CN114862650B - Neural network watermark embedding method and verification method - Google Patents
Neural network watermark embedding method and verification method Download PDFInfo
- Publication number
- CN114862650B CN114862650B CN202210757151.6A CN202210757151A CN114862650B CN 114862650 B CN114862650 B CN 114862650B CN 202210757151 A CN202210757151 A CN 202210757151A CN 114862650 B CN114862650 B CN 114862650B
- Authority
- CN
- China
- Prior art keywords
- watermark
- layer
- neural network
- feature vector
- angle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T1/00—General purpose image data processing
- G06T1/0021—Image watermarking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Molecular Biology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Life Sciences & Earth Sciences (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Editing Of Facsimile Originals (AREA)
Abstract
The invention discloses a neural network watermark embedding method and a verification method, which are used for acquiring an original model and an image training set of a neural network to be embedded with a watermark; setting any layer of original model as watermark layerl wm At the watermark layerl wm Adding an original sub-layer to the watermark layerlAdditive sub-layers of identical structurelObtaining a neural network model added with a new structure; and training the neural network model added with the new structure by using the image training set and a preset forward propagation constraint condition to obtain the neural network model embedded with the watermark. The advantages are that: the invention does not use weight as a carrier, can effectively resist common attacks such as fine tuning, pruning and the like, and can control the relation between the characteristic vectors, so that the model precision can be greatly reduced due to the false watermark after the watermark is embedded, the model is invalid, and the model can be protected from being stolen while the ownership of the model is verified.
Description
Technical Field
The invention relates to a neural network watermark embedding method and a verification method, and belongs to the technical field of deep learning.
Background
With the development of deep learning, neural networks are widely used in the fields of automatic driving, image recognition, natural language processing, and the like due to their excellent learning capabilities. However, training an efficient neural network model requires engineers to have a lot of expertise, and consumes a lot of computing resources and time cost, and is highly susceptible to abuse and infringement once disclosed, so that the problem of copyright property of the neural network is widely concerned by scholars. The white-box digital watermarking method based on the internal information of the neural network generally utilizes the unique topological structure and fitting mode of the neural network to realize copyright protection by embedding the watermark into the weight.
At present, a white box protection method based on a neural network mainly includes: (1) the training process is constrained by adding regularization terms to adjust the weight distribution embedded watermark. For example, a regular term is added into a loss function to constrain a training process, so that the weight is continuously adjusted and then the watermark is embedded, and watermark information is extracted through a key projection matrix. (2) The distribution of different classes of activation values is adjusted during the training process to embed the watermark. For example, a watermark is embedded in the probability density distribution of the activation value of each layer, and different classes of pictures pass through the activation layer to obtain corresponding activation value distributions. The method for embedding the watermark has the advantages that the condition for triggering the watermark is dynamic and has good concealment, the picture set for triggering the watermark is complicated to construct, and the process is relatively complex. (3) The watermark is embedded by adding a structure in the model by associating the layer parameters with weights during training. For example, a passport layer structure is added between a convolutional layer and an activation layer of a convolutional neural network, so that the watermark, the weight and a scale factor and a deviation term of the layer are in strengthened association in a training process to embed the watermark.
In the white-box protection method based on the internal information of the neural network, the existence mode of the watermark is various, but the weight is used as a carrier. However, in common attacks such as fine tuning and pruning, the weights are easily modified, resulting in poor robustness of the current method. Even in extreme cases, when the weights are fully modified, the watermark will not be detectable and difficult to recover, resulting in a complete failure of the copyright protection process.
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the defects of the prior art and provide a neural network watermark embedding method and a verification method, wherein the correlation between the watermark and the weight is reduced by restricting a forward propagation rule in the embedding process, so that the watermark can effectively resist common attacks such as fine adjustment, pruning and the like and does not depend on a data set during verification.
In order to solve the above technical problem, the present invention provides a neural network watermark embedding method, including:
acquiring an original model of a neural network to be embedded with a watermark and an image training set;
setting any layer of original model as watermark layerl wm At the watermark layerl wm Adding an original sub-layer to the watermark layerlStructurally identical added sublayerslObtaining a neural network model added with a new structure;
training the neural network model added with the new structure by using an image training set and a preset forward propagation constraint condition to obtain a neural network model embedded with the watermark;
the forward propagation constraint is:
in the forward propagation process of training model, the watermark to be embeddedb,b∈{0,1} T Adding different constraint conditions to the feature vector groups at different positions as a basis; the set of feature vectors consists of original sub-layerslAnd adding a sublayerlThe output feature vector of the' same position is composed,Twhich represents the length of the watermark or watermarks,T≤Klength ofTIs watermarkbAnd a length ofKThe sets of feature vectors of (a) are in one-to-one correspondence in order, exceeding the length of the watermarkK-TThe group feature vector does not add constraints, where the value of K is the original sub-layerlAnd adding a sublayerlNumber of convolution kernels of.
Further, the constraint conditions are as follows:
when the watermark is 1, constraint is applied to make two output feature vectors in the group parallel in the same direction, and the expression is:
v k 1 = u k 1
v k 2 = u k 2
wherein the content of the first and second substances,v k 1 indicating the position of the original sub-layer after the constraint is appliedkThe output feature vector of (a) is,u k 1 indicating the position of the original sub-layer before applying the constraintkThe output feature vector of (a) is,v k 2 showing the position of the added sublayer after the application of the constraintkThe output feature vector of (a) is,u k 2 indicating the position of the added sublayer before applying the constraintkThe output feature vector of (a) is,k∈{1,2,…, K};
at a watermark of 0, a constraint is applied to make the two eigenvectors in the group orthogonal to each other, expressed as:
v k 1 = u k 1
further, the original sub-layerlAnd adding a sublayerlThe character vector of' input image is input into the watermark layerl wm The original sub-layer, the original sub-layerlAnd adding sublayerslAfter concat concatenation is performed on all image feature vectors output, the output image feature vectors are passed backward.
A neural network watermark verification method, comprising:
acquiring n verification pictures, and sequentially inputting the verification pictures into an embedded picture obtained by using a neural network watermark embedding methodObtaining the watermark layer in the neural network model of the watermarkl wm Including the original sub-layerlOutput feature vector ofv k 1 And adding sublayersl' s output feature vectorv k 2 ;
For each verification picture, selecting an original sub-layerlOutput feature vector ofv k 1 And adding a sublayerl' s output feature vectorv k 2 The feature vectors at the same position form a pair of feature vector groups, and a single picture can be obtainedKFor the feature vector group;
before selectionTFor the feature vector groups, calculating two output feature vectors in each pair of feature vector groupsv t 1 Andv t 2 angle of (2)
The length of a single picture isTAngle set ofangle,t∈{1,2,…, T};
The length is set to beTAngle set of single pictureangleThe angle binarization is carried out, and the watermark to be verified is extracted and obtainedb',b'∈{0,1} T ;
Using watermarks to be authenticatedb' with pre-acquired embedded watermarkbCalculating to obtain the error rate of a single verification picture;
and acquiring the error rate of the n verification pictures, calculating the error rate mean value of the n verification pictures, and verifying the ownership of the model when the error rate mean value is within a preset error rate threshold range.
Further, the length is set to be the length by utilizing a preset angle threshold valueTAngle set of single pictureangleThe angle binarization is carried out, and the watermark to be verified is extracted and obtainedb',b'∈{0,1} T The method comprises the following steps:
acquired angle setangle∈[0°,180°]Setting an angleThe degree threshold value is 90 degrees, and the watermark to be verified is obtained through calculation according to the following formulab',b'∈{0,1} T ,
Further, the calculation formula of the bit error rate is as follows:
in the formula, BER represents a bit error rate,b t "indicating the first place in the watermark to be verifiedtA watermark of a single bit of data,b t indicating embedding in watermarktA single bit watermark.
The invention achieves the following beneficial effects:
the invention does not take the weight as a carrier, can effectively resist common attacks such as fine tuning, pruning and the like, and can control the relation between the characteristic vectors, so that the model precision can be greatly reduced due to the forged watermark after the watermark is embedded, the model is invalid, and the model can be protected from being stolen while the ownership of the model is verified.
Drawings
Fig. 1 is a schematic diagram of an adding structure taking Lenet-5 as an example in the implementation process of watermark embedding;
fig. 2 is an overall structural view of a watermark embedding method;
FIG. 3 is a graph of a training process with and without embedded watermarks in a VGG16 network;
fig. 4 is an angle distribution diagram obtained by randomly inputting 100 pictures after embedding a watermark in VGG 16.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
As shown in fig. 1 and 2, a neural network watermark embedding method, VGG16 is used as a neural network model M to be embedded with a watermark, and a data set uses a cfar-10 data set, which is composed of 60000 color pictures of 32 × 32, and has 10 categories in total. 6000 pictures per category. Wherein 50000 pictures are used for training, 10000 pictures are used for testing, and the method comprises the following steps:
in the first step, the first layer of VGG16 is selected as the watermark layer to be embedded with the watermarkl wm In the existing original sub-layerlOn the basis ofl wm Adding an additional sub-layer having the same structure as the additional sub-layerl' obtaining a neural network model with a new structureMOf wherein the original sub-layerlAnd adding a sublayerl' has a convolution kernel number of 64 and a size of 3 × 3.
Second, obtain the watermark layerl wm Including the original sub-layerlOutput feature vector ofu k 1 And adding a sublayerl' s output feature vectoru k 2 。
Thirdly, selecting an original sub-layerlOutput feature vector ofu k 1 And adding sublayersl' s output feature vectoru k 2 Feature vectors at the same position and grouped into a pair of feature vector groups, resulting in 64 pairs of feature vector groups in total.
Fourth step, adding constraint condition in forward propagation rule to embed watermark with length of 64bWhere { 1,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,1,1,0,0,0,1, 0,0,0,0,0 } is used as a basis, and different constraint conditions are added to each pair of feature vector groups according to the difference in bit. Length 64 watermarkbCorresponding to the feature vector group with the length of 64 in sequence.
When the watermark is 1, a constraint is applied to make the two eigenvectors in the group parallel in the same direction, that is:
v k 1 = u k 1
v k 2 = u k 2
when the watermark is 0, a constraint condition is applied to make two feature vectors in the group orthogonal to each other, that is:
v k 1 = u k 1
fifthly, adding the VGG16 with a new structure by using the 50000 picture training model, and before training, setting the learning rate to be 0.1, the batch size to be 256 and the training batch to be 100. The neural network watermark requires that the performance of an original model cannot be influenced in the training process of embedding the watermark, and under the same setting, a training process curve of embedding the watermark in VGG16 and a training process curve of not embedding the watermark in VGG16 are shown in figure 3. In the training process, no loss function needs to be additionally arranged, and the weight is updated to the adaptive watermark according to the forward propagation constraint condition arranged in the fourth stepbWhen the training batch is 1, the watermark can be embedded, but the iteration is still needed to make the accuracy of the original task of the model converge. After training is finished, obtaining the neural network model embedded with the watermarkM wm 。
A neural network watermark verification method comprises the following steps:
the first step is that pictures in 100 data sets are randomly selected and output feature vectors of a VGG16 model embedded with a watermark at a first layer are obtained, wherein the output feature vectors include original sub-layerslOutput feature vector ofv k 1 And adding a sublayerl' s output feature vectorv k 2 。
Secondly, selecting an original sub-layer for each picturelAnd adding a sublayerl' feature vectors in the same positionv k 1 Andv k 2 and make up ofAnd a pair of feature vector groups, and 64 pairs of feature vector groups are obtained by a single picture.
Thirdly, for each picture, selecting the first 64 pairs of feature vector groupsv T 1 Andv T 2 calculating two output feature vectors in each pairv t 1 Andv t 2 angle of (2)
The length of a single picture isTAngle set of (2)angle,tE { 1,2, …,64 }; in order to reduce the influence of statistical deviation, 100 pictures are randomly selected in the first step, so that an angle set with a length of 6400 is obtained in total, and the angle distribution of 100 pictures is shown in fig. 4.
Fourthly, setting a threshold value to be 90 degrees for each picture, and then collecting angles with the length of 64angleAnd (5) carrying out angle binarization, wherein the angle is converted into 1 when the angle is less than 90 degrees, and the angle is converted into 0 when the angle is greater than 90 degrees. Set of anglesangleThe extracted watermark is obtained after binarizationb'=
{1,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,1,1,0,0,0,1,1,0,0,1,0,1,1,1,0,0,0,0,0,0,0,0}。
Fifthly, extracting the watermark from the model to be verified for each pictureb' AND embedded watermarkbAnd comparing, and calculating the bit error rate to obtain a result 0. In the first step, 100 pictures are input, each picture can calculate the error rate, and the error rate of the 100 pictures is calculated to be 0 on average, so that the ownership of the model can be verified within an acceptable range, such as 20%.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (5)
1. A neural network watermark embedding method, comprising:
acquiring an original model of a neural network to be embedded with a watermark and an image training set;
setting any layer of original model as watermark layerl wm At the watermark layerl wm Adding an original sub-layer to the watermark layerlAdditive sub-layers of identical structurelObtaining a neural network model added with a new structure;
training the neural network model added with the new structure by using an image training set and a preset forward propagation constraint condition to obtain a neural network model embedded with the watermark;
the forward propagation constraint is:
in the forward propagation process of the training model, the watermark to be embeddedb,b∈{0,1} T Adding different constraint conditions to the feature vector groups at different positions as a basis; the set of feature vectors consists of original sub-layerslAnd adding a sublayerlThe output feature vector of the' same position is composed,Twhich represents the length of the watermark or watermarks,T≤Klength ofTIs watermarkbAnd a length ofKThe sets of feature vectors of (a) are in one-to-one correspondence in order, exceeding the length of the watermarkK-TThe group feature vector does not add constraints, where,Kis the original sublayerlAnd adding a sublayerlNumber of convolution kernels of';
the constraint conditions are as follows:
at watermark 1, a constraint is applied to make the two output feature vectors in the group parallel with the same direction, which is expressed as:
v k 1 = u k 1
v k 2 = u k 2
wherein the content of the first and second substances,v k 1 indicating the position of the original sub-layer after the constraint is appliedkThe output feature vector of (a) is,u k 1 indicating the original sub-layer before applying the constraint is in placekThe output feature vector of (a) is,v k 2 showing the position of the added sublayer after the application of the constraintkThe output feature vector of (a) is,u k 2 indicating the position of the added sublayer before applying the constraintkThe output feature vector of (a) is,k∈{1,2,…, K};
at a watermark of 0, a constraint is applied to make two eigenvectors in the group orthogonal to each other, which is expressed as:
v k 1 = u k 1
2. the neural network watermark embedding method of claim 1, wherein the original sub-layerlAnd adding sublayerslThe input image feature vector being input to the watermark layerl wm The original sub-layer, the original sub-layerlAnd adding a sublayerlAfter concat concatenation is performed on all image feature vectors output, the output image feature vectors are passed backward.
3. A neural network watermark verification method, comprising:
acquiring n verification pictures, and sequentially inputting the verification pictures into the neural network model with the embedded watermark obtained by the neural network watermark embedding method of claim 1 to obtain the verification pictures in the watermark layerl wm Including the original sub-layerlOutput feature vector ofv k 1 And adding a sublayerl' s output feature vectorv k 2 ;
Selecting an original sub-layer for each verification picturelOutput feature vector ofv k 1 And adding sublayersl' s output feature vectorv k 2 Feature vectors at the same position form a pair of feature vector groups, and a single picture is obtainedKFor the feature vector group;
before selectionTFor the feature vector groups, calculating two output feature vectors in each pair of feature vector groupsv t 1 Andv t 2 angle of (2)
The length of a single picture isTAngle set of (2)angle,t∈{1,2,…, T};
The length is set to beTAngle set of single pictureangleThe angle binarization is carried out, and the watermark to be verified is extracted and obtainedb',b'∈{0,1} T ;
Using watermarks to be authenticatedb' with pre-acquired embedded watermarkbCalculating to obtain the error rate of a single verification picture;
and acquiring the error rate of the n verification pictures, calculating the error rate mean value of the n verification pictures, and verifying the ownership of the model when the error rate mean value is within a preset error rate threshold range.
4. The neural network watermark verification method according to claim 3, wherein the length is determined by using a preset angle threshold valueTAngle set of single pictureangleThe angle binarization is carried out, and the watermark to be verified is extracted and obtainedb',b'∈{0,1} T The method comprises the following steps:
acquired angle setangle∈[0°,180°]Setting the angle threshold value to be 90 degrees, and calculating according to the following formula to obtain the watermark to be verifiedb',b'∈{0,1} T ,
5. The neural network watermark verification method of claim 3, wherein the bit error rate is calculated by the formula:
in the formula, BER represents a bit error rate,b t "indicating the first place in the watermark to be verifiedtA watermark of a single bit of data,b t indicating embedding in watermarktA single bit watermark.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210757151.6A CN114862650B (en) | 2022-06-30 | 2022-06-30 | Neural network watermark embedding method and verification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210757151.6A CN114862650B (en) | 2022-06-30 | 2022-06-30 | Neural network watermark embedding method and verification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114862650A CN114862650A (en) | 2022-08-05 |
| CN114862650B true CN114862650B (en) | 2022-09-23 |
Family
ID=82626531
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210757151.6A Active CN114862650B (en) | 2022-06-30 | 2022-06-30 | Neural network watermark embedding method and verification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114862650B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116881872A (en) * | 2023-09-06 | 2023-10-13 | 南京信息工程大学 | Robust traceable copyright protection method and system for federal learning |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112150338A (en) * | 2020-09-21 | 2020-12-29 | 清华大学 | Method for removing image watermark of neural network model |
| CN113987429A (en) * | 2021-11-03 | 2022-01-28 | 华南师范大学 | Copyright verification method of neural network model based on watermark embedding |
| CN114359011A (en) * | 2022-01-07 | 2022-04-15 | 华南师范大学 | Neural network watermark embedding method and device, electronic equipment and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6908553B2 (en) * | 2018-04-11 | 2021-07-28 | Kddi株式会社 | Information processing equipment, information processing methods, and programs |
| EP4185971A4 (en) * | 2020-07-23 | 2024-05-01 | Ericsson Telefon Ab L M | Watermark protection of artificial intelligence model |
| CN113379833B (en) * | 2021-06-25 | 2022-08-05 | 合肥工业大学 | Image visible watermark positioning and segmenting method based on neural network |
| CN114119335B (en) * | 2022-01-26 | 2022-04-26 | 南京信息工程大学 | Neural network watermark generation method, system and storage medium based on GAN |
| CN114647824B (en) * | 2022-05-23 | 2022-09-23 | 南京信息工程大学 | Active protection method and system for neural network, storage medium and computing equipment |
-
2022
- 2022-06-30 CN CN202210757151.6A patent/CN114862650B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112150338A (en) * | 2020-09-21 | 2020-12-29 | 清华大学 | Method for removing image watermark of neural network model |
| CN113987429A (en) * | 2021-11-03 | 2022-01-28 | 华南师范大学 | Copyright verification method of neural network model based on watermark embedding |
| CN114359011A (en) * | 2022-01-07 | 2022-04-15 | 华南师范大学 | Neural network watermark embedding method and device, electronic equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 基于广义猫映射与神经网络的图像空域水印算法;黄大足等;《计算机应用研究》;20080415(第04期);第1144-1146页 * |
| 基于神经网络的图像盲水印技术;王忠等;《计算机工程与设计》;20061028(第20期);第3858-3860页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114862650A (en) | 2022-08-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Cui et al. | Identifying materials of photographic images and photorealistic computer generated graphics based on deep CNNs. | |
| CN109377452B (en) | Face image restoration method based on VAE and generation type countermeasure network | |
| CN110941794A (en) | Anti-attack defense method based on universal inverse disturbance defense matrix | |
| CN114842267A (en) | Image classification method and system based on label noise domain self-adaption | |
| CN109919303B (en) | Intellectual property protection method, system and terminal for deep neural network | |
| CN114862650B (en) | Neural network watermark embedding method and verification method | |
| CN111832484A (en) | Loop detection method based on convolution perception hash algorithm | |
| CN115168210A (en) | Robust watermark forgetting verification method based on confrontation samples in black box scene in federated learning | |
| Wang et al. | HidingGAN: High capacity information hiding with generative adversarial network | |
| CN111222583B (en) | Image steganalysis method based on countermeasure training and critical path extraction | |
| Yuan et al. | GAN-based image steganography for enhancing security via adversarial attack and pixel-wise deep fusion | |
| CN111291810B (en) | Information processing model generation method based on target attribute decoupling and related equipment | |
| CN114004333A (en) | Oversampling method for generating countermeasure network based on multiple false classes | |
| CN111125750A (en) | Database watermark embedding and detecting method and system based on double-layer ellipse model | |
| CN115809953A (en) | Attention mechanism-based multi-size image robust watermarking method and system | |
| CN110533575B (en) | Depth residual error steganalysis method based on heterogeneous core | |
| Xie et al. | DeepMark: embedding watermarks into deep neural network using pruning | |
| CN113935396A (en) | Manifold theory-based method and related device for resisting sample attack | |
| Ma et al. | Enhancing the security of image steganography via multiple adversarial networks and channel attention modules | |
| CN111737688A (en) | Attack defense system based on user portrait | |
| CN103793720B (en) | A kind of eye locating method and system | |
| CN116188439A (en) | False face-changing image detection method and device based on identity recognition probability distribution | |
| Goodman | Transferability of adversarial examples to attack cloud-based image classifier service | |
| Abdollahi et al. | Image steganography based on smooth cycle-consistent adversarial learning | |
| Wu | A method of character verification code recognition in network based on artificial intelligence technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |