CN118038343A - Smart grid countermeasure image generation method and device, storage medium and terminal equipment - Google Patents
Smart grid countermeasure image generation method and device, storage medium and terminal equipment Download PDFInfo
- Publication number
- CN118038343A CN118038343A CN202410439278.2A CN202410439278A CN118038343A CN 118038343 A CN118038343 A CN 118038343A CN 202410439278 A CN202410439278 A CN 202410439278A CN 118038343 A CN118038343 A CN 118038343A
- Authority
- CN
- China
- Prior art keywords
- current
- image
- boundary
- distance
- countermeasure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 85
- 238000009826 distribution Methods 0.000 claims description 39
- 238000004590 computer program Methods 0.000 claims description 16
- 238000012549 training Methods 0.000 claims description 11
- 238000013135 deep learning Methods 0.000 claims description 10
- 238000004364 calculation method Methods 0.000 claims description 9
- 238000009827 uniform distribution Methods 0.000 claims description 8
- 238000013528 artificial neural network Methods 0.000 claims description 7
- 238000009499 grossing Methods 0.000 claims description 7
- 238000004422 calculation algorithm Methods 0.000 abstract description 11
- 238000012545 processing Methods 0.000 abstract description 5
- 239000012212 insulator Substances 0.000 description 14
- 230000006870 function Effects 0.000 description 11
- 238000001514 detection method Methods 0.000 description 9
- 238000013136 deep learning model Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000003321 amplification Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003199 nucleic acid amplification method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000003042 antagnostic effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000002620 method output Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
Landscapes
- Image Analysis (AREA)
Abstract
The embodiment of the application provides a smart grid countermeasure image generation method, a smart grid countermeasure image generation device, a storage medium and terminal equipment, and belongs to the technical field of image processing. The method comprises the following steps: acquiring an original image; initializing a search direction and iteration times; randomly selecting disturbance parameters; calculating the current shortest distance between the current image and the decision boundary of the target model by an improved boundary shortest distance searching method, and adding countermeasure disturbance to the current image based on the current shortest distance, the current searching direction and disturbance parameters to obtain a current countermeasure sample image; determining the direction derivative of the current searching direction according to the recognition result of the natural image recognition model and the target model on the current countermeasure sample image; and updating the current searching direction according to the direction derivative, returning to the step of randomly selecting disturbance parameters until the iteration times reach a threshold value, and taking the current countermeasure sample image as the optimal countermeasure sample image. The method and the device can effectively improve the robustness of the recognition algorithm.
Description
Technical Field
The application relates to the technical field of image processing, in particular to a smart grid countermeasure image generation method, a smart grid countermeasure image generation device, a machine-readable storage medium and a terminal device.
Background
Auxiliary facilities on the distribution line play an important role in the reliable operation of the power grid, and auxiliary facilities such as insulators are important components of the distribution line and have the characteristics of multiple types, large quantity and wide distribution. In a complex environment, the insulator is extremely easy to generate faults, such as damage, foreign matter suspension, string drop and the like, and how to quickly and efficiently identify the faults of the insulator is a key for guaranteeing safe, stable and reliable operation of a power grid. Along with the development of the field of computer vision, the target detection and recognition technology is developed from a machine learning method based on traditional characteristics to a deep learning method based on big data driving, and higher detection and recognition efficiency is achieved.
At present, training samples of detection and identification related algorithms of distribution line auxiliary facilities are all acquired by unmanned aerial vehicle/helicopter inspection and monitoring equipment, the background of the acquired samples is complex, the target scale is various, the confidentiality is high, and the diversity acquisition period of a large number of samples is long. The existing detection and identification technology of auxiliary facilities of the distribution line is mostly technically improved based on an image target detection and identification algorithm, and characterization of complex distribution line scenes and various auxiliary facilities is lacking. Meanwhile, the distribution lines are widely distributed, the scenes are various and complex, and the acquisition modes are not uniform, so that the sample background of the auxiliary facilities is complex, and the target scale is various. Meanwhile, as distribution lines and distribution line devices have higher confidentiality, scene and mode barriers exist among databases collected by power grid companies distributed nationwide, auxiliary facility databases capable of being opened and recognition and detection algorithms thereof are fewer, and the published auxiliary facility databases are smaller in scale and poor in sample diversity. In addition, the existing database lacks negative samples of auxiliary facilities of distribution lines, so that the existing identification algorithm has poor resistance to attack samples, and is not beneficial to the safety of power grid information.
Disclosure of Invention
The embodiment of the application aims to provide a smart grid countermeasure image generation method, a smart grid countermeasure image generation device, a storage medium and terminal equipment, so as to solve the problems.
In order to achieve the above object, a first aspect of the present application provides a smart grid countermeasure image generation method, including:
S100, acquiring an original image comprising a target to be detected of a smart grid, and taking the original image as a current image;
S200, initializing a search direction and iteration times;
s300, randomly selecting disturbance parameters;
S400, calculating the current shortest distance between the current image and the decision boundary of the target model by an improved boundary shortest distance searching method according to the current searching direction and the current iteration times, constructing countermeasure disturbance based on the current shortest distance, the current searching direction and disturbance parameters, and adding the countermeasure disturbance to the current image to obtain a current countermeasure sample image;
S500, determining a direction derivative of the current search direction according to the current shortest distance, the recognition result of the pre-constructed natural image recognition model on the current countermeasure sample image and the recognition result of the pre-constructed target model on the current countermeasure sample image;
S600, judging whether the current iteration times reach an iteration times threshold, if the current iteration times do not reach the iteration times threshold, updating the current search direction according to the direction derivative of the current search direction, updating the iteration times, and executing the step S300; and if the current iteration number reaches the iteration number threshold, taking the current countercheck sample image as the optimal countercheck sample image.
Optionally, the disturbance parameters include:
Disturbance angle and anti-disturbance quantity;
The anti-disturbance quantity is a random variable obeying a target probability distribution, and the disturbance angle is used for representing the direction of the anti-disturbance quantity;
the target probability distribution is a gaussian distribution or a uniform distribution.
Optionally, updating the current search direction according to the direction derivative of the current search direction includes:
The current search direction is updated with a set step based on the direction derivative of the current search direction.
Optionally, the method further comprises:
Taking the target images to be detected of the smart grid under different natural scenes as positive samples, taking the target images to be detected of the smart grid under different synthetic environments as negative samples, and training the deep learning neural network through the obtained positive samples and the negative samples to obtain a natural scene image discrimination model for identifying the input image as a natural scene image or a non-natural scene image;
The recognition result of the natural image recognition model on the current countermeasure sample image comprises the following steps:
the current challenge sample image is a natural scene image or a non-natural scene image.
Optionally, determining the directional derivative of the current search direction according to the recognition result of the pre-constructed natural image recognition model on the current challenge sample image and the recognition result of the pre-constructed target model on the current challenge sample image includes:
The directional derivative of the current search direction is determined by the following formula:
;
;
Wherein, Represents the directional derivative, t represents the number of iterations,/>For smoothing parameters,/>F represents a target model, G represents a natural scene image discrimination model, u represents a disturbance parameter, Q represents the number of queries, x 0 represents an original image, and θ represents a search direction.
Optionally, the improved boundary shortest distance searching method comprises:
if the current iteration number is 1, acquiring a recognition result of the target model on the current image under the initial search direction and a preset first estimated distance, and if the recognition result of the target model on the current image is in a decision boundary of the target model, determining the current first estimated distance as a first boundary distance;
And determining a second estimated distance based on the set step length and the first boundary distance, updating the current second estimated distance with the set step length until the recognition result of the current image is outside the decision boundary of the target model under the initial search direction and the current second estimated distance, and determining the current second estimated distance as the second boundary distance.
Optionally, the improved boundary shortest distance searching method further comprises:
if the current iteration number is greater than 1, determining a first estimated distance by the following steps:
;
Wherein v is a first estimated distance, To update the step size.
Optionally, after obtaining the recognition result of the current image by the target model in the initial search direction and the preset first estimated distance, the method further includes:
if the identification result of the target model on the current image is outside the decision boundary of the target model, determining that the current first estimated distance is the second boundary distance;
And determining a second estimated distance based on the set step length and the second boundary distance, updating the current second estimated distance with the set step length until the identification result of the current image of the target model is within the decision boundary of the target model under the initial search direction and the current second estimated distance, and determining the current second estimated distance as the first boundary distance.
Optionally, the improved boundary shortest distance searching method further comprises:
If the difference value between the second boundary distance and the first boundary distance is larger than a preset search error, calculating the average value of the first boundary distance and the second boundary distance to obtain a third boundary distance;
Acquiring the recognition result of the target model on the current image in the initial search direction and at a third boundary distance, and if the recognition result of the target model on the current image is in a decision boundary of the target model, updating the first boundary distance by the third boundary distance;
And if the identification result of the target model on the current image is outside the decision boundary of the target model, determining a third boundary distance to update a second boundary distance until the difference value between the second boundary distance and the first boundary distance is not larger than a preset search error, and determining the initial shortest distance between the current image and the decision boundary of the target model based on the first boundary distance and the second boundary distance.
The second aspect of the present application provides a smart grid countermeasure image generating apparatus, to which the smart grid countermeasure image generating method described above is applied, including:
the image acquisition module is configured to acquire an original image including an object to be detected of the smart grid, and the original image is taken as a current image;
The parameter setting module is configured to initialize the searching direction and the iteration times;
The disturbance adding module is configured to randomly select disturbance parameters;
The boundary distance calculation module is configured to calculate the current shortest distance between the current image and the decision boundary of the target model through the improved boundary shortest distance search method according to the current search direction and the current iteration times, construct countermeasure disturbance based on the current shortest distance, the current search direction and disturbance parameters, and add the countermeasure disturbance to the current image to obtain a current countermeasure sample image;
The direction derivative calculation module is configured to determine the direction derivative of the current search direction according to the recognition result of the pre-constructed natural image recognition model on the current countermeasure sample image and the recognition result of the pre-constructed target model on the current countermeasure sample image;
The optimal countermeasure sample image generation module is configured to judge whether the current iteration number reaches an iteration number threshold, if the current iteration number does not reach the iteration number threshold, update the current search direction according to the direction derivative of the current search direction, update the iteration number, and call the disturbance addition module; and if the current iteration number reaches the iteration number threshold, taking the current countercheck sample image as the optimal countercheck sample image.
Optionally, the disturbance parameters include:
Disturbance angle and anti-disturbance quantity;
The anti-disturbance quantity is a random variable obeying a target probability distribution, and the disturbance angle is used for representing the direction of the anti-disturbance quantity;
the target probability distribution is a gaussian distribution or a uniform distribution.
Optionally, updating the current search direction according to the direction derivative of the current search direction includes:
The current search direction is updated with a set step based on the direction derivative of the current search direction.
Optionally, the method further comprises:
Taking the target images to be detected of the smart grid under different natural scenes as positive samples, taking the target images to be detected of the smart grid under different synthetic environments as negative samples, and training the deep learning neural network through the obtained positive samples and the negative samples to obtain a natural scene image discrimination model for identifying the input image as a natural scene image or a non-natural scene image;
The recognition result of the natural image recognition model on the current countermeasure sample image comprises the following steps:
the current challenge sample image is a natural scene image or a non-natural scene image.
Optionally, determining the directional derivative of the current search direction according to the recognition result of the pre-constructed natural image recognition model on the current challenge sample image and the recognition result of the pre-constructed target model on the current challenge sample image includes:
The directional derivative of the current search direction is determined by the following formula:
;
;
Wherein, Represents the directional derivative, t represents the number of iterations,/>For smoothing parameters,/>F represents a target model, G represents a natural scene image discrimination model, u represents a disturbance parameter, Q represents the number of queries, x 0 represents an original image, and θ represents a search direction.
Optionally, the improved boundary shortest distance searching method comprises:
if the current iteration number is 1, acquiring a recognition result of the target model on the current image under the initial search direction and a preset first estimated distance, and if the recognition result of the target model on the current image is in a decision boundary of the target model, determining the current first estimated distance as a first boundary distance;
And determining a second estimated distance based on the set step length and the first boundary distance, and updating the current second estimated distance along the initial searching direction by the set step length until the recognition result of the current image is outside the decision boundary of the target model under the initial searching direction and the current second estimated distance, and determining the current second estimated distance as the second boundary distance.
Optionally, the improved boundary shortest distance searching method further comprises:
if the current iteration number is greater than 1, determining a first estimated distance by the following steps:
;
Wherein v is a first estimated distance, To update the step size.
Optionally, after obtaining the recognition result of the current image by the target model in the initial search direction and the preset first estimated distance, the method further includes:
If the identification result of the target model on the current image is outside the decision boundary of the target model, determining that the current first estimated distance is the second boundary distance;
And determining a second estimated distance based on the set step length and the second boundary distance, updating the current second estimated distance along the initial searching direction by the set step length until the identification result of the current image is within the decision boundary of the target model under the initial searching direction and the current second estimated distance, and determining the current second estimated distance as the first boundary distance.
Optionally, the improved boundary shortest distance searching method further comprises:
If the difference value between the second boundary distance and the first boundary distance is larger than a preset search error, calculating the average value of the first boundary distance and the second boundary distance to obtain a third boundary distance;
Acquiring the recognition result of the target model on the current image in the initial search direction and at a third boundary distance, and if the recognition result of the target model on the current image is in a decision boundary of the target model, updating the first boundary distance by the third boundary distance;
And if the identification result of the target model on the current image is outside the decision boundary of the target model, determining a third boundary distance to update a second boundary distance until the difference value between the second boundary distance and the first boundary distance is not larger than a preset search error, and determining the initial shortest distance between the current image and the decision boundary of the target model based on the first boundary distance and the second boundary distance.
A third aspect of the application provides a machine-readable storage medium having stored thereon instructions that, when executed by a processor, cause the processor to be configured to perform the smart grid countermeasure image generation method described above.
A fourth aspect of the present application provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the smart grid countermeasure image generation method described above when executing the computer program.
According to the method and the device for obtaining the optimal countermeasure sample image of the target to be detected in the intelligent power grid, the optimal countermeasure sample image is obtained rapidly and accurately, the target database to be detected of the intelligent power grid is amplified through the obtained optimal countermeasure sample image, the robustness of the target recognition algorithm to be detected of the intelligent power grid can be effectively improved, and the information safety of the distribution line is improved.
Additional features and advantages of embodiments of the application will be set forth in the detailed description which follows.
Drawings
The accompanying drawings are included to provide a further understanding of embodiments of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain, without limitation, the embodiments of the application. In the drawings:
Fig. 1 is a flowchart of a smart grid countermeasure image generation method according to a preferred embodiment of the present application;
Fig. 2 is a schematic block diagram of a smart grid countermeasure image generating apparatus provided in a preferred embodiment of the present application;
fig. 3 is a schematic diagram of a terminal device according to a preferred embodiment of the present application.
Description of the reference numerals
10-Terminal equipment, 100-processor, 101-memory, 102-computer program.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it should be understood that the detailed description described herein is merely for illustrating and explaining the embodiments of the present application, and is not intended to limit the embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that, the technical solutions of the embodiments of the present application may be combined with each other, but it is necessary to be based on the fact that those skilled in the art can implement the embodiments, and when the technical solutions are contradictory or cannot be implemented, it should be considered that the combination of the technical solutions does not exist, and is not within the scope of protection required by the present application.
With rapid development and wide application of deep learning, the current deep learning algorithm has serious potential safety hazards, and an attacker can easily confuse the deep learning model by fusing specific noise to a positive sample and is not perceived. This approach to misjudging the deep learning model by adding imperceptible sample perturbations is called challenge. With the development of smart power grids, the task of performing power grid identification and detection by using a deep learning model is becoming more and more popular, but the potential safety hazard of a deep learning algorithm also brings great threat to the information security of the power grid. Therefore, how to improve the performance of the deep learning model and the defensive power of the deep learning model through sample amplification is an important problem for improving the information security of the smart grid.
In order to solve the above-mentioned problem, as shown in fig. 1, there is provided in a first aspect of the present embodiment a smart grid countermeasure image generation method, including:
S100, acquiring an original image comprising a target to be detected of the smart grid, and taking the original image as a current image;
S200, initializing a search direction and iteration times;
s300, randomly selecting disturbance parameters;
S400, calculating the current shortest distance between the current image and the decision boundary of the target model by an improved boundary shortest distance searching method according to the current searching direction and the current iteration times, constructing countermeasure disturbance based on the current shortest distance, the current searching direction and disturbance parameters, and adding the countermeasure disturbance to the current image to obtain a current countermeasure sample image;
S500, determining a direction derivative of a current search direction according to a recognition result of a pre-built natural image recognition model on a current countermeasure sample image and a recognition result of a pre-built target model on the current countermeasure sample image;
S600, judging whether the current iteration times reach an iteration times threshold, if the current iteration times do not reach the iteration times threshold, updating the current search direction according to the direction derivative of the current search direction, updating the iteration times, and executing the step S300; and if the current iteration number reaches the iteration number threshold, taking the current countersample image as the optimal countersample image.
Therefore, the method and the device can quickly and accurately obtain the optimal countermeasure sample image of the target to be detected in the intelligent power grid, amplify the target database to be detected of the intelligent power grid through the obtained optimal countermeasure sample image, effectively improve the robustness of the recognition algorithm of the target to be detected of the intelligent power grid, and improve the information safety of the distribution line.
Taking the object to be detected as an insulator as an example, in order to improve the robustness and the safety of a deep learning model such as an insulator identification detection model, the application realizes the amplification of the insulator sample by generating the countermeasure sample of the original image, and meanwhile, the original image is a natural scene image, so that the countermeasure sample and the original image have similar perception distribution, namely the countermeasure sample is also required to be the natural scene image. According to the application, the natural scene image discrimination model for identifying the natural scene image and the unnatural scene image is constructed in advance, the synthesized unnatural scene image and the natural scene image are utilized for manifold learning, and the countermeasure sample is subjected to manifold mapping, so that the countermeasure sample has perceptibility, and the obtained countermeasure sample is used as the supplement of the sample set, so that the robustness and the safety of the identification detection model can be effectively improved.
Thus, prior to step S100 of the present application, the method of the present application further comprises: and training the deep learning neural network by the obtained positive sample and the negative sample to obtain a natural scene image discrimination model for identifying the input image as a natural scene image or a non-natural scene image. The natural scene discrimination model can be constructed based on a neural network, and in the application, the natural scene image discrimination model can be constructed based on an ImageNet, and the specific training process is as follows: taking an original image including a distribution line insulator in an existing natural scene as a positive sample, enabling the label to be 1, taking a synthesized image including the distribution line insulator in an existing synthesized scene as a negative sample, enabling the label to be-1, taking the positive sample and the negative sample as training samples, and establishing a classification network capable of identifying whether an input image is a natural scene image or a non-natural scene image based on an ImageNet to obtain a natural scene image discrimination model. When discriminating model/>When the output is 1, the input image is a natural image; when discriminating model/>When the output is 0, it indicates that the input image is an unnatural image.
Pre-building a challenge sample model, the description of which is as follows:
Let the original image be The target model is/>Target model/>, for original imageThe predicted result of (1) is/>. To find the original image/>Is to combat sample image/>Constructing a boundary attack model based on natural image discrimination:
;
Wherein, Representing a challenge image/>Is a natural scene image; /(I)Representing a challenge image/>Is an unnatural scene image. The constraints of the challenge sample model of the present application include that the challenge attack is a no-target attack and that the current challenge sample image is a natural scene image.
The boundary attack model based on natural image discrimination can be converted into the following optimization problem:
;
In step S100, the original image including the target to be detected, such as an insulator, of the smart grid may be directly acquired through ImageNet, or may be acquired through other existing databases, which is not limited herein.
In order to solve and optimize a boundary attack model based on natural image discrimination efficiently, the application provides an improved boundary shortest distance searching method, which utilizes a trigonometric function to determine the initial boundary point and searching step length of searching, reduces the uncertainty of algorithm initialization and improves the searching efficiency of boundary shortest distance.
In step S200, during initialization, the initial iteration number is set to be 1, and the initial search direction and the first estimated distance when the iteration number is set to be 1 are randomly determined. For example, let the initial direction beIteration cycle/>The first estimated distance is v, and initializing: t=1,/>,v=1。
In step S300, the disturbance parameters include: disturbance angle and anti-disturbance quantity; the anti-disturbance quantity is a random variable obeying a target probability distribution, and the disturbance angle is used for representing the direction of the anti-disturbance quantity, wherein the target probability distribution can be Gaussian distribution or even distribution. The anti-interference amount may be an N-dimensional random variable, N is the number of pixels included in the original image, and N is an integer greater than 1. Wherein the amount of anti-disturbance following Gaussian/uniform distribution can be expressed as。
In step S400, the improved boundary shortest distance searching method includes:
if the current iteration number is t=1, acquiring the initial search direction of the target model And determining the current first estimated distance as a first boundary distance, namely the/>, if the recognition result of the target model on the current image is within the decision boundary of the target model according to the recognition result of the target model on the current image under the preset first estimated distance v=1; Determining a second estimated distance based on the set step size and the first boundary distance, namely the command/>Updating the current second estimated distance by a set step length, namely iterative assignmentAnd determining the current second estimated distance as the second boundary distance until the recognition result of the current image is outside the decision boundary of the target model under the initial search direction and the current second estimated distance.
If the current iteration number is greater than 1, determining a first estimated distance by:
。
If the recognition result of the target model on the current countermeasure sample image is outside the decision boundary of the target model, determining that the current first estimated distance is the second boundary distance, namely, making ; Determining a second estimated distance based on the set step length and the second boundary distance, namely, the command/>Updating the current second estimated distance with a set step length, namely iterative assignment/>And determining the current second estimated distance as the first boundary distance until the recognition result of the current image of the target model is in the decision boundary of the target model under the initial search direction and the current second estimated distance.
The recognition result of the target model on the current image is within the decision boundary of the target model, and the recognition result of the target model on the current image is the same as the actual attribute of the current image. For example, if the target model is an identification model of an insulator, when the identification result of the target model to the current image is an insulator, the identification result of the target model to the current image is within a decision boundary of the target model; if the identification result of the target model to the current image is not an insulator, the identification result of the target model to the current countermeasure sample image is outside the decision boundary of the target model.
Specifically, let the original image beThe target model is/>The search direction is/>Search step size is/>The first estimated distance is v, the iteration number is t, and the search error is/>;
Let v=1 if t=1, search step size;
If t >1, letSearch step size is/>;
When (when)Time, let/>,/>; Judging condition/>Iterative assignment/>Up to/>;
When (when)Time, let/>,/>; Judging condition/>Iterative assignment/>Up to/>。
Wherein if itAfter the current image is moved by a first estimated distance along the current searching direction theta, judging that the first estimated distance is one side boundary of the initial searching range and determining that the current first estimated distance is a first boundary distance if the identification result of the target model is in the decision boundary; on the basis of the first boundary, a second estimated distance, i.e./>, is determined based on the set step sizeAfter continuously judging whether the current image moves a second estimated distance along the current searching direction theta, determining whether the identification result of the target model is within a decision boundary or not until the identification result of the target model is outside the decision boundary, and determining the current second estimated distance as the boundary of the other side of the initial searching range, namely determining the current second estimated distance as the second boundary distance, thereby determining the initial searching range.
Similarly, ifAfter the current image is moved by a first estimated distance along the current searching direction theta, judging that the first estimated distance is the boundary of the other side of the initial searching range and determining that the current first estimated distance is the second boundary distance if the identification result of the target model is outside the decision boundary; and determining a second estimated distance based on the set step length and the second boundary distance, updating the current second estimated distance by the set step length, continuously judging whether the recognition result of the target model on the current image is within the decision boundary after the current image moves the second estimated distance along the current searching direction theta, determining that the current second estimated distance is one side boundary of the initial searching range until the recognition result of the target model on the target model is within the decision boundary, and determining that the current second estimated distance is the first boundary distance, thereby determining the initial searching range.
In order to further reduce the search range, the improved boundary shortest distance search method in the application further comprises the following steps of:
If the difference value between the second boundary distance and the first boundary distance is larger than a preset search error, calculating the average value of the first boundary distance and the second boundary distance to obtain a third boundary distance; acquiring the recognition result of the target model on the current image in the initial search direction and at a third boundary distance, and if the recognition result of the target model on the current image is in a decision boundary of the target model, updating the first boundary distance by the third boundary distance; if the identification result of the target model on the current image is outside the decision boundary of the target model, determining a third boundary distance to update a second boundary distance until the difference value between the second boundary distance and the first boundary distance is not larger than a preset search error, and determining the initial shortest distance between the current image and the decision boundary of the target model based on the first boundary distance and the second boundary distance.
Specifically, after the initial search range is obtained, the judgment condition is as followsIterative assignment/>If/>Let/>Otherwise, let/>Up to/>Outputting the initial shortest distance/>, of the decision boundary of the current image and the target model。
In step S500, the directional derivative of the current search direction is determined by the following formula:
;
;
Wherein, Represents the directional derivative, t represents the number of iterations,/>For smoothing parameters,/>F represents a target model, G represents a natural scene image discrimination model, u represents a disturbance parameter, Q represents the number of queries, x 0 represents an original image, and θ represents a search direction.
If the recognition result of the current countermeasure sample image obtained by the target model is the same as the actual recognition result of the original image, the amount of the anti-disturbance added to the original image does not influence the output of the target model, in which case the current countermeasure sample image cannot meet the requirements of enhancing the robustness and the safety of the target model; if the two images are different, the anti-interference quantity added to the original image is indicated to influence the output of the target model, and in this case, the current anti-sample image can meet the requirement of enhancing the robustness and the safety of the target model. And assigning a sign function according to the recognition result of the target model on the current countermeasure sample image and the recognition result of the natural image recognition model on whether the current countermeasure sample image is a natural image, and determining the gradient direction of the decision boundary of the target model according to the assignment result. In the application, when the current countermeasure sample image simultaneously meets the condition that the identification result of the target model is the same as the actual identification result of the original image and the current countermeasure sample image is a natural image, the sign function is assigned to +1 to represent the current search direction, namely the gradient direction of the decision boundary of the target model; when the identification result of the current countermeasure sample image through the target model is different from the actual identification result of the original image, but the current countermeasure sample image is a natural image, the sign function is assigned to be-1, and the opposite direction of the current search direction is the gradient direction of the decision boundary of the target model; if the current challenge sample image is not a natural image, the sign function is assigned a value of 0, indicating that the current challenge sample image is not a good challenge sample.
In step S600, it is further determined whether the current iteration number reaches the iteration number threshold, and if the iteration number T < T, the search direction is updated according to the set step lengthWherein/>For updating the step length, T is the iteration number threshold, and the step S400 is returned; otherwise, calculate/>Output of best challenge sample/>。
The method specifically comprises the following steps of:
Step 1, generating a natural scene image discrimination model:
1a) Setting an image including an object to be detected such as an insulator in a natural scene as a positive sample, wherein the class of the image is 1;
1b) Taking the synthesized image as a negative sample, wherein the class of the synthesized image is marked as-1;
1c) Training an ImageNet as a natural scene insulator image classification network by taking positive and negative samples as learning samples to obtain a natural scene image discrimination model ;
Step 2, generating a countermeasure sample of the original image:
2a) Input: the original image is Natural scene image discrimination model/>The target model is/>Initial disturbance Angle/>The iteration period t=1, …, T, the sampling frequency Q, wherein T is the iteration frequency threshold;
2b) The initialization of t=1 is carried out, ;
2C) Randomly selecting anti-disturbance quantity obeying Gaussian/uniform distributionAn anti-disturbance quantity as a current anti-disturbance parameter;
2d) If t=1, input Calculation/>, using improved boundary shortest distance search method: If t >1, input/>、、/>、/>Calculation/>, using improved boundary shortest distance search method;
2E) Calculating directional derivativesEstimating the gradient direction of the decision boundary of the target model, wherein/>Is a very small smoothing parameter; /(I)
;
2F) If T < T, update directionWherein/>To update step length, step 2c is returned until the maximum iteration period T is reached, otherwise, input/>、/>、/>、/>Calculation/>, using improved boundary shortest distance search methodOutput of best challenge sample/>;
And 3, training a depth vision model in the intelligent power grid by using the original sample and the countermeasures thereof, and improving the defensive ability of the model against data interference.
For the original image x 0, randomly initializing a disturbance angleAnd determining a target model and an iteration period T. Second, random generation of anti-disturbance quantity/>, subject to Gaussian/uniform distributionThe directional derivative of the current search direction under the current disturbance parameter is estimated. Specifically, referring to the formula in step 2e, the direction derivative of the current search direction is estimated by calculating g (θ) under the current disturbance parameter and g (θ) of the original image to determine whether the current g (θ) is outside or inside the decision boundary of the target model. For example, for a new disturbance direction/>The point of the distance g (θ) from the original image x 0 in the current disturbance direction calculated by the above formula is located inside or outside the decision boundary of the target model, i.e. whether the counterdisturbance generated under the current disturbance parameters would result in a misprediction of the target model. If the counterdisturbance generated by the current disturbance parameters is outside the decision boundary of the target model, namely/>And the direction of the current disturbance angle is the decision boundary direction of the target model. In order to improve the estimation accuracy of the directional derivative of the current search direction, the query upper limit Q is set for the sign function, the value of the Q times of sign function is calculated through multiple queries, and the obtained value is averaged to obtain a more accurate direction. And repeating the process, obtaining a countermeasure sample image closer to the decision boundary of the target model in each iteration, and determining that the countermeasure sample image is the best countermeasure sample image when the distance between the obtained countermeasure sample image and the decision boundary of the target model is the minimum after the maximum iteration period T is reached.
According to the application, a boundary attack model based on natural image discrimination is constructed for deep learning model loopholes and power grid safety requirements, natural scene data is taken as a learning object, an optimal countermeasure sample conforming to a natural scene rule is generated, and the defending capability of the model against data interference is improved; the application also provides an improved zero-order optimization method and an improved boundary shortest distance searching method, which are combined with natural image discrimination conditions, and the initial boundary point and searching step length of searching are determined by utilizing a trigonometric function, so that the uncertainty of algorithm initialization is reduced, and the boundary shortest distance and the searching efficiency of an antagonistic sample are improved.
As shown in fig. 2, a second aspect of the present application provides a power distribution line target smart grid countermeasure image generating apparatus, to which the above power distribution line target smart grid countermeasure image generating method is applied, including:
The image acquisition module is configured to acquire an original image comprising a target to be detected of the smart grid, and the original image is taken as a current image;
The parameter setting module is configured to initialize the searching direction and the iteration times;
The disturbance adding module is configured to randomly select disturbance parameters;
The boundary distance calculation module is configured to calculate the current shortest distance between the current image and the decision boundary of the target model through the improved boundary shortest distance search method according to the current search direction and the current iteration times, construct countermeasure disturbance based on the current shortest distance, the current search direction and disturbance parameters, and add the countermeasure disturbance to the current image to obtain a current countermeasure sample image;
The direction derivative calculation module is configured to determine the direction derivative of the current search direction according to the recognition result of the pre-constructed natural image recognition model on the current countermeasure sample image and the recognition result of the pre-constructed target model on the current countermeasure sample image;
The optimal countermeasure sample image generation module is configured to judge whether the current iteration number reaches an iteration number threshold, if the current iteration number does not reach the iteration number threshold, update the current search direction according to the direction derivative of the current search direction, update the iteration number, and call the disturbance addition module; and if the current iteration number reaches the iteration number threshold, taking the current countersample image as the optimal countersample image.
Optionally, the disturbance parameters include:
Disturbance angle and anti-disturbance quantity;
the anti-disturbance quantity is a random variable obeying the target probability distribution, and the disturbance angle is used for representing the orientation of the anti-disturbance quantity;
The target probability distribution is a gaussian distribution or a uniform distribution.
Optionally, updating the current search direction according to the direction derivative of the current search direction includes:
The current search direction is updated with a set step based on the direction derivative of the current search direction.
Optionally, the method further comprises:
Taking the target images to be detected of the smart grid under different natural scenes as positive samples, taking the target images to be detected of the smart grid under different synthetic environments as negative samples, and training the deep learning neural network through the obtained positive samples and the negative samples to obtain a natural scene image discrimination model for identifying the input image as a natural scene image or a non-natural scene image;
The recognition result of the natural image recognition model on the current countermeasure sample image comprises the following steps:
the current challenge sample image is a natural scene image or a non-natural scene image.
Optionally, determining the directional derivative of the current search direction according to the recognition result of the pre-constructed natural image recognition model on the current challenge sample image and the recognition result of the pre-constructed target model on the current challenge sample image includes:
The directional derivative of the current search direction is determined by the following formula:
;/>
;
Wherein, Represents the directional derivative, t represents the number of iterations,/>For smoothing parameters,/>F represents a target model, G represents a natural scene image discrimination model, u represents a disturbance parameter, Q represents the number of queries, x 0 represents an original image, and θ represents a search direction.
Optionally, the improved boundary shortest distance searching method comprises:
If the current iteration number is 1, acquiring a recognition result of the current image of the target model in the initial search direction and a preset first estimated distance, and if the recognition result of the target model on the current image is in a decision boundary of the target model, determining the current first estimated distance as a first boundary distance;
And determining a second estimated distance based on the set step length and the first boundary distance, updating the current second estimated distance with the set step length until the recognition result of the current image is outside the decision boundary of the target model under the initial search direction and the current second estimated distance, and determining the current second estimated distance as the second boundary distance.
Optionally, the improved boundary shortest distance searching method further comprises:
if the current iteration number is greater than 1, determining a first estimated distance by the following steps:
。
optionally, after obtaining the recognition result of the current image by the target model in the initial search direction and the preset first estimated distance, the method further includes:
If the identification result of the target model on the current image is outside the decision boundary of the target model, determining that the current first estimated distance is the second boundary distance;
and determining a second estimated distance based on the set step length and the second boundary distance, updating the current second estimated distance along the initial search direction by the set step length until the recognition result of the current image is within the decision boundary of the target model under the initial search direction and the current second estimated distance, and determining the current second estimated distance as the first boundary distance.
Optionally, the improved boundary shortest distance searching method further comprises:
If the difference value between the second boundary distance and the first boundary distance is larger than a preset search error, calculating the average value of the first boundary distance and the second boundary distance to obtain a third boundary distance;
Acquiring the recognition result of the target model on the current image in the initial search direction and at a third boundary distance, and if the recognition result of the target model on the current image is in a decision boundary of the target model, updating the first boundary distance by the third boundary distance;
if the identification result of the target model on the current image is outside the decision boundary of the target model, determining a third boundary distance to update a second boundary distance until the difference value between the second boundary distance and the first boundary distance is not larger than a preset search error, and determining the initial shortest distance between the current image and the decision boundary of the target model based on the first boundary distance and the second boundary distance.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
A third aspect of the present application provides a machine-readable storage medium having stored thereon instructions that, when executed by a processor, cause the processor to be configured to perform the above-described distribution line to-be-detected target smart grid countermeasure image generation method.
Machine-readable storage media include both permanent and non-permanent, removable and non-removable media, and information storage may be implemented by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
A fourth aspect of the present application provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the above-mentioned method for generating a countermeasure image for a target smart grid to be detected by a distribution line when the processor executes the computer program.
Fig. 3 is a schematic diagram of a terminal device according to an embodiment of the present application. As shown in fig. 3, the terminal device 10 of this embodiment includes: a processor 100, a memory 101, and a computer program 102 stored in the memory 101 and executable on the processor 100. The steps of the method embodiments described above are implemented by the processor 100 when executing the computer program 102. Or the processor 100, when executing the computer program 102, performs the functions of the modules/units in the various device embodiments described above.
By way of example, computer program 102 may be partitioned into one or more modules/units that are stored in memory 101 and executed by processor 100 to accomplish the present application. One or more of the modules/units may be a series of computer program instruction segments capable of performing a specific function for describing the execution of the computer program 102 in the terminal device 10.
The terminal device 10 may be a computing device such as a desktop computer, a notebook computer, a palm computer, and a cloud server. Terminal device 10 may include, but is not limited to, a processor 100, a memory 101. It will be appreciated by those skilled in the art that fig. 3 is merely an example of the terminal device 10 and is not limiting of the terminal device 10, and may include more or fewer components than shown, or may combine certain components, or different components, e.g., the terminal device may also include input-output devices, network access devices, buses, etc.
The Processor 100 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 101 may be an internal storage unit of the terminal device 10, such as a hard disk or a memory of the terminal device 10. The memory 101 may also be an external storage device of the terminal device 10, such as a plug-in hard disk provided on the terminal device 10, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), or the like. Further, the memory 101 may also include both an internal storage unit and an external storage device of the terminal device 10. The memory 101 is used to store computer programs and other programs and data required by the terminal device 10. The memory 101 may also be used to temporarily store data that has been output or is to be output.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.
Claims (20)
1. A smart grid countermeasure image generation method, characterized by comprising:
S100, acquiring an original image comprising a target to be detected of a smart grid, and taking the original image as a current image;
S200, initializing a search direction and iteration times;
s300, randomly selecting disturbance parameters;
S400, calculating the current shortest distance between the current image and the decision boundary of the target model by an improved boundary shortest distance searching method according to the current searching direction and the current iteration times, constructing countermeasure disturbance based on the current shortest distance, the current searching direction and disturbance parameters, and adding the countermeasure disturbance to the current image to obtain a current countermeasure sample image;
S500, determining a direction derivative of a current search direction according to a recognition result of a pre-built natural image recognition model on a current countermeasure sample image and a recognition result of a pre-built target model on the current countermeasure sample image;
S600, judging whether the current iteration times reach an iteration times threshold, if the current iteration times do not reach the iteration times threshold, updating the current search direction according to the direction derivative of the current search direction, updating the iteration times, and executing the step S300; and if the current iteration number reaches the iteration number threshold, taking the current countercheck sample image as the optimal countercheck sample image.
2. The smart grid countermeasure image generation method of claim 1, wherein the disturbance parameters include:
Disturbance angle and anti-disturbance quantity;
The anti-disturbance quantity is a random variable obeying a target probability distribution, and the disturbance angle is used for representing the direction of the anti-disturbance quantity;
the target probability distribution is a gaussian distribution or a uniform distribution.
3. The smart grid countermeasure image generation method of claim 1, wherein updating the current search direction in accordance with the direction derivative of the current search direction includes:
The current search direction is updated with a set step based on the direction derivative of the current search direction.
4. The smart grid countermeasure image generation method of claim 1, further comprising:
Taking the target images to be detected of the smart grid under different natural scenes as positive samples, taking the target images to be detected of the smart grid under different synthetic environments as negative samples, and training the deep learning neural network through the obtained positive samples and the negative samples to obtain a natural scene image discrimination model for identifying the input image as a natural scene image or a non-natural scene image;
The recognition result of the natural image recognition model on the current countermeasure sample image comprises the following steps:
the current challenge sample image is a natural scene image or a non-natural scene image.
5. The smart grid countermeasure image generation method of claim 4, wherein determining the directional derivative of the current search direction based on the recognition result of the pre-constructed natural image recognition model on the current countermeasure sample image and the recognition result of the pre-constructed target model on the current countermeasure sample image includes:
The directional derivative of the current search direction is determined by the following formula:
;
;
Wherein, Represents the directional derivative, t represents the number of iterations,/>For smoothing parameters,/>F represents a target model, G represents a natural scene image discrimination model, u represents a disturbance parameter, Q represents the number of queries, x 0 represents an original image, and θ represents a search direction.
6. The smart grid countermeasure image generation method of claim 5, wherein the improved boundary shortest distance search method includes:
if the current iteration number is 1, acquiring a recognition result of the target model on the current image under the initial search direction and a preset first estimated distance, and if the recognition result of the target model on the current image is in a decision boundary of the target model, determining the current first estimated distance as a first boundary distance;
And determining a second estimated distance based on the set step length and the first boundary distance, updating the current second estimated distance with the set step length until the recognition result of the current image is outside the decision boundary of the target model under the initial search direction and the current second estimated distance, and determining the current second estimated distance as the second boundary distance.
7. The smart grid countermeasure image generation method of claim 6, wherein the improved boundary shortest distance search method further includes:
if the current iteration number is greater than 1, determining a first estimated distance by the following steps:
;
Wherein v is a first estimated distance, To update the step size.
8. The smart grid countermeasure image generation method according to claim 6, wherein after acquiring the recognition result of the current image by the target model in the initial search direction and the preset first estimated distance, the method further comprises:
if the identification result of the target model on the current image is outside the decision boundary of the target model, determining that the current first estimated distance is the second boundary distance;
And determining a second estimated distance based on the set step length and the second boundary distance, updating the current second estimated distance with the set step length until the identification result of the current image of the target model is within the decision boundary of the target model under the initial search direction and the current second estimated distance, and determining the current second estimated distance as the first boundary distance.
9. The smart grid countermeasure image generation method of claim 8, wherein the improved boundary shortest distance search method further includes:
If the difference value between the second boundary distance and the first boundary distance is larger than a preset search error, calculating the average value of the first boundary distance and the second boundary distance to obtain a third boundary distance;
Acquiring the recognition result of the target model on the current image in the initial search direction and at a third boundary distance, and if the recognition result of the target model on the current image is in a decision boundary of the target model, updating the first boundary distance by the third boundary distance;
And if the identification result of the target model on the current image is outside the decision boundary of the target model, determining a third boundary distance to update a second boundary distance until the difference value between the second boundary distance and the first boundary distance is not larger than a preset search error, and determining the initial shortest distance between the current image and the decision boundary of the target model based on the first boundary distance and the second boundary distance.
10. A smart grid countermeasure image generating apparatus, applying the smart grid countermeasure image generating method of any one of claims 1 to 9, comprising:
the image acquisition module is configured to acquire an original image including an object to be detected of the smart grid, and the original image is taken as a current image;
The parameter setting module is configured to initialize the searching direction and the iteration times;
The disturbance adding module is configured to randomly select disturbance parameters;
The boundary distance calculation module is configured to calculate the current shortest distance between the current image and the decision boundary of the target model through the improved boundary shortest distance search method according to the current search direction and the current iteration times, construct countermeasure disturbance based on the current shortest distance, the current search direction and disturbance parameters, and add the countermeasure disturbance to the current image to obtain a current countermeasure sample image;
The direction derivative calculation module is configured to determine the direction derivative of the current search direction according to the recognition result of the pre-constructed natural image recognition model on the current countermeasure sample image and the recognition result of the pre-constructed target model on the current countermeasure sample image;
The optimal countermeasure sample image generation module is configured to judge whether the current iteration number reaches an iteration number threshold, if the current iteration number does not reach the iteration number threshold, update the current search direction according to the direction derivative of the current search direction, update the iteration number, and call the disturbance addition module; and if the current iteration number reaches the iteration number threshold, taking the current countercheck sample image as the optimal countercheck sample image.
11. The smart grid countermeasure image generating apparatus of claim 10, wherein the disturbance parameters include:
Disturbance angle and anti-disturbance quantity;
The anti-disturbance quantity is a random variable obeying a target probability distribution, and the disturbance angle is used for representing the direction of the anti-disturbance quantity;
the target probability distribution is a gaussian distribution or a uniform distribution.
12. The smart grid countermeasure image generating apparatus of claim 10, wherein updating the current search direction in accordance with the direction derivative of the current search direction includes:
The current search direction is updated with a set step based on the direction derivative of the current search direction.
13. The smart grid countermeasure image generation apparatus of claim 10, wherein the method further comprises:
Taking the target images to be detected of the smart grid under different natural scenes as positive samples, taking the target images to be detected of the smart grid under different synthetic environments as negative samples, and training the deep learning neural network through the obtained positive samples and the negative samples to obtain a natural scene image discrimination model for identifying the input image as a natural scene image or a non-natural scene image;
The recognition result of the natural image recognition model on the current countermeasure sample image comprises the following steps:
the current challenge sample image is a natural scene image or a non-natural scene image.
14. The smart grid countermeasure image generating apparatus of claim 13, wherein determining the directional derivative of the current search direction from the recognition result of the current countermeasure sample image by the pre-constructed natural image recognition model and the recognition result of the current countermeasure sample image by the pre-constructed target model includes:
The directional derivative of the current search direction is determined by the following formula:
;
;
Wherein, Represents the directional derivative, t represents the number of iterations,/>For smoothing parameters,/>F represents a target model, G represents a natural scene image discrimination model, u represents a disturbance parameter, Q represents the number of queries, x 0 represents an original image, and θ represents a search direction.
15. The smart grid countermeasure image generation apparatus of claim 14, wherein the improved boundary shortest distance search method includes:
if the current iteration number is 1, acquiring a recognition result of the target model on the current image under the initial search direction and a preset first estimated distance, and if the recognition result of the target model on the current image is in a decision boundary of the target model, determining the current first estimated distance as a first boundary distance;
And determining a second estimated distance based on the set step length and the first boundary distance, updating the current second estimated distance with the set step length until the recognition result of the current image is outside the decision boundary of the target model under the initial search direction and the current second estimated distance, and determining the current second estimated distance as the second boundary distance.
16. The smart grid countermeasure image generation apparatus of claim 15, wherein the improved boundary shortest distance search method further includes:
if the current iteration number is greater than 1, determining a first estimated distance by the following steps:
;
Wherein v is a first estimated distance, To update the step size.
17. The smart grid countermeasure image generating apparatus of claim 15, wherein after acquiring the recognition result of the current image by the target model in the initial search direction and the preset first estimated distance, the method further includes:
if the identification result of the target model on the current image is outside the decision boundary of the target model, determining that the current first estimated distance is the second boundary distance;
And determining a second estimated distance based on the set step length and the second boundary distance, updating the current second estimated distance with the set step length until the identification result of the current image of the target model is within the decision boundary of the target model under the initial search direction and the current second estimated distance, and determining the current second estimated distance as the first boundary distance.
18. The smart grid countermeasure image generation apparatus of claim 17, wherein the improved boundary shortest distance search method further includes:
If the difference value between the second boundary distance and the first boundary distance is larger than a preset search error, calculating the average value of the first boundary distance and the second boundary distance to obtain a third boundary distance;
Acquiring the recognition result of the target model on the current image in the initial search direction and at a third boundary distance, and if the recognition result of the target model on the current image is in a decision boundary of the target model, updating the first boundary distance by the third boundary distance;
And if the identification result of the target model on the current image is outside the decision boundary of the target model, determining a third boundary distance to update a second boundary distance until the difference value between the second boundary distance and the first boundary distance is not larger than a preset search error, and determining the initial shortest distance between the current image and the decision boundary of the target model based on the first boundary distance and the second boundary distance.
19. A machine-readable storage medium having instructions stored thereon, which when executed by a processor, cause the processor to be configured to perform the smart grid countermeasure image generation method of any of claims 1 to 9.
20. Terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the smart grid countermeasure image generation method according to any of claims 1 to 9 when the computer program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410439278.2A CN118038343B (en) | 2024-04-12 | Smart grid countermeasure image generation method and device, storage medium and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410439278.2A CN118038343B (en) | 2024-04-12 | Smart grid countermeasure image generation method and device, storage medium and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118038343A true CN118038343A (en) | 2024-05-14 |
| CN118038343B CN118038343B (en) | 2024-06-11 |
Family
ID=
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109086884A (en) * | 2018-07-17 | 2018-12-25 | 上海交通大学 | The Neural Network Optimization training method that inversely resisting sample is restored based on gradient |
| CN111753881A (en) * | 2020-05-28 | 2020-10-09 | 浙江工业大学 | Defense method for quantitatively identifying anti-attack based on concept sensitivity |
| US20210012188A1 (en) * | 2019-07-09 | 2021-01-14 | Baidu Usa Llc | Systems and methods for defense against adversarial attacks using feature scattering-based adversarial training |
| CN115346072A (en) * | 2022-08-29 | 2022-11-15 | 北京百度网讯科技有限公司 | Training method and device of image classification model, electronic equipment and storage medium |
| WO2023142282A1 (en) * | 2022-01-27 | 2023-08-03 | 厦门大学 | Task amplification-based transfer attack method and apparatus |
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109086884A (en) * | 2018-07-17 | 2018-12-25 | 上海交通大学 | The Neural Network Optimization training method that inversely resisting sample is restored based on gradient |
| US20210012188A1 (en) * | 2019-07-09 | 2021-01-14 | Baidu Usa Llc | Systems and methods for defense against adversarial attacks using feature scattering-based adversarial training |
| CN111753881A (en) * | 2020-05-28 | 2020-10-09 | 浙江工业大学 | Defense method for quantitatively identifying anti-attack based on concept sensitivity |
| WO2023142282A1 (en) * | 2022-01-27 | 2023-08-03 | 厦门大学 | Task amplification-based transfer attack method and apparatus |
| CN115346072A (en) * | 2022-08-29 | 2022-11-15 | 北京百度网讯科技有限公司 | Training method and device of image classification model, electronic equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 张洁;张志昊;: "基于AE-WGAN的定向对抗样本生成及利用", 南京邮电大学学报(自然科学版), no. 01, 25 February 2020 (2020-02-25) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111582054B (en) | Point cloud data processing method and device and obstacle detection method and device | |
| CN104111960A (en) | Page matching method and device | |
| CN109614459B (en) | Map structuring winding detection method and equipment applied to two-dimensional laser | |
| CN111553946B (en) | Method and device for removing ground point cloud and method and device for detecting obstacle | |
| WO2009082719A1 (en) | Invariant visual scene and object recognition | |
| US9836666B2 (en) | High speed searching for large-scale image databases | |
| CN117495891B (en) | Point cloud edge detection method and device and electronic equipment | |
| CN111738319A (en) | Clustering result evaluation method and device based on large-scale samples | |
| CN115493612A (en) | Vehicle positioning method and device based on visual SLAM | |
| Alsanad et al. | Real-time fuel truck detection algorithm based on deep convolutional neural network | |
| CN118038343B (en) | Smart grid countermeasure image generation method and device, storage medium and terminal equipment | |
| CN112862730A (en) | Point cloud feature enhancement method and device, computer equipment and storage medium | |
| CN116958809A (en) | Remote sensing small sample target detection method for feature library migration | |
| CN118038343A (en) | Smart grid countermeasure image generation method and device, storage medium and terminal equipment | |
| CN116152884A (en) | Face image recognition method and device, processor and electronic equipment | |
| KR102473724B1 (en) | Image registration method and apparatus using siamese random forest | |
| Tan et al. | Divide to attend: A multiple receptive field attention module for object detection in remote sensing images | |
| CN114528453A (en) | Global repositioning method and device, electronic equipment and storage medium | |
| Zhou et al. | Target recognition and evaluation of typical transmission line equipment based on deep learning | |
| CN112884145A (en) | Training method of neural network for intelligent heat dissipation effect detection of data center | |
| CN111984812A (en) | Feature extraction model generation method, image retrieval method, device and equipment | |
| Wang et al. | Multi-DS strategy for source camera identification in few-shot sample data sets | |
| CN117496118B (en) | Method and system for analyzing steal vulnerability of target detection model | |
| CN115600160B (en) | Detection method for network model stealing behavior based on integral gradient interpretable algorithm | |
| KR102405168B1 (en) | Method and apparatus for generating of data set, computer-readable storage medium and computer program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |