FEATURE REMAPPING-BASED ADVERSARIAL SAMPLE DEFENSE METHOD AND APPLICATION

WIPO Patent Application WO/2021/169157

A1

Disclosed are a feature remapping-based adversarial example defense method and application, the method comprising: constructing a feature remapping model, the feature remapping model comprising a salient feature generation model used to generate salient features, a non-salient feature generation model used to generate non-salient features, and a shared determination model used to determine the authenticity of salient features and non-salient features; generating a model construction detector according to the salient feature generation model and the non-salient feature generation model, the detector being used to detect adversarial samples and benign samples; constructing a re-identifier according to the salient feature generation model, the re-identifier being used to identify the category of adversarial samples; when detecting adversarial samples, connecting the detector to an output of a target model, and using the detector to detect adversarial samples; when recognizing adversarial samples, connecting the re-identifier to the output of the target model, and using the re-identifier to recognize adversarial samples. The method can achieve a dual defense effect of detection and re-identification of adversarial samples.

CHEN JINYIN (CN)
ZHENG HAIBIN (CN)
ZHANG LONGYUAN (CN)
WANG XUEKE (CN)

PCT/CN2020/103264

September 02, 2021

July 21, 2020

Click for automatic bibliography generation  

UNIV ZHEJIANG TECHNOLOGY (CN)

G06K9/62; G06N3/04

WO2019143384A1	2019-07-25
WO2019207770A1	2019-10-31

CN111401407A	2020-07-10
CN110674938A	2020-01-10
CN108322349A	2018-07-24
CN109543740A	2019-03-29
CN108446765A	2018-08-24
CN106296692A	2017-01-04
CN109460814A	2019-03-12

HANGZHOU TIANQIN INTELLECTUAL PROPERTY AGENCY CO., LTD. (CN)

View/Download PDF      PDF Help

Previous Patent: STATOR SHEET, STATOR CORE, STATOR, AND MOTOR

Next Patent: FREQUENCY DIVIDER AND ELECTRONIC DEVICE