CN114781600A - Generation method of countermeasure sample and defense method of countermeasure sample - Google Patents

Generation method of countermeasure sample and defense method of countermeasure sample Download PDF

Info

Publication number
CN114781600A
CN114781600A CN202210357576.8A CN202210357576A CN114781600A CN 114781600 A CN114781600 A CN 114781600A CN 202210357576 A CN202210357576 A CN 202210357576A CN 114781600 A CN114781600 A CN 114781600A
Authority
CN
China
Prior art keywords
sample
vibration signal
value
updated
data processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210357576.8A
Other languages
Chinese (zh)
Inventor
陈佳豪
严迪群
郑文强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ningbo University
Original Assignee
Ningbo University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ningbo University filed Critical Ningbo University
Priority to CN202210357576.8A priority Critical patent/CN114781600A/en
Publication of CN114781600A publication Critical patent/CN114781600A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent

Abstract

The invention relates to a generation method of a confrontation sample, which comprises the following steps: step 1, preprocessing an original vibration signal sample to obtain a preprocessed sample xt(ii) a Step 2, sample xtInputting the loss function into a target network f, and calculating a loss function; the initial value of t is 0; step 3, calculating the updated sample xt+1(ii) a Step 4, updating the sample xt+1Measuring to obtain the sample xt+1The result of the measurement of (2); step 5, judging whether the metric result in the step 4 is larger than a preset metric threshold value, if so, judging that x is larger than the preset metric threshold valuet+1As xtThe confrontation sample of (1), end; if not, the value t is updated after adding 1 to the value t, and the step 2 is carried out. A method of defending against a sample is also disclosed. The invention has the advantages that: the confrontation sample constructed in the invention can deceive a target network with higher success rate, ensure the quality of the constructed vibration signal confrontation sample and prevent mechanical failureThe robustness research of the barrier diagnosis system has a promoting effect.

Description

Generation method of countermeasure sample and defense method of countermeasure sample
Technical Field
The invention relates to the field of mechanical fault diagnosis, in particular to a countermeasure sample generation method and a countermeasure sample defense method.
Background
With the rapid development of heavy industry and aerospace industry, the diagnosis of mechanical faults is more and more important for ensuring the safe operation and production of equipment. Aiming at the problem that the traditional fault diagnosis method is difficult to solve the uncertainty of manual extraction, a large number of deep learning feature extraction methods are provided, and the development of mechanical fault diagnosis is greatly promoted, wherein the current mainstream method is based on the convolutional neural network for diagnosis. The mechanical fault diagnosis system records the vibration signals of the machine and inputs the vibration signals into the trained diagnosis system to obtain the current state of the mechanical equipment, so that the fault position is located. However, most of the existing mechanical fault diagnosis systems are based on deep learning methods, and under ideal conditions, very high identification accuracy can be achieved. Although the mechanical fault diagnosis method based on the neural network has advanced greatly, the existing diagnosis methods have poor robustness, and the identification accuracy is easily affected by disturbance from the outside, thereby causing identification errors.
For this purpose, confrontation samples need to be generated to perform robustness evaluation on the current model, and the robustness of the model can also be enhanced through confrontation training. The confrontation sample is a sample which is intentionally added with slight disturbance by an attacker, and the main purpose of the confrontation sample is to cause the performance of the deep neural network to be invalid and even induce the deep learning network to make judgment specified by the attacker. The challenge sample should have the property of being identical to its corresponding normal sample, but disabling the deep neural network, in human perception.
However, most of the existing generation technologies of confrontation samples are directed to the directions of images, voices and the like, and for example, chinese patent application No. CN202111390854.1 (application publication No. CN114049537A) discloses a confrontation sample defense method based on a convolutional neural network. In the generation of antagonistic samples of the vibration signal, targeted methods are yet to be explored. In addition, for the image and the audio, the disturbance in the image can be seen by human eyes, the disturbance in the audio can be heard by human ears, and the distortion measurement method of the image and the audio is usually judged by adopting a signal-to-noise ratio (SNR) so as to ensure that the disturbance is not easily perceived as much as possible. However, since the vibration signal is complex, the disturbance cannot be directly recognized by human eyes or human ears, and thus the conventional distortion measurement method against the sample is not suitable for the vibration signal. Further improvements are needed for this purpose.
Disclosure of Invention
The first technical problem to be solved by the present invention is to provide a method for generating a countermeasure sample for a vibration signal, which is suitable for generating a countermeasure sample for a vibration signal to improve the robustness of a mechanical failure diagnosis model.
The second technical problem to be solved by the present invention is to provide a defense method for the countermeasure sample generated by the above method in view of the above prior art.
The technical scheme adopted by the invention for solving the first technical problem is as follows: a method of generating challenge samples for adding a perturbation to a vibration signal, comprising: the method comprises the following steps:
step 1, preprocessing an original vibration signal sample to obtain a preprocessed sample xt(ii) a The sample xtThe sampling sequence of (a) is in turn: x is the number oft(1)、xt(2)、…xt(n)…xt(N); n belongs to {1, 2 … N }; n is sample xtThe total number of sampling sequences of (a);
step 2, the sample xtInputting the calculated loss function into a target network f
Figure BDA0003582557320000029
the initial value of t is 0;
step 3, calculating the updated sample xt+1(ii) a Sampling sequence points x according to the following formulat(n) updating to obtain updated sampling sequence point xt+1(n);
Figure BDA0003582557320000021
Wherein alpha is a preset threshold value, and alpha is more than 0 and less than 1;
Figure BDA0003582557320000022
as a function of the loss
Figure BDA0003582557320000023
Finding the sampling sequence point xtA gradient of (n);
Figure BDA0003582557320000024
to calculate
Figure BDA0003582557320000025
The sign function of (a);
Figure BDA0003582557320000026
Figure BDA0003582557320000027
the updated sampling sequence point x is obtained by sequentially changing N to 1 and 2 … Nt+1(1)、xt+1(2)、…xt+1(N), namely obtaining an updated sample xt+1
Step 4, updating the sample xt+1Measuring to obtain the sample xt+1The result of the measurement of (2);
the method specifically comprises the following steps: using sliding window to convert sample xt+1Is divided into a plurality of segments of equal length, the metric result of each segment is calculated by the following calculation formula, and the average value of the metric results of each segment is taken as the sample xt+1The measurement result of (2);
the measurement result cost(s) of a certain segment is calculated by the formula:
Figure BDA0003582557320000028
wherein mean () is a function of the calculated mean; s is the length of each fragment; s is the starting position of a certain segment; | x0(k)|2To calculate x0(k) The square of the absolute value of; | xt+1(k)-x0(k)|2To calculate xt+1(k)-x0(k) The square of the absolute value of;
step 5, judging whether the metric result in the step 4 is larger than a preset metric threshold value, if so, judging that x is larger than the preset metric threshold valuet+1As xtThe confrontation sample of (1), end; if not, the value t is updated after adding 1 to the value t, and the step 2 is carried out.
As an improvement, the step 1 is to perform preprocessing on the original vibration signal sample, specifically:
normalizing each sample sequence data in the original vibration signal sample to [0,1 ]; the normalized calculation formula is:
Figure BDA0003582557320000031
where x is sample sequence data, and k (x) is a value normalized by the sample sequence x.
Preferably, the target network f in step 2 is a neural network. The neural network can be a convolutional neural network, a deep neural network and the like which are common in the prior art.
The technical solution adopted by the present invention to solve the second technical problem is as follows: a countermeasure sample defense method for defending against a vibration signal countermeasure sample generated by the countermeasure sample generation method, characterized in that: the method comprises the following steps:
step a, preprocessing an acquired vibration signal sample;
b, adding a data processing layer between different neural network layers in the target network f used in the generation of the confrontation sample to construct a defense network;
the calculation formula of the data processing layer is as follows:
Figure BDA0003582557320000032
wherein, yiFor the input of data-processing layersOut, xiGamma and delta are parameters to be learned for the input of the data processing layer;
Figure BDA0003582557320000033
m is the total number of data input into the data processing layer in each batch; epsilon is a preset constant;
and c, training the constructed defense network by using the plurality of preprocessed vibration signal samples in the step a to obtain the trained defense network.
In this embodiment, the preprocessing in step a is specifically to normalize the acquired vibration signal samples to [0,1 ].
Compared with the prior art, the invention has the advantages that: the confrontation sample constructed in the invention can deceive a target network with a higher success rate, and ensures the quality of the constructed vibration signal confrontation sample, and in addition, the invention has a promoting effect on the robustness research of a mechanical fault diagnosis system. In addition, the invention provides a simple but very effective defense method aiming at the attack method, and the defense method improves the robustness of the model by adding a data processing layer in the target network, thereby improving the defense capability of the target network, greatly reducing the attack success rate of resisting the attack and simultaneously accelerating the convergence speed of the target network during training.
Drawings
FIG. 1 is a schematic block diagram of a method for generating a challenge sample according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a defense network in an embodiment of the invention.
Detailed Description
The invention is described in further detail below with reference to the following examples of the drawings.
The vibration signal is acquired by collecting the mechanical equipment, and the mechanical fault diagnosis result is generally obtained by analyzing the vibration signal.
As shown in fig. 1, the method for generating a challenge sample in this embodiment includes the following steps:
step 1, preprocessing an original vibration signal sample to obtain a preprocessed sample xt(ii) a The sample xtThe sampling sequence of (a) is in turn: x is the number oft(1)、xt(2)、…xt(n)…xt(N); n belongs to {1, 2 … N }; n is sample xtThe total number of sampling sequences of (a); x is a radical of a fluorine atomt(1)、xt(2)、xt(n)、xt(N) are respectively a sample xtThe 1 st, 2 nd, nth and nth sample sequences;
in this embodiment, the pretreatment method specifically includes:
normalizing each sample sequence data in the original vibration signal sample to [0,1 ]; the normalized calculation formula is:
Figure BDA0003582557320000041
wherein x is sample sequence data, and k (x) is a numerical value after the sample sequence x is normalized;
in addition, the pretreatment also comprises conventional treatments such as noise reduction, noise removal and the like;
step 2, the sample xtInputting the calculated loss function into a target network f
Figure BDA0003582557320000042
the initial value of t is 0;
the target network f is a neural network, which may be a trained convolutional neural network, a deep neural network, a BP neural network, or a neural network that inputs a vibration signal in other prior art, and the specific composition of the neural network refers to the prior art and is not described herein again; for example: the BP neural network is involved in the gearbox fault diagnosis method based on the improved PSO-BP neural network disclosed in the patent number ZL 202110472851.6;
step 3, calculating the updated sample xt+1: sampling sequence points x according to the following formulat(n) updating to obtain updated sampling sequence point xt+1(n);
Figure BDA0003582557320000043
Wherein alpha is a preset threshold value, and alpha is more than 0 and less than 1;
Figure BDA0003582557320000044
as a function of the loss
Figure BDA0003582557320000045
Finding the sampling sequence point xt(n) a gradient;
Figure BDA0003582557320000046
to calculate
Figure BDA0003582557320000047
The sign function of (a);
Figure BDA0003582557320000051
Figure BDA0003582557320000052
the updated sampling sequence point x is obtained by sequentially changing N to 1 and 2 … Nt+1(1)、xt+1(2)、…xt+1(N), namely obtaining an updated sample xt+1
Step 4, updating the sample xt+1Measuring to obtain the sample xt+1The result of the measurement of (2);
the method comprises the following specific steps: using sliding window to convert sample xt+1Is divided into a plurality of segments of equal length, the measurement result of each segment is calculated by the following calculation formula, and the average value of the measurement results of all the segments is taken as the sample xt+1The measurement result of (2);
the measurement result cost(s) of a certain segment is calculated by the formula:
Figure BDA0003582557320000053
wherein mean () is a function of the calculated mean; s is the length of each fragment; s is the starting position of a certain segment; | x0(k)|2To calculate x0(k) Squared absolute value of; | xt+1(k)-x0(k)|2To calculate xt+1(k)-x0(k) Squared absolute value of;
for images and audio containing information that is directly understandable to humans, distortion measures include signal-to-noise ratios, and distances may ensure that the perturbations are as imperceptible as possible. However, since the vibration signal is complex, the conventional distortion measurement method against the sample is not applicable. Limiting the attack implementation under mechanical fault diagnostic conditions is how to add noise. In fact, noise may appear through the following forms: (i) mechanical movement of the motor; (ii) circuitry of a device within the system; (iii) malicious attacks from computer viruses to alter the original data; (iv) by physical attack by applying an external force to the sensor. For this reason, in the case of an attack, the attack cost can be understood as the external energy applied to the vibration source; therefore, the counterattack sample can be effectively evaluated and measured through the measurement calculation formula of the sample;
step 5, judging whether the metric result in the step 4 is larger than a preset metric threshold value, if so, judging xt+1As xtThe confrontation sample of (1), end; if not, the value t is updated after adding 1 to the value t, and the step 2 is carried out.
In order to defend the challenge sample of the vibration signal generated by the generation method of the challenge sample, the defense method of the challenge sample in the embodiment includes the following steps:
step a, preprocessing an acquired vibration signal sample;
wherein the preprocessing specifically comprises normalizing the collected vibration signal sample to [0,1 ];
b, adding a data processing layer between different neural network layers in the target network f used in the generation of the confrontation sample to construct a defense network; as shown in fig. 2, the data processing layer is disposed between any one of the fully connected layers or all of the fully connected layers;
the calculation formula of the data processing layer is as follows:
Figure BDA0003582557320000061
wherein, yiAs output of the data processing layer, xiGamma and delta are parameters to be learned for the input of the data processing layer;
Figure BDA0003582557320000062
m is the total number of data input into the data processing layer in each batch; epsilon is a preset constant;
however, a target network without this data processing layer loses robustness because the difference between the challenge sample and the original input is small and difficult to distinguish. Moreover, the instability in the confrontation training can be relieved by processing the data in the same way, and the confrontation training is helped to enhance the robustness of the model;
and c, training the constructed defense network by using the plurality of preprocessed vibration signal samples in the step a to obtain the trained defense network.
In the embodiment, a continuous vibration signal with a mechanical driving end sampling at 12kHz is adopted, and in order to facilitate training, data needs to be amplified firstly, in the embodiment, 2048 is adopted as a single sample length, and the step length is 28, so that the original vibration signal data is amplified to increase the data volume; after sampling, 1000 samples are respectively obtained for each type of mechanical state. Meanwhile, signal data needs to be normalized to [0,1] by adopting the normalization method in the step 1; and finally, randomly disordering the data and dividing the data set into a training set, a verification set and a test set according to the ratio of 6:2: 2. The constructed defense network can be trained and verified by using the samples in the training set and the verification set, and finally the defense network after training is tested by using the samples in the testing set.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the technical principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (5)

1. A method of generating challenge samples for adding a perturbation to a vibration signal, comprising: the method comprises the following steps:
step 1, preprocessing an original vibration signal sample to obtain a preprocessed sample xt(ii) a The sample xtThe sampling sequence of (a) is in turn: x is the number oft(1)、xt(2)、...xt(n)...xt(N); n belongs to {1, 2.. N }; n is sample xtThe total number of sampling sequences of (a);
step 2, the sample xtInputting the calculated loss function into a target network f
Figure FDA0003582557310000019
the initial value of t is 0;
step 3, calculating the updated sample xt+1: sampling sequence points x according to the following formulat(n) updating to obtain updated sampling sequence point xt+1(n);
Figure FDA0003582557310000011
Wherein alpha is a preset threshold value, and alpha is more than 0 and less than 1;
Figure FDA0003582557310000012
as a function of the loss
Figure FDA0003582557310000013
Finding the sample sequence point xt(n) a gradient;
Figure FDA0003582557310000014
to calculate
Figure FDA0003582557310000015
The sign function of (a);
Figure FDA0003582557310000016
Figure FDA0003582557310000017
sequentially changing N to 1 and 2t+1(1)、xt+1(2)、…xt+1(N), namely obtaining an updated sample xt+1
Step 4, updating the sample xt+1Measuring to obtain the sample xt+1The measurement result of (2);
the method specifically comprises the following steps: using sliding window to convert sample xt+1Is divided into a plurality of segments of equal length, the metric result of each segment is calculated by the following calculation formula, and the average value of the metric results of all segments is taken as the sample xt+1The result of the measurement of (2);
the measurement result cost(s) of a certain segment is calculated by the formula:
Figure FDA0003582557310000018
wherein mean () is a function of the calculated mean; s is the length of each fragment; s is the starting position of a certain fragment; | x0(k)|2To calculate x0(k) The square of the absolute value of; | xt+1(k)-x0(k)|2To calculate xt+1(k)-x0(k) The square of the absolute value of;
step 5, judging whether the metric result in the step 4 is larger than a preset metric threshold value, if so, judging xt+1As xtThe confrontation sample of (1), end; if not, the value t is updated after adding 1 to the value t, and the step 2 is carried out.
2. The method of generating a challenge sample according to claim 1, wherein: in the step 1, the original vibration signal sample is preprocessed, specifically:
normalizing each sample sequence data in the original vibration signal sample to [0,1 ]; the normalized calculation formula is:
Figure FDA0003582557310000021
where x is sample sequence data, and k (x) is a value normalized by the sample sequence x.
3. The method of generating a challenge sample according to claim 1, wherein: the target network f in the step 2 is a neural network.
4. A method for protecting a challenge sample produced by the method for producing a challenge sample according to any one of claims 1 to 3, comprising: the method comprises the following steps:
step a, preprocessing an acquired vibration signal sample;
b, adding a data processing layer between different neural network layers in the target network f used in the generation of the confrontation sample to construct a defense network;
the calculation formula of the data processing layer is as follows:
Figure FDA0003582557310000022
wherein, yiAs output of the data processing layer, xiGamma and delta are parameters to be learned for the input of the data processing layer;
Figure FDA0003582557310000023
m is the total number of data input into the data processing layer in each batch; epsilon is a preset constant;
and c, training the constructed defense network by using the plurality of preprocessed vibration signal samples in the step a to obtain the trained defense network.
5. The method of defending against a specimen according to claim 4, wherein: the preprocessing in the step a is specifically to normalize the collected vibration signal samples to [0,1 ].
CN202210357576.8A 2022-04-06 2022-04-06 Generation method of countermeasure sample and defense method of countermeasure sample Pending CN114781600A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210357576.8A CN114781600A (en) 2022-04-06 2022-04-06 Generation method of countermeasure sample and defense method of countermeasure sample

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210357576.8A CN114781600A (en) 2022-04-06 2022-04-06 Generation method of countermeasure sample and defense method of countermeasure sample

Publications (1)

Publication Number Publication Date
CN114781600A true CN114781600A (en) 2022-07-22

Family

ID=82426747

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210357576.8A Pending CN114781600A (en) 2022-04-06 2022-04-06 Generation method of countermeasure sample and defense method of countermeasure sample

Country Status (1)

Country Link
CN (1) CN114781600A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115481719A (en) * 2022-09-20 2022-12-16 宁波大学 Method for defending gradient-based attack countermeasure

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115481719A (en) * 2022-09-20 2022-12-16 宁波大学 Method for defending gradient-based attack countermeasure
CN115481719B (en) * 2022-09-20 2023-09-15 宁波大学 Method for defending against attack based on gradient

Similar Documents

Publication Publication Date Title
Li et al. Dynamical complexity detection in short-term physiological series using base-scale entropy
CN114781600A (en) Generation method of countermeasure sample and defense method of countermeasure sample
CN113705424A (en) Performance equipment fault diagnosis model construction method based on time convolution noise reduction network
CN112478975A (en) Elevator door fault detection method based on audio features
CN1949364A (en) System and method for testing identification degree of input speech signal
CN114900256B (en) Communication scene recognition method and device
CN109920447B (en) Recording fraud detection method based on adaptive filter amplitude phase characteristic extraction
CN113051628B (en) Chip side channel attack noise reduction preprocessing method based on residual error learning
CN113642417A (en) Improved wavelet algorithm-based denoising method for partial discharge signals of insulated overhead conductor
Yu et al. Sparse time–frequency representation for the transient signal based on low-rank and sparse decomposition
CN113365273B (en) Packet-level wireless equipment authentication method based on channel state information
CN113407425B (en) Internal user behavior detection method based on BiGAN and OTSU
CN115310477A (en) Pump equipment fault sound detection method and system based on fractal features and predator algorithm
CN115037437A (en) Side channel attack method and system based on deep learning by using SpecAugment technology
CN114186223A (en) System and method for improving measurements of an intrusion detection system by transforming one-dimensional measurements into a multi-dimensional image
CN107884188B (en) A kind of variable speed/varying load Fault Diagnosis of Roller Bearings based on mode conversion
CN115862636B (en) Internet man-machine verification method based on voice recognition technology
CN116415201B (en) Ship main power abnormality detection method based on deep concentric learning
CN114070601B (en) LDoS attack detection method based on EMDR-WE algorithm
Giot et al. A new protocol to evaluate the resistance of template update systems against zero-effort attacks
CN116386607A (en) Trigger reverse restoration method for voice recognition back door attack
CN114745187B (en) Internal network anomaly detection method and system based on POP flow matrix
Kou et al. Research on feature Optimization algorithm of Optical Fiber Sensor recognition system
CN108920959B (en) Webshell detection method based on Bayesian model optimization
CN115222062A (en) Machine learning model evaluation method for resisting attack based on time series prediction

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination