CN114445663A - Method, apparatus and computer program product for detecting challenge samples - Google Patents
Method, apparatus and computer program product for detecting challenge samples Download PDFInfo
- Publication number
- CN114445663A CN114445663A CN202210087742.7A CN202210087742A CN114445663A CN 114445663 A CN114445663 A CN 114445663A CN 202210087742 A CN202210087742 A CN 202210087742A CN 114445663 A CN114445663 A CN 114445663A
- Authority
- CN
- China
- Prior art keywords
- target image
- image
- processed
- detection result
- sample
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
Landscapes
- Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Theoretical Computer Science (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Image Analysis (AREA)
Abstract
The disclosure provides a method, a device, electronic equipment, a storage medium and a computer program product for detecting a confrontation sample, relates to the technical field of artificial intelligence, in particular to computer vision, image recognition and deep learning technologies, and can be used in a confrontation sample detection scene. The specific implementation scheme is as follows: processing the acquired target image in multiple preset compression modes to obtain multiple processed images; inputting the target image and the plurality of processed images into a target model to obtain a plurality of output results; and determining whether the target image is a countermeasure sample according to the plurality of output results to obtain a detection result. The present disclosure improves the accuracy of the test results for challenge samples.
Description
Technical Field
The present disclosure relates to the field of artificial intelligence technologies, and in particular, to computer vision, image recognition, and deep learning technologies, and in particular, to a method, an apparatus, an electronic device, a storage medium, and a computer program product for detecting a countermeasure sample, which can be used in a countermeasure sample detection scenario.
Background
Image processing is an important application of artificial intelligence technology, and with the increasing popularization of image processing models based on neural network models, many attack algorithms for image recognition models appear in recent years. The identification result of the model to the sudden change can be interfered by adding a small disturbance to the original image, and the identification of human eyes to the image is not influenced. If the technology is used illegally, illegal contents can bypass the automatic inspection model to be issued, public events are caused, and bad social influence is caused. At present, the countercheck sample detection is generally carried out based on image feature filtering, and the detection accuracy rate is low.
Disclosure of Invention
The present disclosure provides a method, an apparatus, an electronic device, a storage medium, and a computer program product for detecting a challenge sample.
According to a first aspect, there is provided a method of detecting a challenge sample, comprising: processing the acquired target image in multiple preset compression modes to obtain multiple processed images; inputting the target image and the plurality of processed images into a target model to obtain a plurality of output results; and determining whether the target image is a confrontation sample or not according to the plurality of output results to obtain a detection result.
According to a second aspect, there is provided a device for detecting a challenge sample, comprising: a processing unit configured to process the acquired target image in a plurality of preset compression modes to obtain a plurality of processed images; an obtaining unit configured to input the target image and the plurality of processed images into a target model, resulting in a plurality of output results; and the determining unit is configured to determine whether the target image is a countermeasure sample according to the plurality of output results to obtain a detection result.
According to a third aspect, there is provided an electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described in any one of the implementations of the first aspect.
According to a fourth aspect, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform a method as described in any one of the implementations of the first aspect.
According to a fifth aspect, there is provided a computer program product comprising: computer program which, when being executed by a processor, carries out the method as described in any of the implementations of the first aspect.
According to the technology disclosed by the invention, the method for detecting the confrontation sample is provided, whether the target image is the confrontation sample or not is detected based on the output results of the target model on the processed image and the target image which are obtained by multiple preset compression modes, and the accuracy of the detection result is improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is an exemplary system architecture diagram in which one embodiment according to the present disclosure may be applied;
FIG. 2 is a flow diagram of one embodiment of a method of detecting an challenge sample according to the present disclosure;
fig. 3 is a schematic diagram of an application scenario of the method of detecting a challenge sample according to the present embodiment;
FIG. 4 is a flow chart of yet another embodiment of a method of detecting an challenge sample according to the present disclosure;
FIG. 5 is a block diagram of one embodiment of an apparatus for detecting challenge samples according to the present disclosure;
FIG. 6 is a schematic block diagram of a computer system suitable for use in implementing embodiments of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations and do not violate the good customs of the public order.
Fig. 1 illustrates an exemplary architecture 100 to which the method and apparatus of detecting challenge samples of the present disclosure may be applied.
As shown in fig. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The communication connections between the terminal devices 101, 102, 103 form a topological network and the network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The terminal devices 101, 102, 103 may be hardware devices or software that support network connections for data interaction and data processing. When the terminal devices 101, 102, and 103 are hardware, they may be various electronic devices supporting network connection, information acquisition, interaction, display, processing, and the like, including but not limited to smart phones, tablet computers, electronic book readers, laptop portable computers, desktop computers, and the like. When the terminal apparatuses 101, 102, 103 are software, they can be installed in the electronic apparatuses listed above. It may be implemented, for example, as multiple software or software modules to provide distributed services, or as a single software or software module. And is not particularly limited herein.
The server 105 may be a server that provides various services, for example, a background processing server that detects whether the target image is a countermeasure sample based on output results of the target model for the processed image and the target image obtained by the plurality of preset compression methods according to an operation instruction of the terminal devices 101, 102, 103. As an example, the server 105 may be a cloud server.
The server may be hardware or software. When the server is hardware, it may be implemented as a distributed server cluster formed by multiple servers, or may be implemented as a single server. When the server is software, it may be implemented as multiple pieces of software or software modules (e.g., software or software modules used to provide distributed services), or as a single piece of software or software module. And is not particularly limited herein.
It should be further noted that the method for detecting the countermeasure sample provided by the embodiment of the disclosure may be executed by the server, the terminal device, or both the server and the terminal device. Accordingly, each part (for example, each unit) included in the apparatus for detecting a challenge sample may be entirely provided in the server, may be entirely provided in the terminal device, and may be provided in the server and the terminal device, respectively.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation. The system architecture may include only the electronic device (e.g., server or terminal device) on which the method of detecting the challenge sample is run, when the electronic device on which the method of detecting the challenge sample is run does not require data transfer with other electronic devices.
Referring to fig. 2, fig. 2 is a flowchart of a method for detecting a challenge sample according to an embodiment of the disclosure, wherein the process 200 includes the following steps:
In this embodiment, an execution subject (for example, a terminal device or a server in fig. 1) of the method for detecting the countermeasure sample may obtain the target image from a remote location or a local location based on a wired network connection manner or a wireless network connection manner, and process the obtained target image through a plurality of preset compression manners to obtain a plurality of processed images.
In this embodiment, the target image is an image to be detected whether it is a challenge sample. The countermeasure sample is data that adds perturbation information to the original image, so that the target model that processes the countermeasure sample outputs an erroneous result. Specifically, there is a substantial difference or complete reversal between the output results obtained by the target model based on the original image and the output results generated based on the challenge samples.
As an example, the target model is a cat based on the classification result of the original image, and a dog based on the classification result of the challenge sample from the original image.
Perturbation information is information that is small, even difficult to observe by the naked eye, but is intended to cause the target model to produce erroneous output results. As an example, the disturbance information may be noise added in the target image.
The target model is a neural network model which has processing and analyzing capabilities on image data and obtains a corresponding output result, and the target model includes but is not limited to a convolutional neural network, a cyclic convolutional neural network, a residual error network and the like. As an example, the target model may be a target object recognition model, a classification model, a target object tracking model. In a specific application field, the target recognition model may be, for example, an obstacle detection model in the field of unmanned driving or assisted driving, a target person recognition model in the field of intelligent monitoring, a human face identification model, or the like.
The preset compression modes may include any compression modes that reduce the data amount of the image data in some aspect, including but not limited to denoising, filtering, compressing, and the like. For each preset compression mode in the multiple preset compression modes, the execution main body processes the target image through the preset compression mode to obtain a corresponding processed image, so as to obtain a plurality of processed images.
Because the disturbance information in the confrontation sample is usually small, the disturbance information can be filtered out by compression filtering of the image. Therefore, after the anti-samples are compressed and filtered once, the output result of the target model on the malicious anti-samples may be greatly changed, and the display effect of the target image is not greatly influenced by a certain degree of compression. The target image is processed in multiple preset compression modes, so that the disturbance information in the target image can be filtered (when the target image resists the sample), and the detection effect is improved.
In some optional implementations of this embodiment, the executing main body may execute the step 201 as follows:
firstly, Gaussian filtering is carried out on a target image to obtain a first processed image.
Gaussian filtering is a linear smoothing filter suitable for removing gaussian noise in image data. Generally speaking, gaussian filtering is a process of performing weighted average on the whole target image. The value of each pixel point in the first processed image obtained after the Gaussian filtering is obtained by weighting and averaging the value of each pixel point and other pixel values in the neighborhood. The specific operation of gaussian filtering is: each pixel in the target image is scanned by a template (convolution or mask), and the weighted average gray value of the pixels in the neighborhood determined by the template is used for replacing the value of the central pixel point of the template to obtain a first processed image.
Secondly, median filtering is carried out on the target image to obtain a second processed image.
The median filtering is a non-linear smoothing technique, and the basic principle is to replace the value of one point in a target image with the median of each point value in a neighborhood of the point, so that the surrounding pixel values are close to the true values, and isolated noise points are eliminated. Specifically, a two-dimensional sliding template having a certain structure is used to sort the template pixels by the size of the pixel value, thereby generating a two-dimensional data sequence that monotonically increases (or decreases). The median filtered output is determined by the following equation:
g(x,y)=med{f(x-k,y-l),(k,l∈W)}
wherein f (x, y) and g (x, y) are respectively an original image and a second processed image. W is a two-dimensional sliding template, typically a 3 × 33, 5 × 35 area, and may also be a different shape, such as a line, circle, cross, circle, etc.
And thirdly, compressing the target image based on the first compression mode to obtain a third processed image.
In this embodiment, the first compression method may be any compression method. As an example, the first compression method is a JPEG (Joint3Photographic3 Experts3 Group) compression method. The method mainly adopts a joint coding mode of DPCM (Differential3 Pulse3 Code3 Modulation3, Differential Pulse Code Modulation), DCT (Discrete3 Code3 Transform) and entropy coding to remove redundant images and color data in a target image, and belongs to a lossy compression format.
In this implementation manner, the execution main body may perform compression based on a preset compression ratio to obtain a third processed image. The preset compression ratio may be specifically set according to actual conditions, and is not limited herein.
And fourthly, compressing the target image based on the second compression mode to obtain a fourth processed image.
In this embodiment, the second compression method may be any compression method. As an example, the second compression method may be a DCT (Discrete3 Cosine3 Transform) compression method.
Fifthly, pixel shifting is carried out on the target image to obtain a fifth processed image.
The pixel shift is to move a part or all of the pixels of the target image to different directions by a proper distance to eliminate misregistration in the subtraction image caused by the movement, thereby removing artifacts to obtain a fifth processed image.
Sixthly, bit length reduction is carried out on the target image to obtain a sixth processed image.
The bit length of the target image may be 4bit, 8bit, 243bit, for example. By reducing the bit length of the target image, a sixth processed image can be obtained.
As an example, the execution subject described above may reduce the bit length of the target image based on a preset reduction ratio. The preset reduction ratio may be specifically set according to actual conditions, and is not limited herein.
And seventhly, combining the first processed image to the sixth processed image to obtain a plurality of processed images.
Specifically, the first processed image, the second processed image, the third processed image, the fourth processed image, the fifth processed image, and the sixth processed image are used as the plurality of processed images.
The present embodiment is not limited to the above six types of the preset compression methods, and a wider variety of preset compression methods may be provided as needed.
In the implementation mode, a specific mode for processing the target image through multiple preset compression modes is provided, the comprehensiveness of data compression processing is improved, and the accuracy of the detection result is improved.
In this embodiment, the execution body may input the target image and the plurality of processed images into the target model to obtain a plurality of output results.
Specifically, for each of the target image and the plurality of processed images, the execution subject inputs the image into the target model, obtains an output result corresponding to the image, and obtains a plurality of output results.
As an example, the target model is an image classification model, and the executing entity inputs the target image and the plurality of processed images into the image classification model to obtain a plurality of image classification results.
And step 203, determining whether the target image is a countermeasure sample according to the output results to obtain a detection result.
In this embodiment, the execution subject may determine whether the target image is a countermeasure sample according to a plurality of output results, so as to obtain a detection result.
As an example, when there is an output result different from the target image corresponding output result among the output results corresponding to the plurality of processed images, the target image is determined to be a countermeasure sample; and when the output results are consistent, determining that the target image is not the confrontation sample.
As yet another example, the execution subject may set a number threshold, and when a target number of output results different from the target image corresponding output result among the output results corresponding to the plurality of processed images exceeds the number threshold, determine that the target image is a countermeasure sample; otherwise, the target image is determined not to be a challenge sample. It will be appreciated that when the number of targets exceeds the number threshold, this indicates that the target image has a high likelihood of being a challenge sample.
In some optional implementations of this embodiment, the executing main body may execute the step 203 by:
first, a preset parameter value characterizing a discrepancy between a plurality of output results is determined.
The predetermined parameter value may be any parameter value that characterizes a degree of discrepancy between the plurality of output results. As an example, the preset parameter value is a standard deviation of the plurality of output results.
Then, in response to determining that the preset parameter value is larger than the preset threshold value, determining the target image as a countermeasure sample, and obtaining a detection result.
In this implementation manner, the preset threshold may be specifically set according to an actual situation, and is not limited herein. And when the preset parameter value is determined to be larger than the preset threshold value, obtaining a detection result representing that the target image is the countermeasure sample.
In the implementation mode, whether the target image is the countermeasure sample or not is detected by representing the preset parameter values of the differences among the output results, and the accuracy of the obtained detection result is improved.
In some optional implementations of this embodiment, the executing main body may further execute the step 203 by: and in response to determining that the preset parameter value is not larger than the preset threshold value, determining that the target image is not the countermeasure sample, and obtaining a detection result.
In the implementation mode, when the preset parameter value is not greater than the preset threshold value, the detection result that the representation target image is not the countermeasure sample is obtained, and the comprehensiveness of the detection result is further improved.
With continued reference to fig. 3, fig. 3 is a schematic diagram 300 of an application scenario of the method of detecting a challenge sample according to the present embodiment. In the application scenario of fig. 3, the server first retrieves the target image from the database. The acquired target image 301 is then processed in a plurality of preset compression modes resulting in a plurality of processed images 302, 303, 304. Further, the target image 301 and the plurality of processed images 302, 303, and 304 are input to the target model, and a plurality of output results 305, 306, 307, and 308 are obtained. Finally, whether the target image is a countermeasure sample is determined according to the plurality of output results 305, 306, 307 and 308, and a detection result is obtained.
In this embodiment, a method for detecting a countermeasure sample is provided, where whether a target image is a countermeasure sample is detected based on an output result of a target model between a processed image obtained by multiple preset compression methods and the target image, and accuracy of the detection result is improved.
In some optional implementations of this embodiment, the execution main body may further perform the following operations:
and responding to the fact that the detection result represents that the target image is the countermeasure sample, alarming based on a preset mode, and recalling the target image.
The preset mode may generate and display the alarm information in a text, sound, or other mode, for example.
As an example, in the field of automatic driving, a driving strategy needs to be determined according to a target image acquired by a vehicle-end device, and when the target image is determined to be a countermeasure sample, the target image is recalled, so that the target image cannot be applied to a decision making process, and safety of automatic driving is ensured.
In the implementation mode, the safety of image processing is improved through the alarm recall operation on the countermeasure sample.
With continued reference to FIG. 4, a schematic flow chart 400 of yet another embodiment of a method of detecting a challenge sample in accordance with the present application is shown, including the steps of:
The predetermined compression method includes, but is not limited to, gaussian filtering, median filtering, JPEG compression, DCT compression, pixel shifting, and bit length reduction.
In step 403, a predetermined parameter value characterizing the difference between the plurality of output results is determined.
In response to determining that the preset parameter value is greater than the preset threshold value, determining that the target image is a countermeasure sample, and obtaining a detection result, step 404.
And step 406, in response to the fact that the detection result represents that the target image is the countermeasure sample, alarming is conducted based on a preset mode, and the target image is recalled.
As can be seen from this embodiment, compared with the embodiment corresponding to fig. 2, the flow 400 of the method for detecting a challenge sample in this embodiment specifically describes a determination process of a detection result and a processing process based on the detection result, so as to further improve the accuracy and the practicability of the detection result.
With continuing reference to FIG. 5, as an implementation of the methods illustrated in the above figures, the present disclosure provides one embodiment of an apparatus for detecting challenge samples, which corresponds to the method embodiment illustrated in FIG. 2, and which may be particularly applicable in various electronic devices.
As shown in fig. 5, the apparatus for detecting a challenge sample comprises: a processing unit 501 configured to process the acquired target image in multiple preset compression manners to obtain multiple processed images; a deriving unit 502 configured to input the target image and the plurality of processed images into the target model, resulting in a plurality of output results; a determining unit 503 configured to determine whether the target image is a countermeasure sample according to the plurality of output results, resulting in a detection result.
In some optional implementations of this embodiment, the processing unit 501 is further configured to: performing Gaussian filtering on the target image to obtain a first processed image; performing median filtering on the target image to obtain a second processed image; compressing the target image based on the first compression mode to obtain a third processed image; compressing the target image based on a second compression mode to obtain a fourth processed image; performing pixel offset on the target image to obtain a fifth processed image; reducing the bit length of the target image to obtain a sixth processed image; and combining the first processed image to the sixth processed image to obtain a plurality of processed images.
In some optional implementations of this embodiment, the determining unit 503 is further configured to: determining preset parameter values representing differences among a plurality of output results; and in response to the fact that the preset parameter value is larger than the preset threshold value, determining the target image as a countermeasure sample, and obtaining a detection result.
In some optional implementations of this embodiment, the determining unit 503 is further configured to: and in response to determining that the preset parameter value is not larger than the preset threshold value, determining that the target image is not the countermeasure sample, and obtaining a detection result.
In some optional implementations of this embodiment, the apparatus further includes: and an alarm recall unit (not shown in the figure) configured to respond to the detection result to characterize the target image as the confrontation sample, alarm based on a preset mode and recall the target image.
In this embodiment, a device for detecting a countermeasure sample is provided, where whether a target image is a countermeasure sample is detected based on an output result of a target model between a processed image obtained by multiple preset compression methods and the target image, and accuracy of the detection result is improved.
According to an embodiment of the present disclosure, the present disclosure also provides an electronic device including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method of detecting challenge samples described in any of the above embodiments.
According to an embodiment of the present disclosure, there is also provided a readable storage medium storing computer instructions for enabling a computer to implement the method for detecting an antagonistic sample described in any of the above embodiments when executed.
The embodiments of the present disclosure provide a computer program product, which when executed by a processor is capable of implementing the method for detecting an antagonistic sample described in any of the embodiments above.
FIG. 6 illustrates a schematic block diagram of an example electronic device 600 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 6, the device 600 comprises a computing unit 601, which may perform various suitable actions and processes according to a computer program stored in a Read Only Memory (ROM)602 or loaded from a storage unit 608 into a Random Access Memory (RAM) 603. In the RAM3603, various programs and data required for operation of the device 600 may also be stored. The computing unit 601, the ROM3602, and the RAM3603 are connected to each other through a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
A number of components in the device 600 are connected to the I/O interface 605, including: an input unit 606 such as a keyboard, a mouse, or the like; an output unit 607 such as various types of displays, speakers, and the like; a storage unit 608, such as a magnetic disk, optical disk, or the like; and a communication unit 609 such as a network card, modem, wireless communication transceiver, etc. The communication unit 609 allows the device 600 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The computing unit 601 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of the computing unit 601 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The calculation unit 601 performs the respective methods and processes described above, such as the method of detecting a challenge sample. For example, in some embodiments, the method of detecting an antagonistic sample can be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 608. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 600 via the ROM3602 and/or the communication unit 609. When the computer program is loaded into RAM3603 and executed by the computing unit 601, one or more steps of the method of detecting challenge samples described above may be performed. Alternatively, in other embodiments, the calculation unit 601 may be configured by any other suitable means (e.g. by means of firmware) to perform the method of detecting the challenge sample.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The Server can be a cloud Server, also called a cloud computing Server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of large management difficulty and weak service expansibility existing in the traditional physical host and Virtual Private Server (VPS) service; it may also be a server of a distributed system, or a server incorporating a blockchain.
According to the technical scheme of the embodiment of the disclosure, the method for detecting the confrontation sample is provided, whether the target image is the confrontation sample or not is detected based on the output results of the target model on the processed image and the target image obtained by multiple preset compression modes, and the accuracy of the detection result is improved.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in this disclosure may be performed in parallel, sequentially, or in a different order, as long as the desired results of the technical solutions provided by this disclosure can be achieved, and are not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (13)
1. A method of detecting a challenge sample, comprising:
processing the acquired target image in multiple preset compression modes to obtain multiple processed images;
inputting the target image and the processed images into a target model to obtain a plurality of output results;
and determining whether the target image is a countermeasure sample or not according to the output results to obtain a detection result.
2. The method of claim 1, wherein the processing the acquired target image by a plurality of preset compression modes to obtain a plurality of processed images comprises:
performing Gaussian filtering on the target image to obtain a first processed image;
performing median filtering on the target image to obtain a second processed image;
compressing the target image based on a first compression mode to obtain a third processed image;
compressing the target image based on a second compression mode to obtain a fourth processed image;
performing pixel offset on the target image to obtain a fifth processed image;
reducing the bit length of the target image to obtain a sixth processed image;
and combining the first processed image to the sixth processed image to obtain the plurality of processed images.
3. The method of claim 1, wherein said determining whether the target image is a challenge sample from the plurality of output results, resulting in a detection result, comprises:
determining preset parameter values characterizing differences between the plurality of output results;
and in response to the fact that the preset parameter value is larger than the preset threshold value, determining the target image as a countermeasure sample, and obtaining a detection result.
4. The method of claim 3, wherein the determining whether the target image is a challenge sample from the plurality of output results, resulting in a detection result, further comprises:
and in response to determining that the preset parameter value is not larger than the preset threshold value, determining that the target image is not a confrontation sample, and obtaining a detection result.
5. The method of claim 1, further comprising:
and responding to the fact that the detection result represents that the target image is a countermeasure sample, alarming based on a preset mode, and recalling the target image.
6. An apparatus for detecting challenge samples, comprising:
a processing unit configured to process the acquired target image in a plurality of preset compression modes to obtain a plurality of processed images;
a deriving unit configured to input the target image and the plurality of processed images into a target model, resulting in a plurality of output results;
and the determining unit is configured to determine whether the target image is a countermeasure sample or not according to the plurality of output results to obtain a detection result.
7. The apparatus of claim 6, wherein the processing unit is further configured to:
performing Gaussian filtering on the target image to obtain a first processed image; performing median filtering on the target image to obtain a second processed image; compressing the target image based on a first compression mode to obtain a third processed image; compressing the target image based on a second compression mode to obtain a fourth processed image; performing pixel offset on the target image to obtain a fifth processed image; reducing the bit length of the target image to obtain a sixth processed image; and combining the first processed image to the sixth processed image to obtain the plurality of processed images.
8. The apparatus of claim 6, wherein the determining unit is further configured to:
determining preset parameter values characterizing differences between the plurality of output results; and in response to the fact that the preset parameter value is larger than the preset threshold value, determining that the target image is a confrontation sample, and obtaining a detection result.
9. The apparatus of claim 8, wherein the determining unit is further configured to:
and in response to determining that the preset parameter value is not larger than the preset threshold value, determining that the target image is not a confrontation sample, and obtaining a detection result.
10. The apparatus of claim 6, further comprising:
and the alarm recall unit is configured to respond to the fact that the detection result represents that the target image is the confrontation sample, alarm based on a preset mode and recall the target image.
11. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
12. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-7.
13. A computer program product, comprising: computer program which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210087742.7A CN114445663A (en) | 2022-01-25 | 2022-01-25 | Method, apparatus and computer program product for detecting challenge samples |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210087742.7A CN114445663A (en) | 2022-01-25 | 2022-01-25 | Method, apparatus and computer program product for detecting challenge samples |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114445663A true CN114445663A (en) | 2022-05-06 |
Family
ID=81370236
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210087742.7A Pending CN114445663A (en) | 2022-01-25 | 2022-01-25 | Method, apparatus and computer program product for detecting challenge samples |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114445663A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114882312A (en) * | 2022-05-13 | 2022-08-09 | 北京百度网讯科技有限公司 | Method and device for generating confrontation image sample, electronic equipment and storage medium |
| CN115330579A (en) * | 2022-08-03 | 2022-11-11 | 北京百度网讯科技有限公司 | Model watermark construction method, device, equipment and storage medium |
-
2022
- 2022-01-25 CN CN202210087742.7A patent/CN114445663A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114882312A (en) * | 2022-05-13 | 2022-08-09 | 北京百度网讯科技有限公司 | Method and device for generating confrontation image sample, electronic equipment and storage medium |
| CN115330579A (en) * | 2022-08-03 | 2022-11-11 | 北京百度网讯科技有限公司 | Model watermark construction method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113705425B (en) | Training method of living body detection model, and method, device and equipment for living body detection | |
| CN112949767B (en) | Sample image increment, image detection model training and image detection method | |
| CN113436100B (en) | Method, apparatus, device, medium, and article for repairing video | |
| CN114445663A (en) | Method, apparatus and computer program product for detecting challenge samples | |
| CN112989995B (en) | Text detection method and device and electronic equipment | |
| CN113869449A (en) | Model training method, image processing method, device, equipment and storage medium | |
| CN113033566A (en) | Model training method, recognition method, device, storage medium, and program product | |
| CN113591566A (en) | Training method and device of image recognition model, electronic equipment and storage medium | |
| CN113643260A (en) | Method, apparatus, device, medium and product for detecting image quality | |
| CN112989987A (en) | Method, apparatus, device and storage medium for identifying crowd behavior | |
| CN113627361B (en) | Training method and device for face recognition model and computer program product | |
| CN114120454A (en) | Training method and device of living body detection model, electronic equipment and storage medium | |
| CN117746125A (en) | Training method and device of image processing model and electronic equipment | |
| CN114724144B (en) | Text recognition method, training device, training equipment and training medium for model | |
| CN114973333B (en) | Character interaction detection method, device, equipment and storage medium | |
| CN113361455B (en) | Training method of face counterfeit identification model, related device and computer program product | |
| CN113139483B (en) | Human behavior recognition method, device, apparatus, storage medium, and program product | |
| CN114943995A (en) | Training method of face recognition model, face recognition method and device | |
| CN115116111A (en) | Anti-disturbance human face living body detection model training method and device and electronic equipment | |
| CN114581711A (en) | Target object detection method, apparatus, device, storage medium, and program product | |
| CN114580548A (en) | Training method of target detection model, target detection method and device | |
| CN114049518A (en) | Image classification method and device, electronic equipment and storage medium | |
| CN113989152A (en) | Image enhancement method, device, equipment and storage medium | |
| CN114078274A (en) | Face image detection method and device, electronic equipment and storage medium | |
| CN113947195A (en) | Model determination method and device, electronic equipment and memory |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |