CN111767786A - Anti-attack method and device based on three-dimensional dynamic interaction scene - Google Patents

Anti-attack method and device based on three-dimensional dynamic interaction scene Download PDF

Info

Publication number
CN111767786A
CN111767786A CN202010394266.4A CN202010394266A CN111767786A CN 111767786 A CN111767786 A CN 111767786A CN 202010394266 A CN202010394266 A CN 202010394266A CN 111767786 A CN111767786 A CN 111767786A
Authority
CN
China
Prior art keywords
frame
attacked
attack
agent
historical
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010394266.4A
Other languages
Chinese (zh)
Other versions
CN111767786B (en
Inventor
刘艾杉
刘祥龙
徐一涛
吴庆涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN202210689005.4A priority Critical patent/CN115063790A/en
Priority to CN202010394266.4A priority patent/CN111767786B/en
Publication of CN111767786A publication Critical patent/CN111767786A/en
Application granted granted Critical
Publication of CN111767786B publication Critical patent/CN111767786B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V20/00Scenes; Scene-specific elements
    • G06V20/60Type of objects
    • G06V20/64Three-dimensional objects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/70Arrangements for image or video recognition or understanding using pattern recognition or machine learning
    • G06V10/77Processing image or video features in feature spaces; using data integration or data reduction, e.g. principal component analysis [PCA] or independent component analysis [ICA] or self-organising maps [SOM]; Blind source separation
    • G06V10/774Generating sets of training patterns; Bootstrap methods, e.g. bagging or boosting

Abstract

The invention discloses an anti-attack method and device based on a three-dimensional dynamic interaction scene. Firstly, selecting a frame to be attacked in a historical frame of an agent by combining an attention mechanism; aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample; and finally, the countermeasure sample is utilized to carry out countermeasure attack on the intelligent body, so that the problem in the traditional static scene attack is avoided, and the attack effect in the three-dimensional dynamic interaction scene is far superior to that of the traditional attack method.

Description

Anti-attack method and device based on three-dimensional dynamic interaction scene
Technical Field
The invention relates to an attack resisting method based on a three-dimensional dynamic interaction scene, and simultaneously relates to a corresponding attack resisting device, belonging to the technical field of machine learning.
Background
The artificial intelligence field has a long-standing technical problem: how to make an agent that can sense the surrounding environment, perform human-computer interaction, and accomplish a given task through a specific sequence of actions. In recent years, deep learning has achieved remarkable achievements in a plurality of challenging fields such as computer vision and natural language processing, and the deep learning also becomes a core module for constructing environment interactive intelligent agents. Researchers have combined computer vision with deep learning models in the natural language processing field in an attempt to build agents that meet the above requirements.
At present, researchers have conducted numerous studies on environmental interactive agent navigation and question-answering tasks using deep learning. In the task, the intelligent objects are randomly placed in the virtual environment, and given the problem described by the natural language, the intelligent navigation is required to be carried out in the environment according to the first-person perspective, the target place is reached, and the given specific task is completed. Researchers can enable the intelligent agents to learn active perception, common sense reasoning and score distribution in the virtual environment, and the intelligent agents can achieve good performance in the virtual environment.
On the other hand, confrontational samples are becoming a research focus in the field of deep learning. Since the environment interactive agent decision depends on the deep learning model, the robustness of the environment interactive agent decision is threatened by the confrontation sample. Therefore, in the scene of resisting the existence of the sample, the safety and the robustness of the intelligent agent have great hidden dangers. For three-dimensional (3D) scenes, researchers have proposed many methods of attacking deep learning models. However, most of those attack methods focus on static space issues only.
The environment interactive intelligent agent navigation and question-answering task is different from the deep learning task of a static scene, and the particularity of the environment interactive intelligent agent navigation and question-answering task lies in that: the agent can move, interact, navigate autonomously in the virtual environment in which it is located, and communicate with humans. The method is consistent with the traditional static scene problem, so that due to the fact that factors such as the angle and the distance of an intelligent agent for observing an object cause noise content change, the intelligent agent can easily ignore noise in the environment, and further poor attack results are caused.
Disclosure of Invention
The invention aims to provide an attack resisting method based on a three-dimensional dynamic interaction scene.
The invention provides an anti-attack device based on a three-dimensional dynamic interaction scene.
In order to achieve the purpose, the invention adopts the following technical scheme:
according to a first aspect of the embodiments of the present invention, there is provided a method for countering attacks based on a three-dimensional dynamic interaction scene, including the following steps:
selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
and carrying out counterattack on the agent by utilizing the counterattack sample.
Preferably, the attention mechanism is combined with historical frames of the agent, and the frame to be attacked is selected, specifically including:
calculating the decision contribution degree of each historical frame to the agent;
carrying out normalization processing on the decision contribution degree of each historical frame to obtain the weight of each historical frame;
the weights are sorted by a small order, and the top M (M > 0) historical frames are designated as the frames to be attacked.
Preferably, the calculation formula of the decision contribution degree is as follows:
Figure BDA0002487033030000021
in formula (1), y is the correct category, and Z is the feature of the current historical frame at a specific layer of the neural network,
Figure BDA0002487033030000022
the ith row and jth column values representing the nth neuron in the current network feature, u and v represent the height and width, respectively, of a particular layer feature of the neural network.
Preferably, the calculation formula of the weight is:
Figure BDA0002487033030000023
in the formula (2), μ is the mean value of the weights of the historical frames, σ is the variance of the historical frames, and e is a very small nonzero value for avoiding the situation that the denominator is zero.
Wherein preferably, specifically include:
acquiring the three-dimensional attribute of an environmental object appearing in a frame to be attacked;
constructing a conductive renderer, and optimizing three-dimensional counternoise by using a gradient descent algorithm and combining with a loss function of an intelligent agent;
and correspondingly adding three-dimensional counternoise into the three-dimensional attributes of the environmental object appearing in the frame to be attacked, thereby forming a corresponding countersample.
Preferably, after the three-dimensional counternoise is correspondingly added to the three-dimensional attribute of the environmental object appearing in the frame to be attacked, the method further comprises the following steps:
and when the loss function of the agent reaches a preset condition, stopping generating the countermeasure sample.
Preferably, the expression of the loss function is:
Figure BDA0002487033030000031
in the formula (3), xmRepresenting the mth environmental object in the current frame to be attacked, y is a real label, lambda is used for balancing the attack effect and the visual effect, and xadvIs expressed according to xmThe generated environmental object with the resistance to the attack,
Figure BDA0002487033030000032
is a decision model for an agent that is,
Figure BDA0002487033030000033
for a conductive renderer, C is the current environment variable, C is the distribution of the environment variables, Ec~CIndicating that the environment variable corresponds to the expectation.
Preferably, the expression of the countermeasure sample is:
Figure BDA0002487033030000034
in the formula (4), phimThree-dimensional Properties, S, representing the mth Environment object in the Current historical framekRepresenting all objects in the current frame to be attacked, K being the total number of objects in the current history frame, the function Φ () representing the environmental object selected from the K objects of the current history frame,
Figure BDA0002487033030000035
is the weight of the current historical frame.
Preferably, the attack effect loss function is defined as:
Figure BDA0002487033030000036
the visual effects loss function is defined as:
Figure BDA0002487033030000037
wherein, P represents the probability of the agent in decision, and S represents the frame to be attacked.
According to a second aspect of the embodiments of the present invention, there is provided an anti-attack apparatus based on a three-dimensional dynamic interaction scenario, including a processor and a memory, where the processor reads a computer program in the memory to perform the following operations:
selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
and carrying out counterattack on the agent by utilizing the counterattack sample.
The embodiment of the invention provides an anti-attack method based on a three-dimensional dynamic interaction scene, which is characterized in that a frame to be attacked is selected from historical frames of an agent by combining an attention mechanism, so that the optimal attack position is determined; and then, introducing a conductive rendering process to generate a confrontation sample, and finally, utilizing the confrontation sample to carry out confrontation attack, thereby avoiding the problems in the traditional static scene attack and enabling the attack effect in the three-dimensional dynamic interactive scene to be far superior to that of the traditional attack method.
Drawings
FIG. 1 is a flow chart of a method for countering attacks provided by the present invention;
fig. 2 is a diagram illustrating a structure of an attack-countermeasure apparatus according to the present invention.
Detailed Description
The technical contents of the invention are described in detail below with reference to the accompanying drawings and specific embodiments.
Deep learning has now achieved excellent success in a number of challenging areas such as computer vision and natural language processing. In the field of related research of intelligent agents, deep learning is an indispensable tool, and core modules of environment interactive intelligent agent navigation and question-answering tasks are composed of deep learning models. In the task, the intelligent objects are randomly placed in a simulation environment, and given the problem described by the natural language, the intelligent navigation is required to be carried out in the environment according to the first-person perspective, the target place is reached, and the given specific task is completed. Although agents perform well in a virtual environment, virtual environments often lack the noise that is inevitable in real environments, such as confrontational samples.
The countermeasure samples are the samples generated by slightly adjusting the original samples, which have no influence on the cognition and object recognition of human beings, but they can mislead the deep neural network to make wrong decisions, which poses a serious security threat to the practical application of machine learning in the digital and physical world. Since the three-dimensional dynamic interactive agent decision depends on a deep learning model, the robustness of the three-dimensional dynamic interactive agent decision is threatened by the countersample. Challenge samples refer to a very subtle noise of design that is indistinguishable to the human eye but devastating to deep learning models:
Fθ(xadv)≠y s.t.||x-xadv||<
where x denotes a normal sample, xadvRepresenting a challenge sample. x and xadvThe distance is smaller, but the deep learning model F misclassifies it.
As shown in fig. 1, the attack countermeasure method based on the three-dimensional dynamic interaction scene provided by the embodiment of the present invention includes the following steps:
101. selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
specifically, the method comprises the following steps:
1011. calculating the decision contribution degree of each historical frame to the agent;
the calculation formula of the decision contribution degree is as follows:
Figure BDA0002487033030000051
in formula (1), y is the correct category, and Z is the feature of the current historical frame at a specific layer of the neural network,
Figure BDA0002487033030000052
the ith row and jth column values representing the nth neuron in the current network feature, u and v represent the height and width, respectively, of a particular layer feature of the neural network.
1012. Carrying out normalization processing on the decision contribution degree of each historical frame to obtain the weight of each historical frame;
the calculation formula of the weight is as follows:
Figure BDA0002487033030000053
in the formula (2), μ is the mean value of the weights of the historical frames, σ is the variance of the historical frames, and e is a very small nonzero value for avoiding the situation that the denominator is zero.
1013. The weights are sorted by a small order, and the top M (M > 0) historical frames are designated as the frames to be attacked.
In the existing method, the three-dimensional physical attributes of the object are often modified in a static scene, or the information acquired from a static view is often operated in a non-interactive scene. If the particularity of the three-dimensional dynamic interactive intelligent agent on the time dimension and the space dimension is ignored and the three-dimensional dynamic interactive intelligent agent is treated in accordance with the problem of the traditional static scene, the noise content changes due to factors such as the angle and the distance of the intelligent agent for observing the object, the intelligent agent can easily ignore the noise in the environment, and the poor attack result is further caused.
In the embodiment of the invention, when making a current decision, an agent in the three-dimensional dynamic interactive scene does not only depend on the currently seen picture of the frame, but also depends on the previously seen picture of the historical frame. Therefore, the most important frame for the current decision is needed to be found in the historical frames passed by the agent for attack. The "most important" assessment needs to be performed by the decision degree or weight of each historical frame. It is assumed that the found frames to be attacked are the 3 rd frame, the 6 th frame and the 9 th frame in the history frames.
102. Aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
specifically, the method comprises the following steps:
1021. acquiring the three-dimensional attribute of an environmental object appearing in a frame to be attacked;
in the embodiment of the invention, the environmental objects are all objects appearing in the frame to be attacked; the three-dimensional properties are physical properties of each object, for example: shape, texture, etc. Physical attributes of all objects appearing at frames 3, 6 and 9 are obtained.
1022. Constructing a conductive renderer, and optimizing three-dimensional counternoise by using a gradient descent algorithm and combining with a loss function of an intelligent agent;
in the embodiment of the invention, the gradient descent algorithm is simple and convenient, and can be quickly optimized according to the three-dimensional attributes of the environmental object. Since the 2D picture is seen by the agent, we need to render the three-dimensional object as a 2D picture through the conductive renderer when we change the three-dimensional attributes of the environmental object.
The expression of the loss function is:
Figure BDA0002487033030000061
in the formula (3), xmRepresenting the mth environmental object in the current frame to be attacked, y is a real label, lambda is used for balancing the attack effect and the visual effect, and xadvIs expressed according to xmThe generated environmental object with the resistance to the attack,
Figure BDA0002487033030000062
is a decision model for an agent that is,
Figure BDA0002487033030000063
for a conductive renderer, C is the current environment variable, C is the distribution of the environment variables, Ec~CIndicating that the environment variable corresponds to the expectation.
The environmental object with the resistance to attack is the environmental object with the noise increased. Assuming that the pattern of the table in frame 3 is modified, the modified table in frame 3 is an environmental object with anti-attack property.
The attack effect loss function is defined as:
Figure BDA0002487033030000064
the visual effects loss function is defined as:
Figure BDA0002487033030000065
wherein, P represents the probability of the agent in decision, and S represents the frame to be attacked.
The effect of the attack effect loss function is to mislead the model of the three-dimensional dynamic interaction scene agent to make a wrong decision. The visual effect loss function has the function of ensuring that the attribute of the attack sample is close to that before the attack, and further ensuring that the visual effect of the confrontation sample is basically unchanged before and after the attack.
1023. Correspondingly adding three-dimensional counternoise into the three-dimensional attributes of the environmental object appearing in the frame to be attacked, thereby forming a corresponding countersample;
the expression of the challenge sample is:
Figure BDA0002487033030000071
in the formula (4), phimThree-dimensional Properties, S, representing the mth Environment object in the Current historical framekRepresenting all objects in the current frame to be attacked, K being the total number of objects in the current history frame, the function Φ () representing the environmental object selected from the K objects of the current history frame,
Figure BDA0002487033030000072
is the weight of the current historical frame.
1024. And when the loss function of the agent reaches a preset condition, stopping generating the countermeasure sample.
In the embodiment of the invention, the three-dimensional attribute is changed in the optimization process, so that the loss function is minimized. And calculating a loss function through an iterative algorithm, and stopping generating the countermeasure sample when the iteration number reaches a preset threshold value or the value of the added noise reaches a preset upper limit.
103. And carrying out counterattack on the agent by utilizing the counterattack sample.
In the embodiment of the invention, the frame which is most important for the intelligent agent to make a decision in the historical frames is taken as the frame to be attacked. The frame to be attacked represents the optimal attack position, and the optimal attack is carried out aiming at each object in the frame to be attacked, so that the attack effect can be ensured to the maximum extent. In the process of optimizing the attack, the three-dimensional attributes of the environment object are changed through a conductive renderer and a gradient descent algorithm, so that three-dimensional counternoise is increased for the environment object of the frame pair to be attacked; and the three-dimensional countermeasure noise is constrained by a loss function. Therefore, the problems in the traditional static scene attack are avoided, and the attack effect in the three-dimensional dynamic interactive scene is far superior to that of the traditional attack method.
Further, the present invention also provides an anti-attack apparatus based on a three-dimensional dynamic interaction scenario, as shown in fig. 2, which includes a processor 22 and a memory 21, and may further include a communication component, a sensor component, a power component, a multimedia component, and an input/output interface according to actual needs. The memory, communication components, sensor components, power components, multimedia components, and input/output interfaces are coupled to the processor 22. As mentioned above, the memory 21 in the node device may be a Static Random Access Memory (SRAM), an Electrically Erasable Programmable Read Only Memory (EEPROM), an Erasable Programmable Read Only Memory (EPROM), a Programmable Read Only Memory (PROM), a Read Only Memory (ROM), a magnetic memory, a flash memory, etc., and the processor may be a Central Processing Unit (CPU), a Graphic Processing Unit (GPU), a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), a Digital Signal Processing (DSP) chip, etc. Other communication components, sensor components, power components, multimedia components, etc. may be implemented using common components found in existing smartphones and are not specifically described herein.
On the other hand, in the above-mentioned three-dimensional dynamic interaction scenario-based counter attack apparatus, the processor 22 reads the computer program in the memory 21 for performing the following operations:
selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
and carrying out counterattack on the agent by utilizing the counterattack sample.
In the embodiment of the invention, the frame which is most important for the intelligent agent to make a decision is found as the frame to be attacked; then, the three-dimensional attributes of all environment objects in the frame to be attacked are attacked, so that the purpose of deceiving the intelligent agent can be achieved. Furthermore, the robustness and stability of the intelligent agent in a three-dimensional dynamic interaction scene are improved.
The method and the device for resisting attacks based on the three-dimensional dynamic interaction scene provided by the invention are explained in detail above. It will be apparent to those skilled in the art that any obvious modifications thereof can be made without departing from the spirit of the invention, which infringes the patent right of the invention and bears the corresponding legal responsibility.

Claims (10)

1. An attack resisting method based on a three-dimensional dynamic interaction scene is characterized by comprising the following steps:
selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
and carrying out counterattack on the agent by utilizing the counterattack sample.
2. The method according to claim 1, wherein the method for resisting attack in combination with the attention mechanism selects a frame to be attacked from the historical frames of the agent, and specifically comprises:
calculating the decision contribution degree of each historical frame to the agent;
carrying out normalization processing on the decision contribution degree of each historical frame to obtain the weight of each historical frame;
and ordering the weights by a small order, and designating the first M historical frames as frames to be attacked, wherein M is greater than 0.
3. The method of combating attacks according to claim 2, wherein said decision contribution is calculated by the formula:
Figure FDA0002487033020000011
wherein y is the correct category, Z is the characteristic of the current historical frame at a specific layer of the neural network,
Figure FDA0002487033020000012
the ith row and jth column values representing the nth neuron in the current network feature, u and v represent the height and width, respectively, of a particular layer feature of the neural network.
4. The method of combating attacks according to claim 3, wherein said weights are calculated by the formula:
Figure FDA0002487033020000013
wherein, mu is the average value of the weight of each historical frame, sigma is the variance of each historical frame, and epsilon is a very small non-zero value for avoiding the condition that the denominator is zero.
5. The method according to claim 1, wherein the introducing a renderable process to the environment object of the frame to be attacked generates the countersample, specifically comprising:
acquiring the three-dimensional attribute of an environmental object appearing in a frame to be attacked;
constructing a conductive renderer, and optimizing three-dimensional counternoise by using a gradient descent algorithm and combining with a loss function of an intelligent agent;
and correspondingly adding three-dimensional counternoise into the three-dimensional attributes of the environmental object appearing in the frame to be attacked, thereby forming a corresponding countersample.
6. The method for resisting attack according to claim 5, wherein after the three-dimensional counternoise is correspondingly added to the three-dimensional attributes of the environmental object appearing in the frame to be attacked, the method further comprises:
and when the loss function of the agent reaches a preset condition, stopping generating the countermeasure sample.
7. The method of combating attack of claim 6, wherein said penalty function is expressed by:
Figure FDA0002487033020000021
wherein x ismRepresenting the mth environment object in the current frame to be attacked, y is a real label, and lambda is used for weighing attackImpact and visual effects, xadvIs expressed according to xmThe generated environmental object with the resistance to the attack,
Figure FDA0002487033020000027
is a decision model for an agent that is,
Figure FDA0002487033020000026
for a conductive renderer, C is the current environment variable, C is the distribution of the environment variables, Ec~CIndicating that the environment variable corresponds to the expectation.
8. The method of combating attack of claim 7, wherein said challenge samples are expressed by:
Figure FDA0002487033020000022
wherein phi ismThree-dimensional Properties, S, representing the mth Environment object in the Current historical framekRepresenting all objects in the current frame to be attacked, K being the total number of objects in the current history frame, the function Φ () representing the environmental object selected from the K objects of the current history frame,
Figure FDA0002487033020000023
is the weight of the current historical frame.
9. The method of combating attack of claim 8, wherein said attack effect loss function is:
Figure FDA0002487033020000024
the visual effect loss function is:
Figure FDA0002487033020000025
wherein, P represents the probability of the agent in decision, and S represents the frame to be attacked.
10. An apparatus for countering attacks based on a three-dimensional dynamic interaction scenario, comprising a processor and a memory, wherein the processor reads a computer program in the memory and executes the following operations:
selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
and carrying out counterattack on the agent by utilizing the counterattack sample.
CN202010394266.4A 2020-05-11 2020-05-11 Anti-attack method and device based on three-dimensional dynamic interaction scene Active CN111767786B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210689005.4A CN115063790A (en) 2020-05-11 2020-05-11 Anti-attack method and device based on three-dimensional dynamic interaction scene
CN202010394266.4A CN111767786B (en) 2020-05-11 2020-05-11 Anti-attack method and device based on three-dimensional dynamic interaction scene

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010394266.4A CN111767786B (en) 2020-05-11 2020-05-11 Anti-attack method and device based on three-dimensional dynamic interaction scene

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202210689005.4A Division CN115063790A (en) 2020-05-11 2020-05-11 Anti-attack method and device based on three-dimensional dynamic interaction scene

Publications (2)

Publication Number Publication Date
CN111767786A true CN111767786A (en) 2020-10-13
CN111767786B CN111767786B (en) 2023-01-24

Family

ID=72719112

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202210689005.4A Pending CN115063790A (en) 2020-05-11 2020-05-11 Anti-attack method and device based on three-dimensional dynamic interaction scene
CN202010394266.4A Active CN111767786B (en) 2020-05-11 2020-05-11 Anti-attack method and device based on three-dimensional dynamic interaction scene

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202210689005.4A Pending CN115063790A (en) 2020-05-11 2020-05-11 Anti-attack method and device based on three-dimensional dynamic interaction scene

Country Status (1)

Country Link
CN (2) CN115063790A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112434791A (en) * 2020-11-13 2021-03-02 北京圣涛平试验工程技术研究院有限责任公司 Multi-agent strong countermeasure simulation method and device and electronic equipment
CN114492059A (en) * 2022-02-07 2022-05-13 清华大学 Multi-agent confrontation scene situation assessment method and device based on field energy

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109948658A (en) * 2019-02-25 2019-06-28 浙江工业大学 The confrontation attack defense method of Feature Oriented figure attention mechanism and application
US20190230099A1 (en) * 2018-01-19 2019-07-25 General Electric Company Learning method and system for separating independent and dependent attacks
CN110210573A (en) * 2019-06-11 2019-09-06 腾讯科技(深圳)有限公司 Fight generation method, device, terminal and the storage medium of image
CN110334749A (en) * 2019-06-20 2019-10-15 浙江工业大学 Confrontation attack defending model, construction method and application based on attention mechanism
CN110334808A (en) * 2019-06-12 2019-10-15 武汉大学 A kind of confrontation attack defense method based on confrontation sample training
CN112836798A (en) * 2021-01-29 2021-05-25 华中科技大学 Non-directional white-box attack resisting method aiming at scene character recognition

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190230099A1 (en) * 2018-01-19 2019-07-25 General Electric Company Learning method and system for separating independent and dependent attacks
CN109948658A (en) * 2019-02-25 2019-06-28 浙江工业大学 The confrontation attack defense method of Feature Oriented figure attention mechanism and application
CN110210573A (en) * 2019-06-11 2019-09-06 腾讯科技(深圳)有限公司 Fight generation method, device, terminal and the storage medium of image
CN110334808A (en) * 2019-06-12 2019-10-15 武汉大学 A kind of confrontation attack defense method based on confrontation sample training
CN110334749A (en) * 2019-06-20 2019-10-15 浙江工业大学 Confrontation attack defending model, construction method and application based on attention mechanism
CN112836798A (en) * 2021-01-29 2021-05-25 华中科技大学 Non-directional white-box attack resisting method aiming at scene character recognition

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
AISHAN LIU等: "Adversarial Attacks for Embodied Agents", 《HTTP://WWW.ARXIV.ORG》 *
张嘉楠等: "深度学习的对抗攻击方法综述", 《网络空间安全》 *
易平等: "人工智能对抗攻击研究综述", 《上海交通大学学报》 *
李宇翔等: "基于HLA攻防对抗仿真中三维视景设计与实现", 《系统仿真学报》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112434791A (en) * 2020-11-13 2021-03-02 北京圣涛平试验工程技术研究院有限责任公司 Multi-agent strong countermeasure simulation method and device and electronic equipment
CN114492059A (en) * 2022-02-07 2022-05-13 清华大学 Multi-agent confrontation scene situation assessment method and device based on field energy
CN114492059B (en) * 2022-02-07 2023-02-28 清华大学 Multi-agent confrontation scene situation assessment method and device based on field energy

Also Published As

Publication number Publication date
CN111767786B (en) 2023-01-24
CN115063790A (en) 2022-09-16

Similar Documents

Publication Publication Date Title
CN110168477B (en) Deep learning system for cuboid detection
CN111563841A (en) High-resolution image generation method based on generation countermeasure network
CN110472627A (en) One kind SAR image recognition methods end to end, device and storage medium
CN111340214B (en) Method and device for training anti-attack model
JP6159489B2 (en) Face authentication method and system
CN111767786B (en) Anti-attack method and device based on three-dimensional dynamic interaction scene
Lan et al. A two-phase learning-based swarm optimizer for large-scale optimization
CN107871098A (en) Method and device for acquiring human face characteristic points
CN111819568A (en) Method and device for generating face rotation image
CN112949678A (en) Method, system, equipment and storage medium for generating confrontation sample of deep learning model
Cagnoni et al. Genetic and evolutionary computation for image processing and analysis
CN111862274A (en) Training method for generating confrontation network, and image style migration method and device
CN110084293A (en) A kind of determination method and apparatus in complete bright pattern house
CN109902723A (en) Image processing method and device
KR102440385B1 (en) Method and apparatus of recognizing motion pattern base on combination of multi-model
CN111311702B (en) Image generation and identification module and method based on BlockGAN
CN110111426A (en) A kind of determination method and apparatus in sound separate pattern house
CN112348285B (en) Crowd evacuation simulation method in dynamic environment based on deep reinforcement learning
CN113420289B (en) Hidden poisoning attack defense method and device for deep learning model
CN110837891B (en) Self-organizing mapping method and system based on SIMD (Single instruction multiple data) architecture
CN107239827A (en) A kind of spatial information learning method based on artificial neural network
CN116402676A (en) Modeling method, device, equipment and storage medium for game character skin
Abdi et al. An automatic graphic pattern generation algorithm and its application to the multipurpose camouflage pattern design
CN115238271A (en) AI security detection method based on generative learning
Zhu et al. Edge orientation-based multi-view object recognition

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant