Defense method and an application against adversarial examples based on feature remapping

Assignee

• ZHEJIANG UNIVERSITY OF TECHNOLOGY · CN

Inventors

• Jinyin Chen · Tangxia, CN
• Haibin Zheng · Nanhu, CN
• Longyuan Zhang · Hangzhou City, CN
• Xueke Wang · Hangzhou City, CN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06V10/7747
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A defense method against adversarial examples based on feature remapping, includes the following steps: building the feature remapping model, the feature remapping model is composed of the significant feature generation model and the nonsignificant feature generation model, and a shared discriminant model, the significant generation model is used to generate significant features, the nonsignificant generation model is used to generate nonsignificant features, and the shared discriminant model is used to discriminate fake or true of generated significant and nonsignificant features. The method combines the significant feature generation model and the nonsignificant feature generation model to build the detector that is used to detect adversarial examples and benign examples; builds the re-recognizer according to the significant feature generation model, the re-recognizer is used to recognize the type of adversarial examples while detecting; connects the detector to the output of the target model, and then use the detector to detect adversarial examples. While recognizing adversarial examples, the method connects the re-recognizer to the output of the target model, and then uses the …