Defense method of deep learning model aiming at adversarial attacks

Assignee

• Quanzhou Equipment Manufacturing Research Institute · CN

Inventors

• Jielong Guo · Hangzhou City, CN
• Xian Wei · Nanhu, CN
• Xuan Tang · Hopkinton, US
• Hui Yu · Nanhu, CN
• Dongheng Shao · Fujian, CN
• Jianfeng Zhang · Shrewsbury, US
• Jie Li · Qingdao, CN
• Yanhui Huang · Hangzhou City, CN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Disclosed are a defense method and a model of deep learning model aiming at adversarial attacks in the technical field of image recognition, which makes full use of the internal relationship between the adversarial samples and the initial samples, and transforms the adversarial samples into common samples by constructing a filter layer in front of the input layer of the deep learning model; the parameters of the filter layer are trained by using the adversarial attack samples, so as to improve the ability of the model to resist adversarial attack; then the trained filter layer is combined with the learning model after the adversarial training, and a deep learning model with strong robustness and high classification accuracy is obtained, which ensures that the recognition ability of the initial sample is not reduced while resisting the adversarial attacks.