WO2022062649A1 - Neural network robustness measurement method, and apparatus - Google Patents

Neural network robustness measurement method, and apparatus Download PDF

Info

Publication number
WO2022062649A1
WO2022062649A1 PCT/CN2021/109616 CN2021109616W WO2022062649A1 WO 2022062649 A1 WO2022062649 A1 WO 2022062649A1 CN 2021109616 W CN2021109616 W CN 2021109616W WO 2022062649 A1 WO2022062649 A1 WO 2022062649A1
Authority
WO
WIPO (PCT)
Prior art keywords
group
sample
detection
neural network
labeling
Prior art date
Application number
PCT/CN2021/109616
Other languages
French (fr)
Chinese (zh)
Inventor
赵仁明
Original Assignee
苏州浪潮智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 苏州浪潮智能科技有限公司 filed Critical 苏州浪潮智能科技有限公司
Publication of WO2022062649A1 publication Critical patent/WO2022062649A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks

Definitions

  • the present invention relates to the field of neural networks, and more particularly, to a method and device for detecting robustness of neural networks.
  • Deep learning has been widely used in the real world, such as driverless cars, receipt recognition, movie recommendation, etc. Deep learning requires a lot of data.
  • the number of training samples has a huge impact on the quality of AI (Artificial Intelligence) training.
  • AI Artificial Intelligence
  • a larger amount of data samples are usually used for training.
  • an AI developer in addition to paying attention to the performance of the trained neural network on the test set and validation set, we also need to pay attention to the robustness and generalization ability of the neural network.
  • Whether the patterns recognized by the convolutional layers are correct plays a crucial role in the neural network. There are some cases where the neural network has higher accuracy under the specified test set. But when new datasets were used, there was a significant drop in accuracy. A large part of the reason for this phenomenon is that during the training of the neural network, the features selected by the network cannot represent the samples well, and the robustness of the neural network cannot be evaluated.
  • the purpose of the embodiments of the present invention is to provide a method and apparatus for detecting the robustness of a neural network, which can correctly evaluate the robustness of the neural network.
  • a first aspect of the embodiments of the present invention provides a method for detecting robustness of a neural network, including performing the following steps:
  • the convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample;
  • the labeled samples are extracted from the sample data as the first detection group, the combination of the sample feature visualization image and the corresponding specific sample is used as the second detection group, and the first detection group and the second detection group are in one-to-one correspondence.
  • a group labeling result for the group labeling request is received, and the robustness of the neural network is determined based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result.
  • the sample data includes a training set, a test set, and a detection set; the specific sample is a sample of the detection set; using the neural network trained and tested on the sample data to perform a forward operation on the specific sample in the sample data includes: A neural network trained on samples from the training set and tested on samples from the test set performs forward operations on samples from the test set.
  • generating a convolution kernel feature map at each convolutional layer in the neural network includes: in each convolutional layer in the neural network, comparing samples of the detection set with the convolutional layer on each channel The multiple convolution kernels in each convolution kernel are convolved to obtain the multiple convolution kernel feature maps of the samples of the detection set on each convolution layer.
  • sampling and clustering the convolution kernel feature maps on each channel to form a convolution layer feature map includes: in each convolution layer in the neural network, randomly extracting the first convolution kernel feature map from a plurality of convolution kernel feature maps A number of convolution kernel feature maps are superimposed on each channel to obtain multiple convolution layer feature maps of samples of the detection set.
  • further sampling and aggregating to form a sample convolutional map of a specific sample comprises: specifying every second number of convolutional layers in the neural network, and obtaining the convolutional layer feature maps of all the specified convolutional layers Averaged to obtain a sample convolution map of the samples in the detection set.
  • sending the group labeling request in a one-to-one correspondence between the first detection group and the second detection group includes:
  • a combination of a sample feature visualization image and a sample of the corresponding detection set is selected from the second detection set, and a second group annotation of annotation information on whether the sample feature visualization image includes its feature information is requested to be generated for the samples of the detection set ;
  • the first group annotation and the second group annotation are combined to generate and send a group annotation request.
  • determining the robustness of the neural network based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the population labeling result includes:
  • the labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is that all the group labeling results including its characteristic information are marked as successful feedback;
  • the labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is all group labeling results that do not include its characteristic information, and record as failure feedback;
  • the robustness of the neural network is determined based on the number of successful and failed feedbacks, wherein the robustness of the neural network is positively correlated with the number of successful feedbacks and negatively correlated with the number of failed feedbacks.
  • a second aspect of the embodiments of the present invention provides a neural network robustness detection apparatus, including:
  • a memory that stores program code executable by the processor, the program code performing the following steps when executed:
  • the convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample;
  • the labeled samples are extracted from the sample data as the first detection group, the combination of the sample feature visualization image and the corresponding specific sample is used as the second detection group, and the first detection group and the second detection group are in one-to-one correspondence.
  • a group labeling result for the group labeling request is received, and the robustness of the neural network is determined based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result.
  • generating a convolution kernel feature map at each convolutional layer in the neural network includes: in each convolutional layer in the neural network, comparing samples of the detection set with the convolutional layer on each channel The multiple convolution kernels in each convolution kernel are convolved to obtain the multiple convolution kernel feature maps of the samples of the detection set on each convolution layer;
  • Sampling and gathering the convolution kernel feature maps on each channel to form a convolution layer feature map includes: in each convolution layer in the neural network, randomly extracting a first number of convolution kernels from a plurality of convolution kernel feature maps The feature map is superimposed on each channel to obtain multiple convolution layer feature maps of the samples of the detection set;
  • Further sampling and aggregating to form a sample convolutional map of a specific sample includes: specifying a convolutional layer every second number in the neural network, and averaging the convolutional layer feature maps of all the specified convolutional layers to obtain the detection set.
  • the sample convolution graph for the sample includes: specifying a convolutional layer every second number in the neural network, and averaging the convolutional layer feature maps of all the specified convolutional layers to obtain the detection set.
  • sending the group labeling request in a one-to-one correspondence between the first detection group and the second detection group includes: selecting a sample from the first detection group, and requesting to generate labeling information related to the label for the sample.
  • the first group labeling selecting a combination of the sample feature visualization image and the sample of the corresponding detection set from the second detection group, and requesting to generate annotation information about whether the sample feature visualization image includes its feature information for the samples of the detection set the second group annotation; combine the first group annotation and the second group annotation to generate a group annotation request and send it;
  • Determining the robustness of the neural network based on the label information of the second detection group corresponding to the correctly labeled first detection group in the group labeling result includes: comparing the label information of the first detection group to all groups with different labels in the sample data The labeling result is discarded; the labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is all group labeling results including its characteristic information, and it is marked as successful feedback; the labeling of the first detection group is marked as successful feedback; The information is the same as the label in the sample data, and the label information of the second detection group is all group labeling results that do not include its characteristic information, which is recorded as failure feedback; the robustness of the neural network is determined based on the number of successful feedback and failure feedback, where The robustness of the neural network is positively correlated with the number of successful feedbacks and negatively correlated with the number of failed feedbacks.
  • the neural network robustness detection method and device perform forward operations on specific samples in the sample data by using the neural network trained and tested on the sample data, and in the neural network
  • Each convolution layer in the network generates a convolution kernel feature map
  • the convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample
  • the weight difference in the convolution graph is converted into color difference to visualize the sample convolution graph, and the sample feature visualization image of a specific sample is generated
  • the labeled samples are extracted from the sample data as the first detection group, and the sample feature visualization image and corresponding
  • the combination of specific samples is used as the second detection group, and the group annotation request is sent in a one-to-one correspondence between the first detection group and the second detection group; the group annotation result for the group annotation request is received, and based on the group annotation result and the annotation
  • FIG. 1 is a schematic flowchart of a neural network robustness detection method provided by the present invention
  • Fig. 2 is the overall flow chart of the neural network robustness detection method provided by the present invention.
  • FIG. 3 is a schematic diagram of a group labeling request of the neural network robustness detection method provided by the present invention.
  • FIG. 4 is a schematic structural diagram of a neural network robustness detection apparatus provided by the present invention.
  • FIG. 1 shows a schematic flowchart of a method for detecting robustness of a neural network provided by the present invention.
  • the neural network robustness detection method includes the following steps:
  • Step S101 use the neural network trained and tested on the sample data to perform forward operations on specific samples in the sample data, and generate a convolution kernel feature map at each convolutional layer in the neural network;
  • Step S103 sampling and gathering the convolution kernel feature map on each channel to form a convolution layer feature map, and further sampling and gathering to form a sample convolution map of a specific sample;
  • Step S105 Convert the weight difference in the sample convolution graph into a color difference to visualize the sample convolution graph, and generate a sample feature visualization image of a specific sample;
  • Step S107 Extract the marked samples from the sample data as the first detection group, use the combination of the sample feature visualization image and the corresponding specific sample as the second detection group, and use the first detection group and the second detection group one by one. Send the group annotation request in the corresponding way;
  • Step S109 Receive the group labeling result for the group labeling request, and determine the robustness of the neural network based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result.
  • a typical CNN Convolutional Neural Networks, convolutional neural network mainly includes convolutional layers, pooling layers, full-link layers, softmax (logistic regression function) layers, etc.
  • the operations performed by the convolutional layer are relatively important. operation. It uses different convolution kernels to perform sliding calculations on each channel of the image to obtain a set of feature maps (feature maps) on an image. Images are able to detect the same pattern in multiple locations (pan and zoom invariance), so by doing this, weights for multiple targets can be selectively reused. This reduces the ratio of the number of weights to the amount of data, thereby effectively reducing overfitting, making the model more accurate, and improving the generalization ability of the network.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like.
  • the computer program embodiments can achieve the same or similar effects as any of the foregoing method embodiments.
  • the sample data includes a training set, a test set, and a detection set; the specific sample is a sample of the detection set; using the neural network trained and tested on the sample data to perform a forward operation on the specific sample in the sample data includes: A neural network trained on samples from the training set and tested on samples from the test set performs forward operations on samples from the test set.
  • generating a convolution kernel feature map at each convolutional layer in the neural network includes: in each convolutional layer in the neural network, comparing samples of the detection set with the convolutional layer on each channel The multiple convolution kernels in each convolution kernel are convolved to obtain the multiple convolution kernel feature maps of the samples of the detection set on each convolution layer.
  • sampling and clustering the convolution kernel feature maps on each channel to form a convolution layer feature map includes: in each convolution layer in the neural network, randomly extracting the first convolution kernel feature map from a plurality of convolution kernel feature maps A number of convolution kernel feature maps are superimposed on each channel to obtain multiple convolution layer feature maps of samples of the detection set.
  • further sampling and aggregating to form a sample convolutional map of a specific sample comprises: specifying every second number of convolutional layers in the neural network, and obtaining the convolutional layer feature maps of all the specified convolutional layers Averaged to obtain a sample convolution map of the samples in the detection set.
  • sending the group labeling request in a one-to-one correspondence between the first detection group and the second detection group includes:
  • a combination of a sample feature visualization image and a sample of the corresponding detection set is selected from the second detection set, and a second group annotation of annotation information on whether the sample feature visualization image includes its feature information is requested to be generated for the samples of the detection set ;
  • the first group annotation and the second group annotation are combined to generate and send a group annotation request.
  • determining the robustness of the neural network based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the population labeling result includes:
  • the labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is all the group labeling results including its characteristic information, which is marked as successful feedback;
  • the labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is all group labeling results that do not include its characteristic information, and record as failure feedback;
  • the robustness of the neural network is determined based on the number of successful and failed feedbacks, wherein the robustness of the neural network is positively correlated with the number of successful feedbacks and negatively correlated with the number of failed feedbacks.
  • the existing sample data is randomly divided into three parts, namely training set, test set and detection set.
  • the samples of the training set are used to train the neural network, and the samples of the test set are used to verify the network model.
  • a visual image of the feature map will be generated using the samples of the detection set for the network that has been trained.
  • each sample in the detection set is input into the trained neural network for forward operation.
  • the convolution operation is performed using each channel of the convolution kernel and the corresponding channel of the input sample, and then added position by position to obtain a feature map.
  • a feature map can be obtained for each convolution kernel of this layer. For each layer, three feature maps are randomly selected, and the three feature maps are summed on the corresponding channels, and the final result is used as the feature map of the layer.
  • the high-weight value in the feature map is depicted as white (ie, high RGB (Red Green Blue, triad) value), and the low-weight value is black (ie, low RGB value).
  • the neural network robustness detection method performs forward operations on specific samples in the sample data by using a neural network trained and tested on sample data, and performs forward operations on specific samples in the neural network.
  • Each convolution layer generates a convolution kernel feature map; the convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample; the sample convolution map The difference of weights in the image is converted into color difference to visualize the sample convolution map, and the sample feature visualization image of the specific sample is generated; the labeled samples are extracted from the sample data as the first detection group, and the sample feature visualization image and the corresponding specific sample The combination is used as the second detection group, and the group labeling request is sent in a one-to-one correspondence between the first detection group and the second detection group; the group labeling result for the group labeling request is received, and based on the group labeling result and the correct
  • each step in each embodiment of the above-mentioned neural network robustness detection method can be intersected, replaced, added, and deleted.
  • the method should also belong to the protection scope of the present invention, and the protection scope of the present invention should not be limited to the described embodiments.
  • a second aspect of the embodiments of the present invention provides an embodiment of a detection apparatus for correctly evaluating the robustness of a neural network.
  • the neural network robustness detection device includes:
  • the memory 302 stores program code executable by the processor, and the program code performs the following steps when executed:
  • the convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample;
  • the labeled samples are extracted from the sample data as the first detection group, the combination of the sample feature visualization image and the corresponding specific sample is used as the second detection group, and the first detection group and the second detection group are in one-to-one correspondence.
  • a group labeling result for the group labeling request is received, and the robustness of the neural network is determined based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result.
  • generating a convolution kernel feature map at each convolutional layer in the neural network includes: in each convolutional layer in the neural network, comparing samples of the detection set with the convolutional layer on each channel The multiple convolution kernels in each convolution kernel are convolved to obtain the multiple convolution kernel feature maps of the samples of the detection set on each convolution layer;
  • Sampling and gathering the convolution kernel feature maps on each channel to form a convolution layer feature map includes: in each convolution layer in the neural network, randomly extracting a first number of convolution kernels from a plurality of convolution kernel feature maps The feature map is superimposed on each channel to obtain multiple convolution layer feature maps of the samples of the detection set;
  • Further sampling and aggregating to form a sample convolutional map of a specific sample includes: specifying a convolutional layer every second number in the neural network, and averaging the convolutional layer feature maps of all the specified convolutional layers to obtain the detection set.
  • the sample convolution graph for the sample includes: specifying a convolutional layer every second number in the neural network, and averaging the convolutional layer feature maps of all the specified convolutional layers to obtain the detection set.
  • sending the group labeling request in a one-to-one correspondence between the first detection group and the second detection group includes: selecting a sample from the first detection group, and requesting to generate labeling information related to the label for the sample.
  • the first group labeling selecting a combination of the sample feature visualization image and the sample of the corresponding detection set from the second detection group, and requesting to generate annotation information about whether the sample feature visualization image includes its feature information for the samples of the detection set the second group annotation; combine the first group annotation and the second group annotation to generate a group annotation request and send it;
  • Determining the robustness of the neural network based on the label information of the second detection group corresponding to the correctly labeled first detection group in the group labeling result includes: comparing the label information of the first detection group to all groups with different labels in the sample data The labeling result is discarded; the labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is all group labeling results including its characteristic information, and it is marked as successful feedback; the labeling of the first detection group is marked as successful feedback; The information is the same as the label in the sample data, and the label information of the second detection group is all group labeling results that do not include its characteristic information, which is recorded as failure feedback; the robustness of the neural network is determined based on the number of successful feedback and failure feedback, where The robustness of the neural network is positively correlated with the number of successful feedbacks and negatively correlated with the number of failed feedbacks.
  • the neural network robustness detection apparatus performs forward operations on specific samples in the sample data by using the neural network trained and tested on the sample data, and performs a forward operation in the neural network.
  • Each convolutional layer of the convolutional layer generates a convolution kernel feature map; the convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample; the sample convolution The weight difference in the graph is converted into color difference to visualize the sample convolution graph, and the sample feature visualization image of a specific sample is generated; the labeled samples are extracted from the sample data as the first detection group, and the sample feature visualization image and the corresponding specific sample are extracted.
  • the combination of samples is used as the second detection group, and the group labeling request is sent in a one-to-one correspondence between the first detection group and the second detection group;
  • the technical solution for determining the robustness of the neural network by the label information of the second detection group corresponding to the first detection group can correctly evaluate the robustness of the neural network.
  • the embodiments of the above-mentioned neural network robustness detection apparatus use the embodiments of the neural network robustness detection method to specifically describe the working process of each module.
  • the These modules apply to other embodiments of the neural network robustness detection method.
  • each step in the embodiment of the neural network robustness detection method can be intersected, replaced, added, and deleted, these reasonable permutation and combination transformations are also useful to the neural network robustness detection device. It should belong to the protection scope of the present invention, and should not limit the protection scope of the present invention to the above-described embodiments.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computational Linguistics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Evolutionary Biology (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Image Analysis (AREA)

Abstract

Disclosed are a neural network robustness measurement method and an apparatus. The method comprises: using a neural network and executing a forward operation on a specified sample, and generating a convolution kernel feature map at every convolutional layer; on each channel, performing sampling and aggregation to form convolutional layer feature maps, and further performing sampling and aggregation to form a sample convolutional map for the specified sample; converting a weight difference in the sample convolutional map into a color difference, so as to visualize the sample convolutional map; extracting a sample having labeling from sample data to serve as a first measurement group, taking a group of a sample feature visualization image and the corresponding specified sample to serve as a second measurement group, and sending a crowd labeling request; and determining the robustness of the neural network on the basis of labeling information of the correctly labeled second measurement group corresponding to the first measurement group in a crowd labeling result. The present invention can correctly assess the robustness of a neural network.

Description

一种神经网络鲁棒性检测方法和装置A kind of neural network robustness detection method and device
本申请要求于2020年09月25日提交中国国家知识产权局,申请号为202011026951.8,发明名称为“一种神经网络鲁棒性检测方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on September 25, 2020 with the State Intellectual Property Office of China, the application number is 202011026951.8, and the invention title is "A Neural Network Robustness Detection Method and Device", the entire content of which is approved by Reference is incorporated in this application.
技术领域technical field
本发明涉及神经网络领域,更具体地,特别是指一种神经网络鲁棒性检测方法和装置。The present invention relates to the field of neural networks, and more particularly, to a method and device for detecting robustness of neural networks.
背景技术Background technique
深度学习已经在现实世界中得到了广泛的运用,例如无人驾驶汽车,收据识别,电影推荐等。深度学习需要大量的数据。对于神经网络,训练样本的多少,对于AI(Artificial Intelligence,人工智能)训练的质量影响巨大。为了提升模型的准确度,通常会使用较大量的数据样本进行训练。作为AI的开发人员,除了要关注训练好的神经网络在测试集和验证集上的表现,还需要关注于神经网络的鲁棒性以及泛化能力,但现有技术目前难以评价神经网络的鲁棒性。Deep learning has been widely used in the real world, such as driverless cars, receipt recognition, movie recommendation, etc. Deep learning requires a lot of data. For neural networks, the number of training samples has a huge impact on the quality of AI (Artificial Intelligence) training. In order to improve the accuracy of the model, a larger amount of data samples are usually used for training. As an AI developer, in addition to paying attention to the performance of the trained neural network on the test set and validation set, we also need to pay attention to the robustness and generalization ability of the neural network. However, it is currently difficult to evaluate the robustness of the neural network with the existing technology. Awesome.
对于卷积层所识别的模式是否正确,对于神经网络就起着至关重要的作用。存在有些情况下,神经网络在指定的测试集下,有较高的精度。但当使用新的数据集时,出现了精度大幅下降的情况。出现这样的现象的很大一部分原因在于在进行神经网络训练时,网络所选择的特征不能够很好的代表样本,也就无法评价神经网络的鲁棒性。Whether the patterns recognized by the convolutional layers are correct plays a crucial role in the neural network. There are some cases where the neural network has higher accuracy under the specified test set. But when new datasets were used, there was a significant drop in accuracy. A large part of the reason for this phenomenon is that during the training of the neural network, the features selected by the network cannot represent the samples well, and the robustness of the neural network cannot be evaluated.
针对现有技术中神经网络的鲁棒性难以评价的问题,目前尚无有效的解决方案。Aiming at the problem that the robustness of the neural network is difficult to evaluate in the prior art, there is currently no effective solution.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本发明实施例的目的在于提出一种神经网络鲁棒性检测方法和装置,能够正确评估神经网络的鲁棒性。In view of this, the purpose of the embodiments of the present invention is to provide a method and apparatus for detecting the robustness of a neural network, which can correctly evaluate the robustness of the neural network.
基于上述目的,本发明实施例的第一方面提供了一种神经网络鲁棒性检测方法,包括执行以下步骤:Based on the above purpose, a first aspect of the embodiments of the present invention provides a method for detecting robustness of a neural network, including performing the following steps:
使用经过样本数据训练并测试的神经网络对样本数据中的特定样本执行前向运算,并在神经网络中的每个卷积层均生成卷积核特征图;Use the neural network trained and tested on the sample data to perform forward operations on specific samples in the sample data, and generate a convolution kernel feature map at each convolutional layer in the neural network;
将卷积核特征图在各通道上抽样聚集形成卷积层特征图,并进一步抽样聚集形成特定样本的样本卷积图;The convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample;
将样本卷积图中的权重差异转化为颜色差异以可视化样本卷积图,生成特定样本的样本特征可视化图像;Convert the weight difference in the sample convolution graph into color difference to visualize the sample convolution graph, and generate a sample feature visualization image for a specific sample;
从样本数据中提取具有标记的样本作为第一检测组、将样本特征可视化图像和相对应的特定样本的组合作为第二检测组,并以第一检测组和第二检测组一一对应的方式发送群体标注请求;The labeled samples are extracted from the sample data as the first detection group, the combination of the sample feature visualization image and the corresponding specific sample is used as the second detection group, and the first detection group and the second detection group are in one-to-one correspondence. Send group tagging requests;
接收针对群体标注请求的群体标注结果,并基于群体标注结果中与标注正确的第一检测组相对应的第二检测组的标注信息确定神经网络的鲁棒性。A group labeling result for the group labeling request is received, and the robustness of the neural network is determined based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result.
在一些实施方式中,样本数据包括训练集、测试集、和检测集;特定样本为检测集的样本;使用经过样本数据训练并测试的神经网络对样本数据中的特定样本执行前向运算包括:使用经过训练集的样本训练、和经过测试集的样本测试的神经网络对检测集的样本执行前向运算。In some embodiments, the sample data includes a training set, a test set, and a detection set; the specific sample is a sample of the detection set; using the neural network trained and tested on the sample data to perform a forward operation on the specific sample in the sample data includes: A neural network trained on samples from the training set and tested on samples from the test set performs forward operations on samples from the test set.
在一些实施方式中,在神经网络中的每个卷积层均生成卷积核特征图包括:在神经网络中的每个卷积层中,在各通道上将检测集的样本与卷积层中的多个卷积核分别卷积获得检测集的样本在每个卷积层上的多个卷积核特征图。In some embodiments, generating a convolution kernel feature map at each convolutional layer in the neural network includes: in each convolutional layer in the neural network, comparing samples of the detection set with the convolutional layer on each channel The multiple convolution kernels in each convolution kernel are convolved to obtain the multiple convolution kernel feature maps of the samples of the detection set on each convolution layer.
在一些实施方式中,将卷积核特征图在各通道上抽样聚集形成卷积层特征图包括:在神经网络中的每个卷积层中,从多个卷积核特征图中随机抽取第一数量的卷积核特征图在各通道上叠加获得检测集的样本的多个卷积层特征图。In some embodiments, sampling and clustering the convolution kernel feature maps on each channel to form a convolution layer feature map includes: in each convolution layer in the neural network, randomly extracting the first convolution kernel feature map from a plurality of convolution kernel feature maps A number of convolution kernel feature maps are superimposed on each channel to obtain multiple convolution layer feature maps of samples of the detection set.
在一些实施方式中,进一步抽样聚集形成特定样本的样本卷积图包括:在神经网络中每隔第二数量指定一个卷积层,并对所有被指定的卷积层的卷积层特征图求平均以获得检测集的样本的样本卷积图。In some embodiments, further sampling and aggregating to form a sample convolutional map of a specific sample comprises: specifying every second number of convolutional layers in the neural network, and obtaining the convolutional layer feature maps of all the specified convolutional layers Averaged to obtain a sample convolution map of the samples in the detection set.
在一些实施方式中,以第一检测组和第二检测组一一对应的方式发送群体标注请求包括:In some embodiments, sending the group labeling request in a one-to-one correspondence between the first detection group and the second detection group includes:
从第一检测组选定一个样本,并请求针对该样本生成与标记相关的标注信息的第一群体标注;Selecting a sample from the first detection group and requesting a first group label for generating label-related label information for the sample;
从第二检测组选定样本特征可视化图像和相对应的检测集的样本的一个组合,并请求针对该检测集的样本生成关于样本特征可视化图像是否包括其特征信息的标注信息的第二群体标注;A combination of a sample feature visualization image and a sample of the corresponding detection set is selected from the second detection set, and a second group annotation of annotation information on whether the sample feature visualization image includes its feature information is requested to be generated for the samples of the detection set ;
将第一群体标注和第二群体标注组合生成群体标注请求并发送。The first group annotation and the second group annotation are combined to generate and send a group annotation request.
在一些实施方式中,基于群体标注结果中与标注正确的第一检测组相对应的第二检测组的标注信息确定神经网络的鲁棒性包括:In some embodiments, determining the robustness of the neural network based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the population labeling result includes:
将第一检测组的标注信息与样本数据中的标记不同的所有群体标注结果抛弃;Discard all the group labeling results whose labeling information of the first detection group is different from the labeling in the sample data;
将第一检测组的标注信息与样本数据中的标记相同、并且第二检测组 的标注信息为包括其特征信息的所有群体标注结果记为成功反馈;The labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is that all the group labeling results including its characteristic information are marked as successful feedback;
将第一检测组的标注信息与样本数据中的标记相同、并且第二检测组的标注信息为不包括其特征信息的所有群体标注结果记为失败反馈;The labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is all group labeling results that do not include its characteristic information, and record as failure feedback;
基于成功反馈和失败反馈的数量确定神经网络的鲁棒性,其中神经网络的鲁棒性与成功反馈的数量呈正相关性、并且与失败反馈的数量呈负相关性。The robustness of the neural network is determined based on the number of successful and failed feedbacks, wherein the robustness of the neural network is positively correlated with the number of successful feedbacks and negatively correlated with the number of failed feedbacks.
本发明实施例的第二方面提供了一种神经网络鲁棒性检测装置,包括:A second aspect of the embodiments of the present invention provides a neural network robustness detection apparatus, including:
处理器;和processor; and
存储器,存储有处理器可运行的程序代码,程序代码在被运行时执行以下步骤:A memory that stores program code executable by the processor, the program code performing the following steps when executed:
使用经过样本数据训练并测试的神经网络对样本数据中的特定样本执行前向运算,并在神经网络中的每个卷积层均生成卷积核特征图;Use the neural network trained and tested on the sample data to perform forward operations on specific samples in the sample data, and generate a convolution kernel feature map at each convolutional layer in the neural network;
将卷积核特征图在各通道上抽样聚集形成卷积层特征图,并进一步抽样聚集形成特定样本的样本卷积图;The convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample;
将样本卷积图中的权重差异转化为颜色差异以可视化样本卷积图,生成特定样本的样本特征可视化图像;Convert the weight difference in the sample convolution graph into color difference to visualize the sample convolution graph, and generate a sample feature visualization image for a specific sample;
从样本数据中提取具有标记的样本作为第一检测组、将样本特征可视化图像和相对应的特定样本的组合作为第二检测组,并以第一检测组和第二检测组一一对应的方式发送群体标注请求;The labeled samples are extracted from the sample data as the first detection group, the combination of the sample feature visualization image and the corresponding specific sample is used as the second detection group, and the first detection group and the second detection group are in one-to-one correspondence. Send group tagging requests;
接收针对群体标注请求的群体标注结果,并基于群体标注结果中与标注正确的第一检测组相对应的第二检测组的标注信息确定神经网络的鲁棒性。A group labeling result for the group labeling request is received, and the robustness of the neural network is determined based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result.
在一些实施方式中,在神经网络中的每个卷积层均生成卷积核特征图包括:在神经网络中的每个卷积层中,在各通道上将检测集的样本与卷积 层中的多个卷积核分别卷积获得检测集的样本在每个卷积层上的多个卷积核特征图;In some embodiments, generating a convolution kernel feature map at each convolutional layer in the neural network includes: in each convolutional layer in the neural network, comparing samples of the detection set with the convolutional layer on each channel The multiple convolution kernels in each convolution kernel are convolved to obtain the multiple convolution kernel feature maps of the samples of the detection set on each convolution layer;
将卷积核特征图在各通道上抽样聚集形成卷积层特征图包括:在神经网络中的每个卷积层中,从多个卷积核特征图中随机抽取第一数量的卷积核特征图在各通道上叠加获得检测集的样本的多个卷积层特征图;Sampling and gathering the convolution kernel feature maps on each channel to form a convolution layer feature map includes: in each convolution layer in the neural network, randomly extracting a first number of convolution kernels from a plurality of convolution kernel feature maps The feature map is superimposed on each channel to obtain multiple convolution layer feature maps of the samples of the detection set;
进一步抽样聚集形成特定样本的样本卷积图包括:在神经网络中每隔第二数量指定一个卷积层,并对所有被指定的卷积层的卷积层特征图求平均以获得检测集的样本的样本卷积图。Further sampling and aggregating to form a sample convolutional map of a specific sample includes: specifying a convolutional layer every second number in the neural network, and averaging the convolutional layer feature maps of all the specified convolutional layers to obtain the detection set. The sample convolution graph for the sample.
在一些实施方式中,以第一检测组和第二检测组一一对应的方式发送群体标注请求包括:从第一检测组选定一个样本,并请求针对该样本生成与标记相关的标注信息的第一群体标注;从第二检测组选定样本特征可视化图像和相对应的检测集的样本的一个组合,并请求针对该检测集的样本生成关于样本特征可视化图像是否包括其特征信息的标注信息的第二群体标注;将第一群体标注和第二群体标注组合生成群体标注请求并发送;In some embodiments, sending the group labeling request in a one-to-one correspondence between the first detection group and the second detection group includes: selecting a sample from the first detection group, and requesting to generate labeling information related to the label for the sample. The first group labeling; selecting a combination of the sample feature visualization image and the sample of the corresponding detection set from the second detection group, and requesting to generate annotation information about whether the sample feature visualization image includes its feature information for the samples of the detection set the second group annotation; combine the first group annotation and the second group annotation to generate a group annotation request and send it;
基于群体标注结果中与标注正确的第一检测组相对应的第二检测组的标注信息确定神经网络的鲁棒性包括:将第一检测组的标注信息与样本数据中的标记不同的所有群体标注结果抛弃;将第一检测组的标注信息与样本数据中的标记相同、并且第二检测组的标注信息为包括其特征信息的所有群体标注结果记为成功反馈;将第一检测组的标注信息与样本数据中的标记相同、并且第二检测组的标注信息为不包括其特征信息的所有群体标注结果记为失败反馈;基于成功反馈和失败反馈的数量确定神经网络的鲁棒性,其中神经网络的鲁棒性与成功反馈的数量呈正相关性、并且与所述失败反馈的数量呈负相关性。Determining the robustness of the neural network based on the label information of the second detection group corresponding to the correctly labeled first detection group in the group labeling result includes: comparing the label information of the first detection group to all groups with different labels in the sample data The labeling result is discarded; the labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is all group labeling results including its characteristic information, and it is marked as successful feedback; the labeling of the first detection group is marked as successful feedback; The information is the same as the label in the sample data, and the label information of the second detection group is all group labeling results that do not include its characteristic information, which is recorded as failure feedback; the robustness of the neural network is determined based on the number of successful feedback and failure feedback, where The robustness of the neural network is positively correlated with the number of successful feedbacks and negatively correlated with the number of failed feedbacks.
本发明具有以下有益技术效果:本发明实施例提供的神经网络鲁棒性检测方法和装置,通过使用经过样本数据训练并测试的神经网络对样本数 据中的特定样本执行前向运算,并在神经网络中的每个卷积层均生成卷积核特征图;将卷积核特征图在各通道上抽样聚集形成卷积层特征图,并进一步抽样聚集形成特定样本的样本卷积图;将样本卷积图中的权重差异转化为颜色差异以可视化样本卷积图,生成特定样本的样本特征可视化图像;从样本数据中提取具有标记的样本作为第一检测组、将样本特征可视化图像和相对应的特定样本的组合作为第二检测组,并以第一检测组和第二检测组一一对应的方式发送群体标注请求;接收针对群体标注请求的群体标注结果,并基于群体标注结果中与标注正确的第一检测组相对应的第二检测组的标注信息确定神经网络的鲁棒性的技术方案,能够正确评估神经网络的鲁棒性。The present invention has the following beneficial technical effects: the neural network robustness detection method and device provided by the embodiments of the present invention perform forward operations on specific samples in the sample data by using the neural network trained and tested on the sample data, and in the neural network Each convolution layer in the network generates a convolution kernel feature map; the convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample; The weight difference in the convolution graph is converted into color difference to visualize the sample convolution graph, and the sample feature visualization image of a specific sample is generated; the labeled samples are extracted from the sample data as the first detection group, and the sample feature visualization image and corresponding The combination of specific samples is used as the second detection group, and the group annotation request is sent in a one-to-one correspondence between the first detection group and the second detection group; the group annotation result for the group annotation request is received, and based on the group annotation result and the annotation The technical scheme of determining the robustness of the neural network by the label information of the correct second detection group corresponding to the first detection group can correctly evaluate the robustness of the neural network.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.
图1为本发明提供的神经网络鲁棒性检测方法的流程示意图;1 is a schematic flowchart of a neural network robustness detection method provided by the present invention;
图2为本发明提供的神经网络鲁棒性检测方法的整体流程图;Fig. 2 is the overall flow chart of the neural network robustness detection method provided by the present invention;
图3为本发明提供的神经网络鲁棒性检测方法的群体标注请求示意图;3 is a schematic diagram of a group labeling request of the neural network robustness detection method provided by the present invention;
图4为本发明提供的神经网络鲁棒性检测装置结构示意图。FIG. 4 is a schematic structural diagram of a neural network robustness detection apparatus provided by the present invention.
具体实施方式detailed description
为使本发明的目的、技术方案和优点更加清楚明白,以下结合具体实施例,并参照附图,对本发明实施例进一步详细说明。In order to make the objectives, technical solutions and advantages of the present invention more clearly understood, the embodiments of the present invention will be further described in detail below with reference to the specific embodiments and the accompanying drawings.
需要说明的是,本发明实施例中所有使用“第一”和“第二”的表述均是为了区分两个相同名称非相同的实体或者非相同的参量,可见“第一”“第二”仅为了表述的方便,不应理解为对本发明实施例的限定,后续实施例对此不再一一说明。It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are for the purpose of distinguishing two entities with the same name but not the same or non-identical parameters. It can be seen that "first" and "second" It is only for the convenience of expression and should not be construed as a limitation to the embodiments of the present invention, and subsequent embodiments will not describe them one by one.
基于上述目的,本发明实施例的第一个方面,提出了一种正确评估神经网络鲁棒性的检测方法的一个实施例。图1示出的是本发明提供的神经网络鲁棒性检测方法的流程示意图。Based on the above objective, in the first aspect of the embodiments of the present invention, an embodiment of a detection method for correctly evaluating the robustness of a neural network is proposed. FIG. 1 shows a schematic flowchart of a method for detecting robustness of a neural network provided by the present invention.
所述的神经网络鲁棒性检测方法,如图1所示,包括执行以下步骤:The neural network robustness detection method, as shown in Figure 1, includes the following steps:
步骤S101:使用经过样本数据训练并测试的神经网络对样本数据中的特定样本执行前向运算,并在神经网络中的每个卷积层均生成卷积核特征图;Step S101: use the neural network trained and tested on the sample data to perform forward operations on specific samples in the sample data, and generate a convolution kernel feature map at each convolutional layer in the neural network;
步骤S103:将卷积核特征图在各通道上抽样聚集形成卷积层特征图,并进一步抽样聚集形成特定样本的样本卷积图;Step S103: sampling and gathering the convolution kernel feature map on each channel to form a convolution layer feature map, and further sampling and gathering to form a sample convolution map of a specific sample;
步骤S105:将样本卷积图中的权重差异转化为颜色差异以可视化样本卷积图,生成特定样本的样本特征可视化图像;Step S105: Convert the weight difference in the sample convolution graph into a color difference to visualize the sample convolution graph, and generate a sample feature visualization image of a specific sample;
步骤S107:从样本数据中提取具有标记的样本作为第一检测组、将样本特征可视化图像和相对应的特定样本的组合作为第二检测组,并以第一检测组和第二检测组一一对应的方式发送群体标注请求;Step S107: Extract the marked samples from the sample data as the first detection group, use the combination of the sample feature visualization image and the corresponding specific sample as the second detection group, and use the first detection group and the second detection group one by one. Send the group annotation request in the corresponding way;
步骤S109:接收针对群体标注请求的群体标注结果,并基于群体标注结果中与标注正确的第一检测组相对应的第二检测组的标注信息确定神经网络的鲁棒性。Step S109: Receive the group labeling result for the group labeling request, and determine the robustness of the neural network based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result.
典型的CNN(Convolutional Neural Networks,卷积神经网络)主要包含卷积层,池化层,全链接层,softmax(逻辑回归函数)层等,其中卷积层所进行的运算,是相对较为重要的运算。它通过使用不同的卷积核在图 像的各个通道上进行滑动计算,从而在一幅图像上得出一组feature map(特征图)。图像能够在多个位置检测到相同的模式(平移和缩放不变性),所以通过这种操作,可以有选择地重用针对于多个目标的权重。这样降低了权重数量和数据量的比例,从而有效的减少了过拟合,并使得模型的精度更高,提高了网络的泛化能力。A typical CNN (Convolutional Neural Networks, convolutional neural network) mainly includes convolutional layers, pooling layers, full-link layers, softmax (logistic regression function) layers, etc. The operations performed by the convolutional layer are relatively important. operation. It uses different convolution kernels to perform sliding calculations on each channel of the image to obtain a set of feature maps (feature maps) on an image. Images are able to detect the same pattern in multiple locations (pan and zoom invariance), so by doing this, weights for multiple targets can be selectively reused. This reduces the ratio of the number of weights to the amount of data, thereby effectively reducing overfitting, making the model more accurate, and improving the generalization ability of the network.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程可以通过计算机程序来指令相关硬件来完成,程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。计算机程序的实施例可以达到与之对应的前述任意方法实施例相同或者相类似的效果。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium. When the program is executed, it can include It is as the flow of the embodiments of the above-mentioned methods. The storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like. The computer program embodiments can achieve the same or similar effects as any of the foregoing method embodiments.
在一些实施方式中,样本数据包括训练集、测试集、和检测集;特定样本为检测集的样本;使用经过样本数据训练并测试的神经网络对样本数据中的特定样本执行前向运算包括:使用经过训练集的样本训练、和经过测试集的样本测试的神经网络对检测集的样本执行前向运算。In some embodiments, the sample data includes a training set, a test set, and a detection set; the specific sample is a sample of the detection set; using the neural network trained and tested on the sample data to perform a forward operation on the specific sample in the sample data includes: A neural network trained on samples from the training set and tested on samples from the test set performs forward operations on samples from the test set.
在一些实施方式中,在神经网络中的每个卷积层均生成卷积核特征图包括:在神经网络中的每个卷积层中,在各通道上将检测集的样本与卷积层中的多个卷积核分别卷积获得检测集的样本在每个卷积层上的多个卷积核特征图。In some embodiments, generating a convolution kernel feature map at each convolutional layer in the neural network includes: in each convolutional layer in the neural network, comparing samples of the detection set with the convolutional layer on each channel The multiple convolution kernels in each convolution kernel are convolved to obtain the multiple convolution kernel feature maps of the samples of the detection set on each convolution layer.
在一些实施方式中,将卷积核特征图在各通道上抽样聚集形成卷积层特征图包括:在神经网络中的每个卷积层中,从多个卷积核特征图中随机抽取第一数量的卷积核特征图在各通道上叠加获得检测集的样本的多个卷积层特征图。In some embodiments, sampling and clustering the convolution kernel feature maps on each channel to form a convolution layer feature map includes: in each convolution layer in the neural network, randomly extracting the first convolution kernel feature map from a plurality of convolution kernel feature maps A number of convolution kernel feature maps are superimposed on each channel to obtain multiple convolution layer feature maps of samples of the detection set.
在一些实施方式中,进一步抽样聚集形成特定样本的样本卷积图包括:在神经网络中每隔第二数量指定一个卷积层,并对所有被指定的卷积层的 卷积层特征图求平均以获得检测集的样本的样本卷积图。In some embodiments, further sampling and aggregating to form a sample convolutional map of a specific sample comprises: specifying every second number of convolutional layers in the neural network, and obtaining the convolutional layer feature maps of all the specified convolutional layers Averaged to obtain a sample convolution map of the samples in the detection set.
在一些实施方式中,以第一检测组和第二检测组一一对应的方式发送群体标注请求包括:In some embodiments, sending the group labeling request in a one-to-one correspondence between the first detection group and the second detection group includes:
从第一检测组选定一个样本,并请求针对该样本生成与标记相关的标注信息的第一群体标注;Selecting a sample from the first detection group and requesting a first group label for generating label-related label information for the sample;
从第二检测组选定样本特征可视化图像和相对应的检测集的样本的一个组合,并请求针对该检测集的样本生成关于样本特征可视化图像是否包括其特征信息的标注信息的第二群体标注;A combination of a sample feature visualization image and a sample of the corresponding detection set is selected from the second detection set, and a second group annotation of annotation information on whether the sample feature visualization image includes its feature information is requested to be generated for the samples of the detection set ;
将第一群体标注和第二群体标注组合生成群体标注请求并发送。The first group annotation and the second group annotation are combined to generate and send a group annotation request.
在一些实施方式中,基于群体标注结果中与标注正确的第一检测组相对应的第二检测组的标注信息确定神经网络的鲁棒性包括:In some embodiments, determining the robustness of the neural network based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the population labeling result includes:
将第一检测组的标注信息与样本数据中的标记不同的所有群体标注结果抛弃;Discard all the group labeling results whose labeling information of the first detection group is different from the labeling in the sample data;
将第一检测组的标注信息与样本数据中的标记相同、并且第二检测组的标注信息为包括其特征信息的所有群体标注结果记为成功反馈;The labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is all the group labeling results including its characteristic information, which is marked as successful feedback;
将第一检测组的标注信息与样本数据中的标记相同、并且第二检测组的标注信息为不包括其特征信息的所有群体标注结果记为失败反馈;The labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is all group labeling results that do not include its characteristic information, and record as failure feedback;
基于成功反馈和失败反馈的数量确定神经网络的鲁棒性,其中神经网络的鲁棒性与成功反馈的数量呈正相关性、并且与失败反馈的数量呈负相关性。The robustness of the neural network is determined based on the number of successful and failed feedbacks, wherein the robustness of the neural network is positively correlated with the number of successful feedbacks and negatively correlated with the number of failed feedbacks.
下面根据图2所示的具体实施例进一步阐述本发明的具体实施方式。The specific implementation of the present invention is further described below according to the specific embodiment shown in FIG. 2 .
(1)首先根据要解决的问题(例如是目标检测问题还是分类问题),确定神经网络的结构。将已有的样本数据随机分为三部分,分别为训练集,测试集和检测集。其中训练集的样本用来进行神经网络的训练,测试集的 样本用来进行网络模型的验证。而对于检测集的样本,会针对已经训练完成的网络,使用检测集的样本生成feature map的可视化图像。(1) First, determine the structure of the neural network according to the problem to be solved (for example, a target detection problem or a classification problem). The existing sample data is randomly divided into three parts, namely training set, test set and detection set. The samples of the training set are used to train the neural network, and the samples of the test set are used to verify the network model. For the samples of the detection set, a visual image of the feature map will be generated using the samples of the detection set for the network that has been trained.
(2)确定神经网络的超参数,使用训练集进行神经网络的训练。当神经网络在测试集上达到期望的精度时,结束训练过程。(2) Determine the hyperparameters of the neural network, and use the training set to train the neural network. The training process ends when the neural network achieves the desired accuracy on the test set.
(3)训练完成神经网络之后,将检测集中的每一个样本输入到已经训练的神经网络中,进行前向运算。对于每一个卷积层,即使用卷积核的每一个通道与输入样本的对应通道进行卷积操作,然后逐位置进行相加,从而得到了一个feature map。(3) After the neural network is trained, each sample in the detection set is input into the trained neural network for forward operation. For each convolutional layer, the convolution operation is performed using each channel of the convolution kernel and the corresponding channel of the input sample, and then added position by position to obtain a feature map.
(4)对于该层的每一个卷积核都能得到一个feature map。对于每一层随机选择3个feature map,对这3个feature map在对应的通道上进行求和操作,最终的结果作为该层的feature map。(4) A feature map can be obtained for each convolution kernel of this layer. For each layer, three feature maps are randomly selected, and the three feature maps are summed on the corresponding channels, and the final result is used as the feature map of the layer.
(5)对于一个神经网络每间隔2层选择一个feature map,即选择了第1,4,7…层的feature map。对应做平均从而得到了该网络对于该样本的feature map。(5) For a neural network, select a feature map every 2 layers, that is, select the feature map of the 1st, 4th, 7th... layers. Correspondingly averaged to obtain the feature map of the network for the sample.
(6)将该样本针对于该网络的feature map进行可视化。其中feature map中高权重的值,描绘为白色(即高RGB(Red Green Blue,三元色)值),低权重的值为黑色(即低RGB值)。(6) Visualize the sample against the feature map of the network. The high-weight value in the feature map is depicted as white (ie, high RGB (Red Green Blue, triad) value), and the low-weight value is black (ie, low RGB value).
(7)将对应的检测集的样本和生成的feature map可视化图像标记为一组图像。通过对检测集中的每个样本图像生成对应的可视化feature map,从而得到了针对于这个网络的若干组图像。(7) Label the samples of the corresponding detection set and the generated feature map visualization images as a set of images. By generating a corresponding visual feature map for each sample image in the detection set, several sets of images for this network are obtained.
(8)随机从验证集中抽取一组图像和标签,并随机从(7)步生成的若干组图像中,抽取一组图像。(8) Randomly extract a set of images and labels from the validation set, and randomly select a set of images from several sets of images generated in step (7).
(9)在系统需要人机分辨检测,进行API(Application Programming Interface,应用程序接口)请求的时候,以如图3所示的方 式将这两个图像发送出去。由人工进行第一个图像的标签识别,并且判断第二组图像(feature map和样本),查看feature map与样本是否匹配。(9) When the system needs man-machine discrimination detection and makes an API (Application Programming Interface) request, the two images are sent out in the manner shown in Figure 3. The label identification of the first image is performed manually, and the second set of images (feature maps and samples) are judged to see if the feature map matches the samples.
(10)第一个图像的人工识别与标签值匹配,则认为此次的人机检测通过,并收集另外一组图像的结果(匹配或不匹配)。(10) If the manual identification of the first image matches the label value, it is considered that the human-machine detection this time has passed, and the results of another set of images (matching or non-matching) are collected.
(11)对收集的第二组结果进行统计分析。如果大部分人对于第二组的选择结果是不匹配,则代表该feature map并不能很好的识别到该样本的特征。此时,即使该模型的测试集效果较好,也不一定能代表该样本具备较好的泛化能力。(11) Statistical analysis of the collected second set of results. If most people's selection results for the second group do not match, it means that the feature map cannot identify the features of the sample well. At this time, even if the test set effect of the model is good, it does not necessarily mean that the sample has good generalization ability.
从上述实施例可以看出,本发明实施例提供的神经网络鲁棒性检测方法通过使用经过样本数据训练并测试的神经网络对样本数据中的特定样本执行前向运算,并在神经网络中的每个卷积层均生成卷积核特征图;将卷积核特征图在各通道上抽样聚集形成卷积层特征图,并进一步抽样聚集形成特定样本的样本卷积图;将样本卷积图中的权重差异转化为颜色差异以可视化样本卷积图,生成特定样本的样本特征可视化图像;从样本数据中提取具有标记的样本作为第一检测组、将样本特征可视化图像和相对应的特定样本的组合作为第二检测组,并以第一检测组和第二检测组一一对应的方式发送群体标注请求;接收针对群体标注请求的群体标注结果,并基于群体标注结果中与标注正确的第一检测组相对应的第二检测组的标注信息确定神经网络的鲁棒性的技术方案,能够正确评估神经网络的鲁棒性。It can be seen from the above embodiments that the neural network robustness detection method provided by the embodiments of the present invention performs forward operations on specific samples in the sample data by using a neural network trained and tested on sample data, and performs forward operations on specific samples in the neural network. Each convolution layer generates a convolution kernel feature map; the convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample; the sample convolution map The difference of weights in the image is converted into color difference to visualize the sample convolution map, and the sample feature visualization image of the specific sample is generated; the labeled samples are extracted from the sample data as the first detection group, and the sample feature visualization image and the corresponding specific sample The combination is used as the second detection group, and the group labeling request is sent in a one-to-one correspondence between the first detection group and the second detection group; the group labeling result for the group labeling request is received, and based on the group labeling result and the correct label The technical solution for determining the robustness of the neural network by the label information of the second detection group corresponding to one detection group can correctly evaluate the robustness of the neural network.
需要特别指出的是,上述神经网络鲁棒性检测方法的各个实施例中的各个步骤均可以相互交叉、替换、增加、删减,因此,这些合理的排列组合变换之于神经网络鲁棒性检测方法也应当属于本发明的保护范围,并且不应将本发明的保护范围局限在所述实施例之上。It should be particularly pointed out that each step in each embodiment of the above-mentioned neural network robustness detection method can be intersected, replaced, added, and deleted. The method should also belong to the protection scope of the present invention, and the protection scope of the present invention should not be limited to the described embodiments.
如图4所示,基于上述目的,本发明实施例的第二个方面,提出了一种正确评估神经网络鲁棒性的检测装置的一个实施例。神经网络鲁棒性检 测装置包括:As shown in FIG. 4 , based on the above purpose, a second aspect of the embodiments of the present invention provides an embodiment of a detection apparatus for correctly evaluating the robustness of a neural network. The neural network robustness detection device includes:
处理器301;和 processor 301; and
存储器302,存储有处理器可运行的程序代码,程序代码在被运行时执行以下步骤:The memory 302 stores program code executable by the processor, and the program code performs the following steps when executed:
使用经过样本数据训练并测试的神经网络对样本数据中的特定样本执行前向运算,并在神经网络中的每个卷积层均生成卷积核特征图;Use the neural network trained and tested on the sample data to perform forward operations on specific samples in the sample data, and generate a convolution kernel feature map at each convolutional layer in the neural network;
将卷积核特征图在各通道上抽样聚集形成卷积层特征图,并进一步抽样聚集形成特定样本的样本卷积图;The convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample;
将样本卷积图中的权重差异转化为颜色差异以可视化样本卷积图,生成特定样本的样本特征可视化图像;Convert the weight difference in the sample convolution graph into color difference to visualize the sample convolution graph, and generate a sample feature visualization image for a specific sample;
从样本数据中提取具有标记的样本作为第一检测组、将样本特征可视化图像和相对应的特定样本的组合作为第二检测组,并以第一检测组和第二检测组一一对应的方式发送群体标注请求;The labeled samples are extracted from the sample data as the first detection group, the combination of the sample feature visualization image and the corresponding specific sample is used as the second detection group, and the first detection group and the second detection group are in one-to-one correspondence. Send group tagging requests;
接收针对群体标注请求的群体标注结果,并基于群体标注结果中与标注正确的第一检测组相对应的第二检测组的标注信息确定神经网络的鲁棒性。A group labeling result for the group labeling request is received, and the robustness of the neural network is determined based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result.
在一些实施方式中,在神经网络中的每个卷积层均生成卷积核特征图包括:在神经网络中的每个卷积层中,在各通道上将检测集的样本与卷积层中的多个卷积核分别卷积获得检测集的样本在每个卷积层上的多个卷积核特征图;In some embodiments, generating a convolution kernel feature map at each convolutional layer in the neural network includes: in each convolutional layer in the neural network, comparing samples of the detection set with the convolutional layer on each channel The multiple convolution kernels in each convolution kernel are convolved to obtain the multiple convolution kernel feature maps of the samples of the detection set on each convolution layer;
将卷积核特征图在各通道上抽样聚集形成卷积层特征图包括:在神经网络中的每个卷积层中,从多个卷积核特征图中随机抽取第一数量的卷积核特征图在各通道上叠加获得检测集的样本的多个卷积层特征图;Sampling and gathering the convolution kernel feature maps on each channel to form a convolution layer feature map includes: in each convolution layer in the neural network, randomly extracting a first number of convolution kernels from a plurality of convolution kernel feature maps The feature map is superimposed on each channel to obtain multiple convolution layer feature maps of the samples of the detection set;
进一步抽样聚集形成特定样本的样本卷积图包括:在神经网络中每隔 第二数量指定一个卷积层,并对所有被指定的卷积层的卷积层特征图求平均以获得检测集的样本的样本卷积图。Further sampling and aggregating to form a sample convolutional map of a specific sample includes: specifying a convolutional layer every second number in the neural network, and averaging the convolutional layer feature maps of all the specified convolutional layers to obtain the detection set. The sample convolution graph for the sample.
在一些实施方式中,以第一检测组和第二检测组一一对应的方式发送群体标注请求包括:从第一检测组选定一个样本,并请求针对该样本生成与标记相关的标注信息的第一群体标注;从第二检测组选定样本特征可视化图像和相对应的检测集的样本的一个组合,并请求针对该检测集的样本生成关于样本特征可视化图像是否包括其特征信息的标注信息的第二群体标注;将第一群体标注和第二群体标注组合生成群体标注请求并发送;In some embodiments, sending the group labeling request in a one-to-one correspondence between the first detection group and the second detection group includes: selecting a sample from the first detection group, and requesting to generate labeling information related to the label for the sample. The first group labeling; selecting a combination of the sample feature visualization image and the sample of the corresponding detection set from the second detection group, and requesting to generate annotation information about whether the sample feature visualization image includes its feature information for the samples of the detection set the second group annotation; combine the first group annotation and the second group annotation to generate a group annotation request and send it;
基于群体标注结果中与标注正确的第一检测组相对应的第二检测组的标注信息确定神经网络的鲁棒性包括:将第一检测组的标注信息与样本数据中的标记不同的所有群体标注结果抛弃;将第一检测组的标注信息与样本数据中的标记相同、并且第二检测组的标注信息为包括其特征信息的所有群体标注结果记为成功反馈;将第一检测组的标注信息与样本数据中的标记相同、并且第二检测组的标注信息为不包括其特征信息的所有群体标注结果记为失败反馈;基于成功反馈和失败反馈的数量确定神经网络的鲁棒性,其中神经网络的鲁棒性与成功反馈的数量呈正相关性、并且与所述失败反馈的数量呈负相关性。Determining the robustness of the neural network based on the label information of the second detection group corresponding to the correctly labeled first detection group in the group labeling result includes: comparing the label information of the first detection group to all groups with different labels in the sample data The labeling result is discarded; the labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is all group labeling results including its characteristic information, and it is marked as successful feedback; the labeling of the first detection group is marked as successful feedback; The information is the same as the label in the sample data, and the label information of the second detection group is all group labeling results that do not include its characteristic information, which is recorded as failure feedback; the robustness of the neural network is determined based on the number of successful feedback and failure feedback, where The robustness of the neural network is positively correlated with the number of successful feedbacks and negatively correlated with the number of failed feedbacks.
从上述实施例可以看出,本发明实施例提供的神经网络鲁棒性检测装置,通过使用经过样本数据训练并测试的神经网络对样本数据中的特定样本执行前向运算,并在神经网络中的每个卷积层均生成卷积核特征图;将卷积核特征图在各通道上抽样聚集形成卷积层特征图,并进一步抽样聚集形成特定样本的样本卷积图;将样本卷积图中的权重差异转化为颜色差异以可视化样本卷积图,生成特定样本的样本特征可视化图像;从样本数据中提取具有标记的样本作为第一检测组、将样本特征可视化图像和相对应的特定样本的组合作为第二检测组,并以第一检测组和第二检测组一一对 应的方式发送群体标注请求;接收针对群体标注请求的群体标注结果,并基于群体标注结果中与标注正确的第一检测组相对应的第二检测组的标注信息确定神经网络的鲁棒性的技术方案,能够正确评估神经网络的鲁棒性。It can be seen from the above embodiments that the neural network robustness detection apparatus provided by the embodiments of the present invention performs forward operations on specific samples in the sample data by using the neural network trained and tested on the sample data, and performs a forward operation in the neural network. Each convolutional layer of the convolutional layer generates a convolution kernel feature map; the convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of a specific sample; the sample convolution The weight difference in the graph is converted into color difference to visualize the sample convolution graph, and the sample feature visualization image of a specific sample is generated; the labeled samples are extracted from the sample data as the first detection group, and the sample feature visualization image and the corresponding specific sample are extracted. The combination of samples is used as the second detection group, and the group labeling request is sent in a one-to-one correspondence between the first detection group and the second detection group; The technical solution for determining the robustness of the neural network by the label information of the second detection group corresponding to the first detection group can correctly evaluate the robustness of the neural network.
需要特别指出的是,上述神经网络鲁棒性检测装置的实施例采用了所述神经网络鲁棒性检测方法的实施例来具体说明各模块的工作过程,本领域技术人员能够很容易想到,将这些模块应用到所述神经网络鲁棒性检测方法的其他实施例中。当然,由于所述神经网络鲁棒性检测方法实施例中的各个步骤均可以相互交叉、替换、增加、删减,因此,这些合理的排列组合变换之于所述神经网络鲁棒性检测装置也应当属于本发明的保护范围,并且不应将本发明的保护范围局限在所述实施例之上。It should be particularly pointed out that the embodiments of the above-mentioned neural network robustness detection apparatus use the embodiments of the neural network robustness detection method to specifically describe the working process of each module. Those skilled in the art can easily imagine that the These modules apply to other embodiments of the neural network robustness detection method. Of course, since each step in the embodiment of the neural network robustness detection method can be intersected, replaced, added, and deleted, these reasonable permutation and combination transformations are also useful to the neural network robustness detection device. It should belong to the protection scope of the present invention, and should not limit the protection scope of the present invention to the above-described embodiments.
以上是本发明公开的示例性实施例,但是应当注意,在不背离权利要求限定的本发明实施例公开的范围的前提下,可以进行多种改变和修改。根据这里描述的公开实施例的方法权利要求的功能、步骤和/或动作不需以任何特定顺序执行。此外,尽管本发明实施例公开的元素可以以个体形式描述或要求,但除非明确限制为单数,也可以理解为多个。The above are exemplary embodiments of the present disclosure, but it should be noted that various changes and modifications may be made without departing from the scope of the disclosure of the embodiments of the present invention as defined in the claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements disclosed in the embodiments of the present invention may be described or claimed in the singular, unless explicitly limited to the singular, the plural may also be construed.
所属领域的普通技术人员应当理解:以上任何实施例的讨论仅为示例性的,并非旨在暗示本发明实施例公开的范围(包括权利要求)被限于这些例子;在本发明实施例的思路下,以上实施例或者不同实施例中的技术特征之间也可以进行组合,并存在如上所述的本发明实施例的不同方面的许多其它变化,为了简明它们没有在细节中提供。因此,凡在本发明实施例的精神和原则之内,所做的任何省略、修改、等同替换、改进等,均应包含在本发明实施例的保护范围之内。Those of ordinary skill in the art should understand that the discussion of any of the above embodiments is only exemplary, and is not intended to imply that the scope (including the claims) disclosed by the embodiments of the present invention is limited to these examples; under the idea of the embodiments of the present invention , technical features in the above embodiments or different embodiments may also be combined, and there are many other variations of the different aspects of the embodiments of the present invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omission, modification, equivalent replacement, improvement, etc. made within the spirit and principles of the embodiments of the present invention should be included within the protection scope of the embodiments of the present invention.

Claims (10)

  1. 一种神经网络鲁棒性检测方法,其特征在于,包括执行以下步骤:A method for detecting robustness of a neural network, comprising the steps of:
    使用经过样本数据训练并测试的所述神经网络对所述样本数据中的特定样本执行前向运算,并在所述神经网络中的每个卷积层均生成卷积核特征图;Using the neural network trained and tested on the sample data to perform forward operations on specific samples in the sample data, and generating a convolution kernel feature map at each convolutional layer in the neural network;
    将所述卷积核特征图在各通道上抽样聚集形成卷积层特征图,并进一步抽样聚集形成所述特定样本的样本卷积图;The convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of the specific sample;
    将所述样本卷积图中的权重差异转化为颜色差异以可视化所述样本卷积图,生成所述特定样本的样本特征可视化图像;Converting the weight difference in the sample convolution graph into a color difference to visualize the sample convolution graph, and generating a sample feature visualization image of the specific sample;
    从所述样本数据中提取具有标记的样本作为第一检测组、将所述样本特征可视化图像和相对应的所述特定样本的组合作为第二检测组,并以所述第一检测组和所述第二检测组一一对应的方式发送群体标注请求;The labeled samples are extracted from the sample data as the first detection group, the combination of the sample feature visualization image and the corresponding specific sample is used as the second detection group, and the first detection group and the Send the group labeling request in a one-to-one correspondence with the second detection group;
    接收针对所述群体标注请求的群体标注结果,并基于所述群体标注结果中与标注正确的所述第一检测组相对应的所述第二检测组的标注信息确定所述神经网络的鲁棒性。Receive a group labeling result for the group labeling request, and determine the robustness of the neural network based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result sex.
  2. 根据权利要求1所述的方法,其特征在于,所述样本数据包括训练集、测试集、和检测集;所述特定样本为所述检测集的样本;The method according to claim 1, wherein the sample data includes a training set, a test set, and a detection set; the specific sample is a sample of the detection set;
    使用经过样本数据训练并测试的所述神经网络对所述样本数据中的特定样本执行前向运算包括:使用经过所述训练集的样本训练、和经过所述测试集的样本测试的所述神经网络对所述检测集的样本执行前向运算。Using the neural network trained and tested on the sample data to perform a forward operation on a specific sample in the sample data includes: using the neural network trained on the samples from the training set and the neural network tested on the samples from the test set. The network performs forward operations on samples of the detection set.
  3. 根据权利要求2所述的方法,其特征在于,在所述神经网络中的每个卷积层均生成卷积核特征图包括:The method according to claim 2, wherein generating a convolution kernel feature map at each convolutional layer in the neural network comprises:
    在所述神经网络中的每个卷积层中,在各通道上将所述检测集的样本与所述卷积层中的多个卷积核分别卷积获得所述检测集的样本在每个所述卷积层上的多个所述卷积核特征图。In each convolutional layer in the neural network, the samples of the detection set are convolved with multiple convolution kernels in the convolutional layer on each channel to obtain the samples of the detection set. a plurality of the convolution kernel feature maps on the convolutional layers.
  4. 根据权利要求3所述的方法,其特征在于,将所述卷积核特征图在各通道上抽样聚集形成卷积层特征图包括:The method according to claim 3, wherein sampling and gathering the convolution kernel feature map on each channel to form a convolution layer feature map comprises:
    在所述神经网络中的每个卷积层中,从多个所述卷积核特征图中随机抽取第一数量的所述卷积核特征图在各通道上叠加获得所述检测集的样本的多个所述卷积层特征图。In each convolution layer in the neural network, randomly extract a first number of the convolution kernel feature maps from a plurality of the convolution kernel feature maps and superimpose them on each channel to obtain samples of the detection set A plurality of the convolutional layer feature maps.
  5. 根据权利要求4所述的方法,其特征在于,进一步抽样聚集形成所述特定样本的样本卷积图包括:The method according to claim 4, wherein further sampling and aggregating to form the sample convolution graph of the specific sample comprises:
    在所述神经网络中每隔第二数量指定一个所述卷积层,并对所有被指定的所述卷积层的所述卷积层特征图求平均以获得所述检测集的样本的所述样本卷积图。Specifying the convolutional layer every second number in the neural network, and averaging the convolutional layer feature maps of all the specified convolutional layers to obtain all the samples of the detection set The sample convolution graph described above.
  6. 根据权利要求2所述的方法,其特征在于,以所述第一检测组和所述第二检测组一一对应的方式发送群体标注请求包括:The method according to claim 2, wherein sending the group labeling request in a one-to-one correspondence between the first detection group and the second detection group comprises:
    从所述第一检测组选定一个样本,并请求针对该样本生成与标记相关的标注信息的第一群体标注;Selecting a sample from the first detection group, and requesting a first group label for generating label-related label information for the sample;
    从所述第二检测组选定所述样本特征可视化图像和相对应的所述检测集的样本的一个组合,并请求针对所述检测集的样本生成关于所述样本特征可视化图像是否包括其特征信息的标注信息的第二群体标注;A combination of the sample feature visualization image and the corresponding sample of the detection set is selected from the second detection set, and a request is made for the sample of the detection set to generate a feature about whether the sample feature visualization image includes its features Labeling of information The second group labeling of information;
    将第一群体标注和第二群体标注组合生成所述群体标注请求并发送。The group annotation request is generated and sent by combining the first group annotation and the second group annotation.
  7. 根据权利要求6所述的方法,其特征在于,基于所述群体标注结果中与标注正确的所述第一检测组相对应的所述第二检测组的标注信息确定所述神经网络的鲁棒性包括:The method according to claim 6, wherein the robustness of the neural network is determined based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result Sex includes:
    将所述第一检测组的标注信息与所述样本数据中的标记不同的所有所述群体标注结果抛弃;Discarding all the group labeling results in which the labeling information of the first detection group is different from the labeling in the sample data;
    将所述第一检测组的标注信息与所述样本数据中的标记相同、并且所述 第二检测组的标注信息为包括其特征信息的所有所述群体标注结果记为成功反馈;The labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is that all the group labeling results including its feature information are marked as successful feedback;
    将所述第一检测组的标注信息与所述样本数据中的标记相同、并且所述第二检测组的标注信息为不包括其特征信息的所有所述群体标注结果记为失败反馈;The labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group is that all the group labeling results that do not include its feature information are marked as failure feedback;
    基于所述成功反馈和所述失败反馈的数量确定所述神经网络的鲁棒性,其中所述神经网络的鲁棒性与所述成功反馈的数量呈正相关性、并且与所述失败反馈的数量呈负相关性。The robustness of the neural network is determined based on the number of successful feedbacks and the number of failed feedbacks, wherein the robustness of the neural network is positively correlated with the number of successful feedbacks and with the number of failed feedbacks negatively correlated.
  8. 一种神经网络鲁棒性检测装置,其特征在于,包括:A neural network robustness detection device, characterized in that it includes:
    处理器;和processor; and
    存储器,存储有处理器可运行的程序代码,所述程序代码在被运行时执行以下步骤:A memory storing program code executable by the processor, the program code performing the following steps when executed:
    使用经过样本数据训练并测试的所述神经网络对所述样本数据中的特定样本执行前向运算,并在所述神经网络中的每个卷积层均生成卷积核特征图;Using the neural network trained and tested on the sample data to perform forward operations on specific samples in the sample data, and generating a convolution kernel feature map at each convolutional layer in the neural network;
    将所述卷积核特征图在各通道上抽样聚集形成卷积层特征图,并进一步抽样聚集形成所述特定样本的样本卷积图;The convolution kernel feature map is sampled and aggregated on each channel to form a convolution layer feature map, and further sampled and aggregated to form a sample convolution map of the specific sample;
    将所述样本卷积图中的权重差异转化为颜色差异以可视化所述样本卷积图,生成所述特定样本的样本特征可视化图像;Converting the weight difference in the sample convolution graph into a color difference to visualize the sample convolution graph, and generating a sample feature visualization image of the specific sample;
    从所述样本数据中提取具有标记的样本作为第一检测组、将所述样本特征可视化图像和相对应的所述特定样本的组合作为第二检测组,并以所述第一检测组和所述第二检测组一一对应的方式发送群体标注请求;The labeled samples are extracted from the sample data as the first detection group, the combination of the sample feature visualization image and the corresponding specific sample is used as the second detection group, and the first detection group and the Send the group labeling request in a one-to-one correspondence with the second detection group;
    接收针对所述群体标注请求的群体标注结果,并基于所述群体标注结果中与标注正确的所述第一检测组相对应的所述第二检测组的标注信息确 定所述神经网络的鲁棒性。Receive a group labeling result for the group labeling request, and determine the robustness of the neural network based on the labeling information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result sex.
  9. 根据权利要求8所述的装置,其特征在于,在所述神经网络中的每个卷积层均生成卷积核特征图包括:在所述神经网络中的每个卷积层中,在各通道上将所述检测集的样本与所述卷积层中的多个卷积核分别卷积获得所述检测集的样本在每个所述卷积层上的多个所述卷积核特征图;The apparatus according to claim 8, wherein generating a convolution kernel feature map in each convolutional layer in the neural network comprises: in each convolutional layer in the neural network, in each convolutional layer Convolving the samples of the detection set with the multiple convolution kernels in the convolution layer on the channel respectively to obtain the multiple convolution kernel features of the samples of the detection set on each of the convolution layers picture;
    将所述卷积核特征图在各通道上抽样聚集形成卷积层特征图包括:在所述神经网络中的每个卷积层中,从多个所述卷积核特征图中随机抽取第一数量的所述卷积核特征图在各通道上叠加获得所述检测集的样本的多个所述卷积层特征图;Sampling and gathering the convolution kernel feature maps on each channel to form a convolution layer feature map includes: in each convolution layer in the neural network, randomly extracting the first convolution kernel feature map from a plurality of the convolution kernel feature maps. A number of the convolution kernel feature maps are superimposed on each channel to obtain a plurality of the convolution layer feature maps of the samples of the detection set;
    进一步抽样聚集形成所述特定样本的样本卷积图包括:在所述神经网络中每隔第二数量指定一个所述卷积层,并对所有被指定的所述卷积层的所述卷积层特征图求平均以获得所述检测集的样本的所述样本卷积图。Further sampling and aggregating the sample convolution map to form the specific sample includes: specifying one of the convolutional layers every second number in the neural network, and applying the convolutional layers of all the specified convolutional layers to the convolutional layer. Layer feature maps are averaged to obtain the sample convolution map of samples of the detection set.
  10. 根据权利要求8所述的装置,其特征在于,以所述第一检测组和所述第二检测组一一对应的方式发送群体标注请求包括:从所述第一检测组选定一个样本,并请求针对该样本生成与标记相关的标注信息的第一群体标注;从所述第二检测组选定所述样本特征可视化图像和相对应的所述检测集的样本的一个组合,并请求针对所述检测集的样本生成关于所述样本特征可视化图像是否包括其特征信息的标注信息的第二群体标注;将第一群体标注和第二群体标注组合生成所述群体标注请求并发送;The apparatus according to claim 8, wherein sending the group labeling request in a one-to-one correspondence between the first detection group and the second detection group comprises: selecting a sample from the first detection group, And request to generate the first group annotation of the labeling information related to the label for the sample; select a combination of the sample feature visualization image and the corresponding sample of the detection set from the second detection group, and request for The samples of the detection set generate a second group annotation about whether the sample feature visualization image includes annotation information of its feature information; the first group annotation and the second group annotation are combined to generate and send the group annotation request;
    基于所述群体标注结果中与标注正确的所述第一检测组相对应的所述第二检测组的标注信息确定所述神经网络的鲁棒性包括:将所述第一检测组的标注信息与所述样本数据中的标记不同的所有所述群体标注结果抛弃;将所述第一检测组的标注信息与所述样本数据中的标记相同、并且所述第二检测组的标注信息为包括其特征信息的所有所述群体标注结果记为成功反馈;将所述第一检测组的标注信息与所述样本数据中的标记相同、并且所述第二检 测组的标注信息为不包括其特征信息的所有所述群体标注结果记为失败反馈;基于所述成功反馈和所述失败反馈的数量确定所述神经网络的鲁棒性,其中所述神经网络的鲁棒性与所述成功反馈的数量呈正相关性、并且与所述失败反馈的数量呈负相关性。Determining the robustness of the neural network based on the label information of the second detection group corresponding to the correctly labelled first detection group in the group labeling result includes: All the group labeling results that are different from the labels in the sample data are discarded; the labeling information of the first detection group is the same as the labeling in the sample data, and the labeling information of the second detection group includes All the group labeling results of its feature information are marked as successful feedback; the labeling information of the first detection group is the same as the label in the sample data, and the labeling information of the second detection group does not include its features All the group labeling results of the information are recorded as failure feedback; the robustness of the neural network is determined based on the number of the successful feedback and the failure feedback, wherein the robustness of the neural network is the same as that of the successful feedback. The number is positively correlated and negatively correlated with the number of said failure feedbacks.
PCT/CN2021/109616 2020-09-25 2021-07-30 Neural network robustness measurement method, and apparatus WO2022062649A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011026951.8A CN112232380B (en) 2020-09-25 2020-09-25 Neural network robustness detection method and device
CN202011026951.8 2020-09-25

Publications (1)

Publication Number Publication Date
WO2022062649A1 true WO2022062649A1 (en) 2022-03-31

Family

ID=74108227

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/109616 WO2022062649A1 (en) 2020-09-25 2021-07-30 Neural network robustness measurement method, and apparatus

Country Status (2)

Country Link
CN (1) CN112232380B (en)
WO (1) WO2022062649A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112232380B (en) * 2020-09-25 2022-12-06 苏州浪潮智能科技有限公司 Neural network robustness detection method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111488711A (en) * 2020-04-08 2020-08-04 暨南大学 Network robustness assessment method and system
US20200293834A1 (en) * 2019-03-15 2020-09-17 Cognitive Scale, Inc. Robustness Score for an Opaque Model
CN112232380A (en) * 2020-09-25 2021-01-15 苏州浪潮智能科技有限公司 Neural network robustness detection method and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107240102A (en) * 2017-04-20 2017-10-10 合肥工业大学 Malignant tumour area of computer aided method of early diagnosis based on deep learning algorithm
CN107492095A (en) * 2017-08-02 2017-12-19 西安电子科技大学 Medical image pulmonary nodule detection method based on deep learning
CN110163077A (en) * 2019-03-11 2019-08-23 重庆邮电大学 A kind of lane recognition method based on full convolutional neural networks
CN110889464B (en) * 2019-12-10 2021-09-14 北京市商汤科技开发有限公司 Neural network training method for detecting target object, and target object detection method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200293834A1 (en) * 2019-03-15 2020-09-17 Cognitive Scale, Inc. Robustness Score for an Opaque Model
CN111488711A (en) * 2020-04-08 2020-08-04 暨南大学 Network robustness assessment method and system
CN112232380A (en) * 2020-09-25 2021-01-15 苏州浪潮智能科技有限公司 Neural network robustness detection method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MOOSAVI-DEZFOOLI SEYED-MOHSEN; FAWZI ALHUSSEIN; FROSSARD PASCAL: "DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks", 2016 IEEE CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR), IEEE, 27 June 2016 (2016-06-27), pages 2574 - 2582, XP033021438, DOI: 10.1109/CVPR.2016.282 *

Also Published As

Publication number Publication date
CN112232380A (en) 2021-01-15
CN112232380B (en) 2022-12-06

Similar Documents

Publication Publication Date Title
CN111612763B (en) Mobile phone screen defect detection method, device and system, computer equipment and medium
Khodabakhsh et al. Fake face detection methods: Can they be generalized?
Stock et al. Convnets and imagenet beyond accuracy: Understanding mistakes and uncovering biases
CN109741332A (en) A kind of image segmentation and mask method of man-machine coordination
CN111353545B (en) Plant disease and insect pest identification method based on sparse network migration
CN112862093B (en) Graphic neural network training method and device
CN111783505A (en) Method and device for identifying forged faces and computer-readable storage medium
CN111401418A (en) Employee dressing specification detection method based on improved Faster r-cnn
CN116012721B (en) Deep learning-based rice leaf spot detection method
CN112927783B (en) Image retrieval method and device
CN109583506A (en) A kind of unsupervised image-recognizing method based on parameter transfer learning
WO2022062649A1 (en) Neural network robustness measurement method, and apparatus
CN111723815A (en) Model training method, image processing method, device, computer system, and medium
CN117011563B (en) Road damage inspection cross-domain detection method and system based on semi-supervised federal learning
CN110245723A (en) A kind of safe and reliable image classification semi-supervised learning method and device
CN113591978A (en) Image classification method, device and storage medium based on confidence penalty regularization self-knowledge distillation
Xue et al. Region comparison network for interpretable few-shot image classification
Jain et al. Channel graph regularized correlation filters for visual object tracking
CN109523514A (en) To the batch imaging quality assessment method of Inverse Synthetic Aperture Radar ISAR
CN112819015A (en) Image quality evaluation method based on feature fusion
CN115913691A (en) Network flow abnormity detection method and system
CN116977725A (en) Abnormal behavior identification method and device based on improved convolutional neural network
CN109829887B (en) Image quality evaluation method based on deep neural network
CN112528058A (en) Fine-grained image classification method based on image attribute active learning
CN113792574B (en) Cross-dataset expression recognition method based on metric learning and teacher student model

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21871027

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21871027

Country of ref document: EP

Kind code of ref document: A1