, etc.), and the like.
In the embodiment of the present specification, the attack failure sample may include a non-living sample in which the test result is non-living. Namely, the non-living body sample which can be accurately identified by the living body detection algorithm is used as the attack failure sample of the living body detection algorithm.
In the embodiment of the specification, in order to avoid the problem that the vulnerability of the in-vivo detection algorithm cannot be accurately found because the in-vivo detection algorithm is tested only by taking a non-in-vivo sample as an attack sample, and the covered attack scene is single; further attack testing can be carried out on the in-vivo detection algorithm by combining with the attack failure sample so as to improve the discovery accuracy of the vulnerability of the in-vivo detection algorithm and ensure the application safety of the in-vivo detection algorithm.
S303: and when the in-vivo detection algorithm is used for carrying out in-vivo detection on the attack failure sample, presetting the reverse gradient matrix of each characteristic diagram of the model layer.
In the embodiment of the description, when the biopsy algorithm performs biopsy on the attack failure sample, the different model layers corresponding to the biopsy algorithm extract the characteristics of different parts of the attack failure sample, taking a face image in a copied screen as an example, and the different part characteristics may include eye characteristics, nose characteristics, mouth characteristics and the like; accordingly, each layer may correspond to multiple profiles.
In practical applications, the model layer for extracting different features of the attack failure sample may often include a plurality of convolution layers; in an embodiment of the present specification, the preset model layer may include a last convolution layer corresponding to the liveness detection algorithm.
Specifically, the inverse gradient matrix of each feature map of the preset model layer can represent feature information of different parts of the attack failure sample. In a specific embodiment, when the in-vivo detection algorithm is obtained to perform in-vivo detection on the attack failure sample, the inverse gradient matrix of each feature map in the preset model layer includes:
1) calling the in-vivo detection algorithm to carry out in-vivo detection on the attack failure sample;
2) and when the in-vivo detection algorithm is used for carrying out the in-vivo detection on the attack failure sample, a preset hook function is used for recording the reverse gradient matrix of each characteristic diagram of the preset model layer.
In this embodiment of the specification, the living body detection algorithm may be obtained by performing living body detection training on a preset deep learning algorithm based on a training sample with labeled information in advance. Specifically, the labeling information may include labeling information of whether the corresponding training sample is a living body sample.
In the embodiment of the present specification, the preset hooking function may include, but is not limited to, a hook function (hooking function) in PyTorch.
S305: and generating an algorithm thermodynamic diagram based on the inverse gradient matrix of each characteristic diagram.
In this embodiment of the present specification, after obtaining the inverse gradient matrix of each feature map that can characterize different feature information of an attack failure sample, an algorithm thermodynamic diagram that characterizes a concern of a biopsy algorithm in performing biopsy on the attack failure sample may be generated based on the inverse gradient matrix of each feature map, and specifically, as shown in fig. 4, the method may include:
s3051: calculating the average value of the inverse gradient matrix of each feature map, and taking the average value as the weight of the feature map;
s3053: carrying out weighted summation processing on each characteristic diagram based on the weight of the characteristic diagram to obtain a target matrix;
s3055: converting the target matrix into an initial thermodynamic diagram based on the numerical size of each element in the target matrix;
s3057: and performing superposition processing on the initial thermodynamic diagram and the attack failure sample to obtain the algorithm thermodynamic diagram.
In this embodiment of the present specification, the inverse gradient matrix of each feature map represents feature information of a certain portion of the attack failure sample, an average value of the inverse gradient matrix of each portion corresponding to the feature map may reflect a degree of attention of the living body detection algorithm to the feature information of the portion, and accordingly, the higher the value, the higher the degree of attention of the living body detection algorithm to the feature information of the portion.
Further, taking the average value of the inverse gradient matrix of each feature map as a weight, and performing weighted summation processing on each feature map to obtain a target matrix representing the attention degree of the in-vivo detection algorithm to different parts of the attack failure sample;
further, converting a target matrix representing the attention degree of the living body detection algorithm to different parts of the attack failure sample into an initial thermodynamic diagram, wherein in the process of converting the thermodynamic diagram, the higher the numerical value of elements in the target matrix is, the darker the color of the corresponding initial thermodynamic diagram is; conversely, the lower the value of the element in the target matrix, the lighter the color of the initial thermodynamic diagram.
Further, the initial thermodynamic diagram and the attack failure sample are subjected to superposition processing, so that an algorithm thermodynamic diagram representing the attention condition of a living body detection algorithm during living body detection on the attack failure sample can be obtained; the darker the color part in the algorithm thermodynamic diagram, the more attention the part is paid to when the living body detection algorithm performs living body detection on the sample with attack failure; conversely, the lighter the color of the portion of the algorithmic thermodynamic diagram, the less attention the liveness detection algorithm is characterized to pay to the portion when performing liveness detection on an attack-failed sample.
In the embodiment of the specification, in the testing process, an attack failure sample can be input as a trained live body detection algorithm, live body detection is performed on the attack failure sample by using the live body detection algorithm, a reverse gradient matrix of each feature map of the attack failure sample is extracted when the live body detection algorithm is combined with a preset hook function to perform live body detection on the attack failure sample, and an algorithm thermodynamic diagram capable of representing the attention situation of the live body detection algorithm in the live body detection on the attack failure sample is generated by combining the reverse gradient matrix of each feature map.
S307: determining a non-emphasized region of interest of the liveness detection algorithm on the attack failure sample based on the algorithm thermodynamic diagram.
In the embodiment of the present specification, after the algorithm thermodynamic diagram is obtained, an area with a lighter color in the algorithm thermodynamic diagram may be used as a non-key attention area; taking a region with darker color in the algorithm thermodynamic diagram as a key attention region;
in a specific embodiment, as shown in fig. 5, fig. 5 is a gray scale diagram of an algorithm thermodynamic diagram corresponding to an attack failure sample provided in an embodiment of the present specification, where in fig. 5, due to the algorithm thermodynamic diagram after gray scale processing, the degree of distinction between a region of interest and a region of non-interest is not high, and it can be seen in an actual algorithm thermodynamic diagram (color), and a region 100 (a region with a darker color) in the diagram is a region of interest of a biopsy algorithm on the attack failure sample; the 100 divided area in the figure is a non-important attention area of the biopsy algorithm on the attack failure sample. In addition, in order to protect privacy, the face region in the algorithm thermodynamic diagram is partially mosaicked in fig. 5, and the mosaic processing is not required in the actual algorithm thermodynamic diagram.
S309: and attacking the non-key attention area of the attack failure sample to obtain a first attack test sample.
In practical application, because the living body detection algorithm focuses on the key focus area of the attack failure sample, the living body detection algorithm is correspondingly free of loopholes and high in living body detection accuracy, after the non-key focus area of the attack failure sample is attacked, the living body detection is carried out, and the detection result cannot be influenced.
In a specific embodiment, attacking the non-significant region of interest of the attack failure sample, obtaining the first attack test sample may include:
1) carrying out shielding treatment on the non-key attention area of the attack failure sample;
2) and taking the attack failure sample after the shielding processing as the first attack test sample.
In the embodiments of the present description, a part of the non-emphasized regions may be subjected to occlusion processing, or all of the non-emphasized regions may be subjected to occlusion processing. Specifically, the blocking process may include, but is not limited to, covering the non-emphasized region of interest with paper, plastic sheeting, or the like. In a specific embodiment, the non-important region of interest of the attack failure sample corresponding to fig. 5 is subjected to the occlusion processing, as shown in fig. 6, fig. 6 is a gray scale diagram of a first attack test sample provided in the embodiment of the present application. In fig. 6, a piece of white paper is used to block part of the non-important attention area, wherein the line on the white paper is only for the tester to know about what area the whole head is located, and in practical application, the line may not be drawn, and in order to protect privacy, the face area in the first attack test sample is mosaiced in fig. 6, and the actual first attack test sample does not need to be mosaiced.
In addition, it should be noted that the attack on the non-important attention area of the attack failure sample is not limited to the above-mentioned occlusion processing, and in practical applications, other attack methods, for example, a method of editing and modifying the non-important attention area of the attack failure sample, may be adopted.
In the embodiment of the specification, the attack sample of the non-key region of interest is generated by attacking the non-key region of interest of the living body detection algorithm, and because the algorithm only focuses on the key region of interest under normal conditions, the attack on the non-key region of interest usually has no influence on the living body detection algorithm, and the attack sample of the non-key region of interest is used for carrying out attack test, so that the identification rate of the living body detection algorithm with the vulnerability can be greatly improved.
S311: and carrying out attack testing on the in-vivo detection algorithm based on the first attack testing sample.
In the embodiment of the present description, after the first attack test sample is obtained, a live body detection algorithm may be called to perform live body detection on the first attack test sample, so as to implement attack testing on the live body detection algorithm.
In other embodiments, as shown in fig. 7, the method may further include:
s313: when the attack test is successful, determining the living body detection algorithm as an algorithm to be improved;
s315: when the attack test fails, determining a key attention area of the living body detection algorithm on the attack failure sample based on the algorithm thermodynamic diagram;
s317: attacking the key attention area of the attack failure sample to obtain a second attack test sample;
s319: and carrying out attack testing on the in-vivo detection algorithm based on the second attack testing sample.
In the embodiment of the present specification, when the living body detection algorithm determines that the detection result of the living body detection on the first attack test sample is a living body, that is, the living body detection algorithm has a living body misjudgment, it may be correspondingly determined that the attack test after the attack on the non-key area of interest is successful, the living body detection algorithm fails to pass the test, and the living body detection algorithm is used as an algorithm to be improved and needs to be further improved.
Further, when the living body detection algorithm detects that the first attack test sample is a non-living body, namely under the condition that the non-key attention area is attacked, the living body detection algorithm can still accurately detect the living body, and accordingly, the attack test failure after the attack on the non-key attention area can be determined; in order to further ensure the safety of the subsequent in-vivo detection algorithm during application, the important attention area can be attacked again, and an attack sample (a second attack test sample) of the important attention area is generated.
In some embodiments, attacking the important attention area of the attack failure sample as shown in fig. 8, obtaining a second attack test sample may include:
s3171: determining a preset attack area in a key concern area of the attack failure sample;
s3173: covering the preset attack area of the attack failure sample by using the picture corresponding to the preset attack area;
s3175: and taking the shielded attack failure sample as the second attack test sample.
In this embodiment of the present description, the preset attack area may be any area in the key attention area, such as an area where eyes are located, an area where a mouth is located, and the like.
In addition, it should be noted that the attack on the important attention area of the attack failure sample is not limited to the above-mentioned blocking manner, and in practical applications, other attack manners may also be adopted, for example, adding a modifier, such as glasses, modifying an expression, and the like, to the important attention area of the attack failure sample.
Further, when the living body detection algorithm detects that the second attack test sample is a living body, that is, the living body detection algorithm has a living body misjudgment, it can be correspondingly determined that the attack test after the attack on the key attention area is successful, the living body detection algorithm fails to pass the test, and the living body detection algorithm is used as an algorithm to be improved and needs to be further improved.
In a specific embodiment, as shown in fig. 9, the attack test is performed on the live body detection algorithm based on the second attack test sample corresponding to fig. 6, and an algorithm thermodynamic diagram representing the attention situation of the live body detection algorithm when the live body detection is performed on the second attack test sample is generated; fig. 9 is a grayscale diagram of an algorithm thermodynamic diagram corresponding to a second attack test sample provided in an embodiment of the present specification, where in fig. 9, due to the grayscale processing, the degree of distinction between a region of interest and a non-region of interest is not high, and it is visible in an actual algorithm thermodynamic diagram (color), and a region 900 (a region with a darker color) in the diagram is a region of interest of the second attack test sample by a living body detection algorithm, that is, a region of interest of the living body detection algorithm is changed, which causes a living body false judgment of the living body detection algorithm, and accordingly, the living body detection algorithm fails the test.
In addition, in order to protect privacy of individuals, partial mosaic processing is also performed on the face region in the algorithm thermodynamic diagram in fig. 9, and the mosaic processing is not required in the actual algorithm thermodynamic diagram.
Further, when the living body detection algorithm detects that the second attack test sample is a non-living body, that is, when there is an attack in the key region of interest, the living body detection algorithm can still accurately perform the living body detection, and accordingly, it can be determined that the attack test fails after the attack is performed on the key region of interest, and the living body detection algorithm is determined to be a qualified algorithm.
According to the technical scheme provided by the embodiment of the specification, the attack failure sample is input as a trained live body detection algorithm, the live body detection algorithm is utilized to carry out live body detection on the attack failure sample, the reverse gradient matrix of each characteristic diagram of the attack failure sample is extracted when the live body detection algorithm carries out live body detection on the attack failure sample, the reverse gradient matrix of each characteristic diagram is combined, an algorithm thermodynamic diagram capable of representing the attention condition of the live body detection algorithm when carrying out live body detection on the attack failure sample is generated, and the problem that the attention condition of the algorithm when carrying out live body detection cannot be accurately determined due to the black box property of the algorithm in the test of the deep learning-based live body detection algorithm, so that the attack cannot be carried out on the ground is solved; then, through attacking the non-key focus area of the living body detection algorithm, an attack sample of the non-key focus area is generated, and the attack sample of the non-key focus area is used for carrying out attack test, so that the identification rate of the living body detection algorithm with the vulnerability can be greatly improved, and the safety of the subsequent algorithm in application is ensured.
An attack testing apparatus of an activity detection algorithm is further provided in an embodiment of the present application, as shown in fig. 10, the apparatus includes:
an attack failure sample acquisition module 1010, configured to acquire an attack failure sample of a live body detection algorithm;
a reverse gradient matrix obtaining module 1020, configured to obtain a reverse gradient matrix of each feature map of a preset model layer when the in-vivo detection algorithm performs the in-vivo detection on the attack failure sample;
an algorithm thermodynamic diagram generating module 1030, configured to generate an algorithm thermodynamic diagram based on the inverse gradient matrix of the respective feature maps, where the algorithm thermodynamic diagram characterizes a concern of the liveness detection algorithm in live detection of the attack-failed samples;
a non-important attention area determining module 1040, configured to determine, based on the algorithm thermodynamic diagram, a non-important attention area of the biopsy algorithm on the attack failure sample;
a non-key attention area attack module 1050, configured to attack a non-key attention area of the attack failure sample to obtain a first attack test sample;
a first attack testing module 1060 for performing an attack test on the liveness detection algorithm based on the first attack test sample.
In some embodiments, the inverse gradient matrix acquisition module may include:
the living body detection unit is used for calling the living body detection algorithm and carrying out living body detection on the attack failure sample;
and the reverse gradient matrix recording unit is used for recording a reverse gradient matrix of each characteristic diagram of the preset model layer when the in-vivo detection algorithm is used for carrying out in-vivo detection on the attack failure sample by using a preset hook function.
In some embodiments, the algorithmic thermodynamic diagram generation module may comprise:
the weight calculation unit is used for calculating the average value of the inverse gradient matrix of each feature map, and taking the average value as the weight of the feature map;
the weighted sum processing unit is used for carrying out weighted sum processing on each characteristic diagram based on the weight of the characteristic diagram to obtain a target matrix;
an initial thermodynamic diagram generating unit, configured to convert the target matrix into an initial thermodynamic diagram based on the numerical size of each element in the target matrix;
and the superposition processing unit is used for carrying out superposition processing on the initial thermodynamic diagram and the attack failure sample to obtain the algorithm thermodynamic diagram.
In some embodiments, the non-emphasized region of interest attack module may include:
the shielding processing unit is used for shielding the non-key attention area of the attack failure sample;
and the first attack test sample generation unit is used for taking the attack failure sample subjected to shielding processing as the first attack test sample.
In some embodiments, the apparatus further comprises:
the first to-be-improved algorithm determining module is used for determining the living body detection algorithm as the to-be-improved algorithm when the attack test is successful;
the key attention area determining module is used for determining a key attention area of the in-vivo detection algorithm on the attack failure sample based on the algorithm thermodynamic diagram when the attack test fails;
the key attention area attack module is used for attacking the key attention area of the attack failure sample to obtain a second attack test sample;
and the second attack testing module is used for carrying out attack testing on the in-vivo detection algorithm based on the second attack testing sample.
In some embodiments, the apparatus further comprises:
the second to-be-improved algorithm determining module is used for determining the in-vivo detection algorithm as the to-be-improved algorithm when the attack test is successful after the attack test is carried out on the in-vivo detection algorithm based on the second attack test sample;
and the qualified algorithm determining module is used for determining the living body detection algorithm as a qualified algorithm when the attack test fails.
In some embodiments, the focus area of interest attack module may include:
the preset attack area determining unit is used for determining a preset attack area in a key concern area of the attack failure sample;
the shielding unit is used for shielding the preset attack area of the attack failure sample by using the picture corresponding to the preset attack area;
and the second attack test sample generation unit is used for taking the shielded attack failure sample as the second attack test sample.
The device and method embodiments in the device embodiment are based on the same application concept.
The embodiment of the application provides an attack testing device of a live detection algorithm, the attack testing device of the live detection algorithm comprises a processor and a memory, at least one instruction or at least one section of program is stored in the memory, and the at least one instruction or the at least one section of program is loaded and executed by the processor to realize the attack testing method of the live detection algorithm provided by the method embodiment.
The memory may be used to store software programs and modules, and the processor may execute various functional applications and data processing by operating the software programs and modules stored in the memory. The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system, application programs needed by functions and the like; the storage data area may store data created according to use of the apparatus, and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory may also include a memory controller to provide the processor access to the memory.
The method provided by the embodiment of the application can be executed in a client (a mobile terminal, a computer terminal, etc.), a server or a similar computing device. Taking the operation on the client as an example, fig. 11 is a schematic structural diagram of a client provided in the embodiment of the present application, and as shown in fig. 11, the client may be used to implement the information interaction method provided in the foregoing embodiment. Specifically, the method comprises the following steps:
the client may include components such as RF (Radio Frequency) circuitry 1110, memory 1120 including one or more computer-readable storage media, input unit 1130, display unit 1140, sensors 1150, audio circuitry 1160, WiFi (wireless fidelity) module 1170, processor 1180 including one or more processing cores, and power supply 1190. Those skilled in the art will appreciate that the client architecture shown in fig. 11 does not constitute a limitation on the client, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components. Wherein:
The memory 1120 may be used to store software programs and modules, and the processor 1180 may execute various functional applications and data processing by operating the software programs and modules stored in the memory 1120. The memory 1120 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, application programs required for functions, and the like; the storage data area may store data created according to the use of the client, and the like. Further, the memory 1120 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 1120 may also include a memory controller to provide the processor 1180 and the input unit 1130 access to the memory 1120.
The input unit 1130 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, input unit 1130 may include a touch-sensitive surface 1131 as well as other input devices 1132. Touch-sensitive surface 1131, also referred to as a touch display screen or a touch pad, may collect touch operations by a user on or near the touch-sensitive surface 1131 (e.g., operations by a user on or near the touch-sensitive surface 1131 using a finger, a stylus, or any other suitable object or attachment), and drive the corresponding connection device according to a preset program. Alternatively, touch-sensitive surface 1131 may include two portions, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 1180, and can receive and execute commands sent by the processor 1180. Additionally, touch-sensitive surface 1131 may be implemented using various types of resistive, capacitive, infrared, and surface acoustic waves. The input unit 1130 may include other input devices 1132 in addition to the touch-sensitive surface 1131. In particular, other input devices 1132 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 1140 may be used to display information input by or provided to the user as well as various graphical user interfaces of the client, which may be made up of graphics, text, icons, video, and any combination thereof. The Display unit 1140 may include a Display panel 1141, and optionally, the Display panel 1141 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like. Further, touch-sensitive surface 1131 may cover display panel 1141, and when touch operation is detected on or near touch-sensitive surface 1131, the touch operation is transmitted to processor 1180 to determine the type of touch event, and processor 1180 then provides corresponding visual output on display panel 1141 according to the type of touch event. Touch-sensitive surface 1131 and display panel 1141 may be implemented as two separate components for input and output functions, although touch-sensitive surface 1131 and display panel 1141 may be integrated for input and output functions in some embodiments.
The client may also include at least one sensor 1150, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that adjusts the brightness of the display panel 1141 according to the brightness of ambient light, and a proximity sensor that turns off the display panel 1141 and/or the backlight when the client moves to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when the device is stationary, and can be used for applications (such as horizontal and vertical screen switching, related games, magnetometer attitude calibration) for identifying client gestures, and related functions (such as pedometer and tapping) for vibration identification; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which may be further configured at the client, detailed description is omitted here.
WiFi belongs to short distance wireless transmission technology, and the client can help the user send and receive e-mail, browse web page and access streaming media, etc. through WiFi module 1170, which provides wireless broadband internet access for the user. Although fig. 11 shows the WiFi module 1170, it is understood that it does not belong to the essential constitution of the client and can be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 1180 is a control center of the client, connects various parts of the whole client by using various interfaces and lines, and executes various functions and processes data of the client by running or executing software programs and/or modules stored in the memory 1120 and calling data stored in the memory 1120, thereby performing overall monitoring of the client. Optionally, processor 1180 may include one or more processing cores; preferably, the processor 1180 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated within processor 1180.
The client further includes a power supply 1190 (such as a battery) for supplying power to various components, and preferably, the power supply may be logically connected to the processor 1180 through a power management system, so that functions of managing charging, discharging, power consumption management, and the like are implemented through the power management system. Power supply 1190 may also include one or more dc or ac power supplies, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, or any other component.
Although not shown, the client may further include a camera, a bluetooth module, and the like, which are not described herein again. Specifically, in this embodiment, the display unit of the client is a touch screen display, the client further includes a memory and one or more programs, where the one or more programs are stored in the memory and configured to be executed by the one or more processors according to the instructions of the method embodiments of the present invention.
Embodiments of the present application further provide a storage medium that can be disposed in a device to store at least one instruction related to an attack testing method for implementing a living body detection algorithm in the method embodiments, or at least one program, where the at least one instruction or the at least one program is loaded and executed by the processor to implement the attack testing method for a living body detection algorithm provided in the method embodiments.
Alternatively, in this embodiment, the storage medium may be located in at least one network server of a plurality of network servers of a computer network. Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
As can be seen from the above-mentioned embodiments of the attack testing method, apparatus, device, server or storage medium of the in vivo detection algorithm provided by the present application, in the present application, the attack failure sample is input as a trained in vivo detection algorithm, and by using the in vivo detection algorithm, performing a live detection on the attack failure sample, and when the live detection algorithm performs the live detection on the attack failure sample, extracting the reverse gradient matrix of each characteristic diagram of the attack failure sample, combining the reverse gradient matrix of each characteristic diagram to generate an algorithm thermodynamic diagram which can represent the attention condition of the in-vivo detection algorithm in the in-vivo detection of the attack failure sample, solving the problem that in the test of the in-vivo detection algorithm based on deep learning, due to the limitation of the black box property of the algorithm, the attention condition of the algorithm during the live body detection cannot be accurately determined, so that the problem that the attack cannot be carried out on the ground is solved; then, through attacking the non-key focus area of the living body detection algorithm, an attack sample of the non-key focus area is generated, and the attack sample of the non-key focus area is used for carrying out attack test, so that the identification rate of the living body detection algorithm with the vulnerability can be greatly improved, and the safety of the subsequent algorithm in application is ensured.
It should be noted that: the sequence of the embodiments of the present application is only for description, and does not represent the advantages and disadvantages of the embodiments. And specific embodiments thereof have been described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus, device, server and storage medium embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and in relation to the description, reference may be made to some of the description of the method embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware to implement the above embodiments, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk, an optical disk, or the like.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (9)
1. A method of attack testing of a live detection algorithm, the method comprising:
acquiring attack failure samples of a living body detection algorithm;
acquiring a reverse gradient matrix of each characteristic diagram of a preset model layer when the in-vivo detection algorithm performs in-vivo detection on the attack failure sample;
calculating the average value of the inverse gradient matrix of each feature map, and taking the average value as the weight of the feature map; carrying out weighted summation processing on each characteristic diagram based on the weight of the characteristic diagram to obtain a target matrix; converting the target matrix into an initial thermodynamic diagram based on the numerical size of each element in the target matrix; overlapping the initial thermodynamic diagram and the attack failure sample to obtain an algorithm thermodynamic diagram, wherein the algorithm thermodynamic diagram represents the attention condition of the in-vivo detection algorithm in the process of performing in-vivo detection on the attack failure sample;
determining a non-important attention area of the in-vivo detection algorithm on the attack failure sample based on the algorithm thermodynamic diagram;
attacking the non-key attention area of the attack failure sample to obtain a first attack test sample;
and carrying out attack testing on the in-vivo detection algorithm based on the first attack testing sample.
2. The method of claim 1, wherein when the living body detection algorithm performs living body detection on the attack failure samples, the obtaining of the inverse gradient matrix of each feature map of the preset model layer comprises:
calling the in-vivo detection algorithm to carry out in-vivo detection on the attack failure sample;
and when the in-vivo detection algorithm is used for carrying out the in-vivo detection on the attack failure sample, a preset hook function is used for recording the reverse gradient matrix of each characteristic diagram of the preset model layer.
3. The method of claim 1, wherein the attacking the non-emphasized region of interest of the attack failure sample to obtain a first attack test sample comprises:
carrying out shielding treatment on the non-key attention area of the attack failure sample;
and taking the attack failure sample after the shielding processing as the first attack test sample.
4. The method of claim 1, wherein after the attack testing of the liveness detection algorithm based on the first attack test sample, the method further comprises:
when the attack test is successful, determining the living body detection algorithm as an algorithm to be improved;
when the attack test fails, determining a key attention area of the living body detection algorithm on the attack failure sample based on the algorithm thermodynamic diagram;
attacking the key attention area of the attack failure sample to obtain a second attack test sample;
and carrying out attack testing on the in-vivo detection algorithm based on the second attack testing sample.
5. The method of claim 4, wherein after the attack testing of the liveness detection algorithm based on the second attack test sample, the method further comprises:
when the attack test is successful, determining the living body detection algorithm as an algorithm to be improved;
and when the attack test fails, determining the living body detection algorithm as a qualified algorithm.
6. The method of claim 4, wherein attacking the important attention area of the attack failure sample to obtain a second attack test sample comprises:
determining a preset attack area in a key concern area of the attack failure sample;
covering the preset attack area of the attack failure sample by using the picture corresponding to the preset attack area;
and taking the shielded attack failure sample as the second attack test sample.
7. An attack testing apparatus for a living body detection algorithm, the apparatus comprising:
the attack failure sample acquisition module is used for acquiring an attack failure sample of the in-vivo detection algorithm;
the reverse gradient matrix acquisition module is used for acquiring a reverse gradient matrix of each characteristic diagram of a preset model layer when the in-vivo detection algorithm carries out in-vivo detection on the attack failure sample;
an algorithmic thermodynamic diagram generation module, the algorithmic thermodynamic diagram generation module comprising: the weight calculation unit is used for calculating the average value of the inverse gradient matrix of each feature map, and taking the average value as the weight of the feature map; the weighted sum processing unit is used for carrying out weighted sum processing on each characteristic diagram based on the weight of the characteristic diagram to obtain a target matrix; an initial thermodynamic diagram generating unit, configured to convert the target matrix into an initial thermodynamic diagram based on the numerical size of each element in the target matrix; the superposition processing unit is used for carrying out superposition processing on the initial thermodynamic diagram and the attack failure sample to obtain an algorithm thermodynamic diagram, and the algorithm thermodynamic diagram represents the attention condition of the in-vivo detection algorithm in the process of carrying out in-vivo detection on the attack failure sample;
a non-emphasis region-of-interest determination module, configured to determine, based on the algorithm thermodynamic diagram, a non-emphasis region of interest of the in-vivo detection algorithm on the attack failure sample;
the non-key attention area attack module is used for attacking the non-key attention area of the attack failure sample to obtain a first attack test sample;
and the first attack testing module is used for carrying out attack testing on the in-vivo detection algorithm based on the first attack testing sample.
8. An attack testing device for a live detection algorithm, the device comprising a processor and a memory, the memory having at least one instruction or at least one program stored therein, the at least one instruction or the at least one program being loaded and executed by the processor to implement an attack testing method for a live detection algorithm according to any one of claims 1 to 6.
9. A computer-readable storage medium, wherein at least one instruction or at least one program is stored, and the at least one instruction or the at least one program is loaded and executed by a processor to implement the attack testing method of the liveness detection algorithm according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010504606.4A CN111756705B (en) | 2020-06-05 | 2020-06-05 | Attack testing method, device, equipment and storage medium of in-vivo detection algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010504606.4A CN111756705B (en) | 2020-06-05 | 2020-06-05 | Attack testing method, device, equipment and storage medium of in-vivo detection algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111756705A CN111756705A (en) | 2020-10-09 |
| CN111756705B true CN111756705B (en) | 2021-09-14 |
Family
ID=72674735
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010504606.4A Active CN111756705B (en) | 2020-06-05 | 2020-06-05 | Attack testing method, device, equipment and storage medium of in-vivo detection algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111756705B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016184325A1 (en) * | 2015-05-21 | 2016-11-24 | 腾讯科技(深圳)有限公司 | Identity authentication method, terminal and server |
| CN109446981A (en) * | 2018-10-25 | 2019-03-08 | 腾讯科技(深圳)有限公司 | A kind of face's In vivo detection, identity identifying method and device |
| CN110287767A (en) * | 2019-05-06 | 2019-09-27 | 深圳市华付信息技术有限公司 | Can attack protection biopsy method, device, computer equipment and storage medium |
| CN110444208A (en) * | 2019-08-12 | 2019-11-12 | 浙江工业大学 | A kind of speech recognition attack defense method and device based on gradient estimation and CTC algorithm |
| CN111126246A (en) * | 2019-12-20 | 2020-05-08 | 河南中原大数据研究院有限公司 | Human face living body detection method based on 3D point cloud geometric features |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8925070B2 (en) * | 2009-12-17 | 2014-12-30 | Verizon Patent And Licensing Inc. | Method and apparatus for providing user authentication based on user actions |
-
2020
- 2020-06-05 CN CN202010504606.4A patent/CN111756705B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016184325A1 (en) * | 2015-05-21 | 2016-11-24 | 腾讯科技(深圳)有限公司 | Identity authentication method, terminal and server |
| CN109446981A (en) * | 2018-10-25 | 2019-03-08 | 腾讯科技(深圳)有限公司 | A kind of face's In vivo detection, identity identifying method and device |
| CN110287767A (en) * | 2019-05-06 | 2019-09-27 | 深圳市华付信息技术有限公司 | Can attack protection biopsy method, device, computer equipment and storage medium |
| CN110444208A (en) * | 2019-08-12 | 2019-11-12 | 浙江工业大学 | A kind of speech recognition attack defense method and device based on gradient estimation and CTC algorithm |
| CN111126246A (en) * | 2019-12-20 | 2020-05-08 | 河南中原大数据研究院有限公司 | Human face living body detection method based on 3D point cloud geometric features |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111756705A (en) | 2020-10-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110348543B (en) | Fundus image recognition method and device, computer equipment and storage medium | |
| CN108304758B (en) | Face characteristic point tracking method and device | |
| CN110827378B (en) | Virtual image generation method, device, terminal and storage medium | |
| CN111262887B (en) | Network risk detection method, device, equipment and medium based on object characteristics | |
| US20150317837A1 (en) | Command displaying method and command displaying device | |
| CN109993150B (en) | Method and device for identifying age | |
| CN108551519B (en) | Information processing method, device, storage medium and system | |
| CN111476306A (en) | Object detection method, device, equipment and storage medium based on artificial intelligence | |
| CN111104980B (en) | Method, device, equipment and storage medium for determining classification result | |
| WO2020048392A1 (en) | Application virus detection method, apparatus, computer device, and storage medium | |
| CN111275122A (en) | Label labeling method, device, equipment and readable storage medium | |
| CN111738365B (en) | Image classification model training method and device, computer equipment and storage medium | |
| CN114722937A (en) | Abnormal data detection method and device, electronic equipment and storage medium | |
| CN108287738A (en) | A kind of application control method and device | |
| CN108647566B (en) | Method and terminal for identifying skin characteristics | |
| CN112818733B (en) | Information processing method, device, storage medium and terminal | |
| CN111984803B (en) | Multimedia resource processing method and device, computer equipment and storage medium | |
| WO2019015574A1 (en) | Unlocking control method and related product | |
| CN111756705B (en) | Attack testing method, device, equipment and storage medium of in-vivo detection algorithm | |
| CN114510417A (en) | Image rendering effect testing method and device, electronic equipment and storage medium | |
| CN114140655A (en) | Image classification method and device, storage medium and electronic equipment | |
| CN111897709A (en) | Method, device, electronic equipment and medium for monitoring user | |
| CN108829600B (en) | Method and device for testing algorithm library, storage medium and electronic equipment | |
| CN111414496A (en) | Artificial intelligence-based multimedia file detection method and device | |
| CN111797754A (en) | Image detection method, device, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |