CN113052167B - Grid map data protection method based on countercheck patch - Google Patents
Grid map data protection method based on countercheck patch Download PDFInfo
- Publication number
- CN113052167B CN113052167B CN202110255017.1A CN202110255017A CN113052167B CN 113052167 B CN113052167 B CN 113052167B CN 202110255017 A CN202110255017 A CN 202110255017A CN 113052167 B CN113052167 B CN 113052167B
- Authority
- CN
- China
- Prior art keywords
- patch
- geographic
- target image
- image
- map data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V10/00—Arrangements for image or video recognition or understanding
- G06V10/20—Image preprocessing
- G06V10/25—Determination of region of interest [ROI] or a volume of interest [VOI]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/29—Geographical information databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/50—Information retrieval; Database structures therefor; File system structures therefor of still image data
- G06F16/56—Information retrieval; Database structures therefor; File system structures therefor of still image data having vectorial format
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2415—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Databases & Information Systems (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Probability & Statistics with Applications (AREA)
- Multimedia (AREA)
- Health & Medical Sciences (AREA)
- Remote Sensing (AREA)
- Image Analysis (AREA)
- Image Processing (AREA)
Abstract
The invention provides a grid map data protection method based on a countercheck patch, which comprises the following steps: acquiring a geographic target image; initializing a patch, and inputting the initialized patch and the geographic target image to a constructed neural network model together; guiding a neural network to iteratively update the value of the patch by using a random gradient descent method and a scrambling degree evaluation method so as to train the patch, and finally selecting the patch with the highest expected probability of classifying the geographic target image into a target class as a counterpatch generation result; acquiring the area position of the geographic target on the geographic target image by using an area correction method; jointly deciding an application mode of the anti-patch in the region where the geographic target is located by using an Actor-Critic method and an image similarity evaluation method based on multiple features; a geographic target image with a countermeasure patch is obtained. The invention has the beneficial effects that: the purpose of effectively resisting the network model of the attacker to identify the sensitive geographic target is achieved, and the safety of the raster map data is improved.
Description
Technical Field
The invention relates to the field of geological data desensitization and deep learning, in particular to a grid map data protection method based on a confrontation patch.
Background
The grid map data includes important information such as national important facilities, national defense important target symbols, buildings, identifications and the like. The existing grid map data security protection method mainly focuses on the aspects of a data encryption method, a digital watermarking method and the like. For example, the inventor has proposed a grid map copyright protection method based on BFA and LSB in zhou lin, what the inventor has proposed a geographic information data composite encryption system, and the like. In recent years, object extraction and object recognition on grid map data have gradually been changed from a manual processing mode to a machine automation interpretation mode due to rapid development of deep learning technology, for example, deep learning technology is used for identifying and classifying buildings on grid maps. Because the grid map data has complex characteristics such as spatial positioning characteristics and attribute precision characteristics which are different from those of common images, under the background of deep learning, the problem of how to prevent sensitive information contained in the grid map from being intelligently extracted and identified by a neural network constructed by a malicious user becomes difficult.
The existing grid map data protection technology mainly has the following three problems: firstly, the existing data encryption method is usually established on the basis of a computational complexity theory, and the problems of low encryption efficiency, easy damage to an original data structure, expansion of data volume and the like generally exist in the encryption of raster map data; the existing grid map digital watermark protection technology generally utilizes carrier data redundancy to embed watermark information to provide aspects such as copyright protection, anti-counterfeiting tracing, hidden identification, authentication and safe hidden communication, and provides safety characteristics such as data integrity, concealment, robustness and tamper resistance, but generally cannot ensure the confidentiality of data. Secondly, the existing method focuses on optimization and improvement of algorithm function and efficiency, and the integration processing of data, and the like, and has the problem that fine desensitization protection is difficult to be performed on sensitive data of a specific type, a specific area or a specific attribute. Finally, the existing method is difficult to realize automatic and intelligent data desensitization processing, and cannot provide guarantee for grid map data security under the deep learning background due to the low processing efficiency caused by coarse-grained data processing.
Disclosure of Invention
In order to overcome the defects, the invention provides a grid map data protection method based on a countermeasure patch. The invention can mislead and disturb the grid map data intelligent identification system, so that the network of an attacker outputs wrong classification results, the purpose of effectively resisting the network model of the attacker to identify the sensitive geographic target is achieved, and the safety of the grid map data is improved.
The invention provides a grid map data protection method based on a countercheck patch, which specifically comprises the following steps:
s101: acquiring a geographic target image;
s102: initializing a patch, and inputting the initialized patch and the geographic target image to a constructed neural network model together;
s103: guiding a neural network to iteratively update the value of the patch by using a random gradient descent method and a scrambling degree evaluation method so as to train the patch, and finally selecting the patch with the highest expected probability of classifying the geographic target image into a target class as a counterpatch generation result;
s104: acquiring the area position of the geographic target on the geographic target image by using an area correction method;
s105: jointly deciding an application mode of the anti-patch in the region where the geographic target is located by using an Actor-Critic method and an image similarity evaluation method based on multiple features;
s106: a geographic target image with a countermeasure patch is obtained.
Further, the neural network model in step S102 includes inclusion v3, Resnet50, Xception, VGG16, and VGG 19.
Further, in step S102, the classification target class of the neural network includes: a category for which it is desirable to misclassify the geographic object and a category for which it is desirable to correctly classify the geographic object.
Further, the patch initialization specifically includes: one target category image is designated as an initial patch or one target category image is randomly selected as an initial patch.
Step S103 specifically includes:
s201: setting iteration times of patch training;
s202: randomly generating the placement position, the scaling size and the rotation angle of the patch on the geographic target image;
s203: the patch is added on the geographic target image through an operator of the patch application, and the calculation method comprises the following steps:
img′=G(img,p,l,t(s,z))
wherein img represents a geographical target image, p represents a patch, l represents a patch placement position, a function t represents a transformation operation performed on the patch, s represents a scaling, z represents a rotation angle, and img' represents the geographical target image after the patch is applied;
s204: guiding patch updating by using a random gradient descent method and a scrambling degree evaluation method;
s205: calculating the expected probability of img' being classified into the correct target class, and taking the patch which can maximize the expected probability as the updating result, wherein the calculation formula is as follows:
whereinRepresenting the correct target category, I is a geographic target image set, T is the distribution of patch conversion, L is the distribution of image positions, and Pr operation represents probability calculation;
s206: judging whether the preset iteration times are reached, if so, finishing the training, and turning to step 207; otherwise, returning to the step 202 and continuing the iteration;
s207: and outputting and recording the anti-patch generation result of the last iteration.
Further, step S104 specifically includes:
s301: generating a candidate region by using a region correction method;
s302: selecting a candidate region with the highest regional score as the regional position of the geographic target on the geographic target image; wherein a region is scored as a classification probability that the region contains a geographic object.
Further, in step S105, the Actor-Critic algorithm passes through the policy function pi θ (as) learning the patch placement strategy and applying a function V to the value of the current strategy φ (s) estimating.
In step S105, the distribution characteristics of the gray scale, the chromaticity, and the texture are comprehensively considered based on the multi-characteristic image similarity evaluation, and the calculation formula is as follows:
S=(D g ≥h g )∩(D c ≥h c )∩(D k ≥h k )
wherein D is g And h g Respectively representing the degree of similarity of the grey scale distribution and the corresponding threshold, D c And h c Respectively representing the chroma distribution similarity and a corresponding threshold, D k And h k Respectively representing the similarity of the texture features and the corresponding threshold values.
The beneficial effects provided by the invention are as follows: the invention can mislead and disturb the grid map data intelligent identification system, so that the network of an attacker outputs wrong classification results, the purpose of effectively resisting the network model of the attacker to identify the sensitive geographic target is achieved, and the safety of the grid map data is improved. The grid map sensitive information protection method and the grid map sensitive information protection device can be suitable for providing guarantee for grid map sensitive information protection in different application scenes, and make up for the blank field of grid map sensitive information protection in deep learning background at home at present.
Drawings
FIG. 1 is a flow chart of a method for raster map data protection based on a countercheck patch according to the present invention;
FIG. 2 is a schematic diagram of the generation of a countermeasure training;
FIG. 3 is a schematic diagram of the application of a countermeasure patch;
FIG. 4 is a diagram of the effectiveness of anti-patch generation;
FIG. 5 is a diagram of the effectiveness of the application of a countermeasure patch;
FIG. 6 is a diagram of the effect of geographic object recognition before and after application of a countermeasure patch;
fig. 7 is a diagram of the effect of the attack against the patch under different environments.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be further described with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for protecting raster map data based on countermeasures for patches according to the present invention; a grid map data protection method based on countercheck patches comprises the following steps:
s101: acquiring a geographic target image;
s102: initializing a patch, and inputting the initialized patch and the geographic target image to a constructed neural network model together;
s103: guiding a neural network to iteratively update the value of the patch by using a random gradient descent method and a scrambling degree evaluation method so as to train the patch, and finally selecting the patch which can enable the geographic target image to be classified into a target class and has the highest expected probability as a countercheck patch generation result;
s104: acquiring the area position of the geographic target on the geographic target image by using an area correction method;
s105: jointly deciding an application mode of the anti-patch in the region where the geographic target is located by using an Actor-Critic method and a multi-feature-based image similarity evaluation method;
s106: a geographic target image with a countermeasure patch is obtained.
The neural network model in step S102 includes inclusion v3, respet 50, Xception, VGG16, and VGG 19.
In step S102, the classification target class of the neural network includes: a category for which it is desirable to misclassify the geographic object and a category for which it is desirable to correctly classify the geographic object.
The patch initialization specifically comprises the following steps: one target category image is designated as an initial patch or one target category image is randomly selected as an initial patch.
Step S103 specifically includes:
s201: setting iteration times of patch training;
s202: randomly generating the placement position, the scaling size and the rotation angle of the patch on the geographic target image;
s203: the patch is added on the geographic target image through an operator of the patch application, and the calculation method comprises the following steps:
img′=G(img,p,l,t(s,z))
the method comprises the following steps that img represents a geographic target image, p represents a patch, l represents a patch placement position, a function t represents transformation operation on the patch, s represents a scaling ratio, z represents a rotation angle, and img' represents the geographic target image after the patch is applied;
s204: guiding patch updating by using a random gradient descent method and a scrambling degree evaluation method;
s205: calculating the expected probability of the img' being classified into the correct target class, and taking the patch which can maximize the expected probability as the updating result, wherein the calculation formula is as follows:
whereinRepresenting the correct target category, I is a geographic target image set, T is the distribution of patch conversion, L is the distribution of image positions, and Pr operation represents probability calculation;
s206: judging whether the preset iteration times are reached, if so, finishing the training, and turning to step 207; otherwise, returning to the step 202 and continuing the iteration;
s207: and outputting and recording the counterwork patch generation result of the last iteration.
Preferably, the present invention provides an embodiment for generating a countermeasure patch; referring to fig. 2, fig. 2 is a schematic diagram of the generation of anti-patch training;
firstly, defining a target category, and selecting a random patch initialization mode or self-defining a corresponding target category image as an initial patch according to the target category. Secondly, the initialized patch is randomly applied to the geographic target image through a patch application operator, the processed target image is placed into a generator model, and the training and optimization of the patch are realized through continuously iteratively updating the value of the patch. The patch application operator is calculated as:
img'=G(img,p,l,t(s,z))
wherein img represents the geographic target image, p represents the patch, l represents the patch placement position, the function t represents the transformation operation performed on the patch, s represents the scaling, z represents the rotation angle, and img' represents the geographic target image after the patch is applied. In the patch training phase, the change operation of the patch is random selection.
And finally, in the process of patch training, evaluating and restraining the interference degree of the anti-patch on the target image by using the scrambling degree, and taking the evaluation result as a guidance basis for updating and optimizing the patch in the next iteration. And performing iterative training and updating optimization on the patch according to the self-defined iteration times to finally generate the counterpatch. Referring to fig. 4, fig. 4 is a diagram illustrating the effect of generating anti-patch.
Step S104 specifically includes:
s301: generating a candidate region by using a region correction method;
s302: selecting a candidate region with the highest regional score as the regional position of the geographic target on the geographic target image; wherein a region is scored as a classification probability that the region contains a geographic object.
In step S105, the Actor-Critic algorithm passes through a policy function pi θ (as) learning the patch placement strategy and applying a function V to the value of the current strategy φ (s) estimating.
In step S105, the distribution characteristics of the gray scale, the chromaticity, and the texture are comprehensively considered based on the multi-characteristic image similarity evaluation, and the calculation formula is as follows:
S=(D g ≥h g )∩(D c ≥h c )∩(D k ≥h k )
wherein D is g And h g Respectively representing the degree of similarity of the grey scale distribution and the corresponding threshold, D c And h c Respectively representing the chroma distribution similarity and a corresponding threshold, D k And h k Respectively representing the similarity of the texture features and the corresponding threshold values.
Preferably, as an embodiment of step S104, please refer to fig. 3; as shown in fig. 3, the position area of the geographic target in the image is found by the area correction method. Firstly, a plurality of candidate regions with different sizes and different positions are generated, and correction parameters are obtained through linear regression. And then translating the candidate region according to the correction parameters and correcting the size of the candidate region. And finally, calculating the probability of the target contained in each corrected candidate region as a region score, selecting the candidate region with the highest score as a finally selected region range, and then making a patch application decision in the region.
Still referring to fig. 3, the Actor-criticic algorithm and the multi-feature based image similarity evaluation method combine the placement position of the decision patch on the target image and the transformation manner of the patch. The strategy function pi is passed in the Actor-Critic algorithm θ (as) learning a patch placement policy, and estimating a value function of a current policy. The strategy function and the value function are continuously optimized between games, the strategy function executes a better patch application strategy to obtain higher return, and the value function adjusts the scoring standard of the value function according to the return.
The image similarity evaluation method based on multiple features evaluates the camouflage effect of the patch on a sensitive geographic target and guides optimization of a policy function in an Actor-Critic algorithm, and integrates the gray distribution similarity, the chroma distribution similarity and the texture feature similarity. The gray distribution similarity can be expressed as:
where L represents the total number of gray levels in the grid map target image, r k The k-th gray scale value is P (r) k ) Is to r k Is a histogram of this image, P 1 (r k ) For the gray level r in the patched target image img k The probability (frequency) of occurrence of the pixel of (P) 2 (r k ) For gray level r in original target image img k The probability of occurrence of the pixel.
The chroma distribution similarity can be expressed as:
wherein A and B are the total number of a, B chromaticity levels in the uniform color space of the grid map target image at L, a, B, respectivelyThe chromaticity of (a, b) is (r) a ,r b ),P r1 (r a ,r b ) To add a chroma histogram, P, of the anti-patched target image img r2 (r a ,r b ) Is a chrominance histogram of the original target image img.
The texture feature similarity can be expressed as:
wherein D is k And h k The 4 eigenvalue similarities and corresponding thresholds represent the energy, contrast, correlation and moment of inverse difference of img' and img, respectively.
Because the gray level similarity, the chrominance similarity and the texture feature similarity are all focused on evaluating the similarity of a certain aspect, in an actual situation, any feature difference can cause the existence of a counterpatch to be found, therefore, the intersection of all the single indexes is taken as the comprehensive similarity, namely, the comprehensive similarity of the two images img' and img is considered to meet the corresponding threshold requirement only if the similarity of each single feature reaches a certain threshold. The overall similarity can be expressed as:
S=(D g ≥h g )∩(D c ≥h c )∩A Tex
wherein h is g Threshold value, h, corresponding to the degree of similarity of the gray-scale distribution c And representing the corresponding threshold value of the chroma distribution similarity.
The method realizes the application of the anti-patch on the geographic image. Fig. 5 is a diagram of the effect of the application of the anti-patch, wherein z represents the scaling of the anti-patch in the current diagram, and each sub-diagram shows the effect of the placement of the anti-patch on different targets with a specific size, angle and placement position. Fig. 6 is a graph of the effect of recognizing geographic objects before and after the anti-patch application, comparing the probability of classifying objects into buildings in the same recognition system for the object image without the patch and the object image with the patch. Wherein the target image is exemplified by the 8 images shown in fig. 5. Fig. 7 is a diagram of the effect of the anti-patch attack in different environments, where the three curves from top to bottom are: whiteBox, BlackBox and BaseLine represent the success rate of attacks against patches in white-box environment, black-box environment and BaseLine mode, respectively.
The beneficial effects provided by the invention are as follows: the invention provides a grid map data protection method based on a countermeasure patch, aiming at the situation that the information protection technology of grid map data in an intelligent scene does not appear in the domestic market at present. The method guides the patch updating optimization by applying the scrambling degree evaluation method to the initial patch, and generates the confrontation patch with antagonism, robustness and concealment. And the position of the geographic target in the image is positioned by using a regional correction method, the patch placement range is narrowed, and the patch application efficiency is improved. The intelligent application of the anti-patch is realized by jointly deciding the application mode of the patch on the sensitive geographic target image through an Actor-Critic algorithm and an image similarity evaluation method based on multiple features. Through the mode, the intelligent identification system for the grid map data can mislead and disturb the intelligent identification system for the grid map data, so that the network of an attacker outputs wrong classification results, the purpose of effectively resisting the network model of the attacker to identify the sensitive geographic target is achieved, and the safety of the grid map data is improved. The grid map sensitive information protection method and the grid map sensitive information protection device can be suitable for providing guarantee for grid map sensitive information protection in different application scenes, and make up for the blank field of grid map sensitive information protection in deep learning background at home at present.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (6)
1. A raster map data protection method based on countercheck patches is characterized by comprising the following steps: the method specifically comprises the following steps:
s101: acquiring a geographic target image;
s102: initializing a patch, and inputting the initialized patch and the geographic target image to a constructed neural network model together;
s103: guiding a neural network to iteratively update the value of the patch by using a random gradient descent method and a scrambling degree evaluation method so as to train the patch, and finally selecting the patch with the highest expected probability of classifying the geographic target image into a target class as a counterpatch generation result;
s104: acquiring the area position of the geographic target on the geographic target image by using an area correction method;
s105: jointly deciding an application mode of the anti-patch in the region where the geographic target is located by using an Actor-Critic method and an image similarity evaluation method based on multiple features;
in step S105, the Actor-Critic algorithm passes through a policy function pi θ (as) learning the patch placement strategy and applying a function V to the value of the current strategy φ (s) performing an estimation;
in step S105, the distribution characteristics of the gray scale, the chromaticity, and the texture are comprehensively considered based on the multi-characteristic image similarity evaluation, and the calculation formula is as follows:
S=(D g ≥h g )∩(D c ≥h c )∩(D k ≥h k )
wherein D is g And h g Respectively representing the degree of similarity of the grey scale distribution and the corresponding threshold, D c And h c Respectively representing the chroma distribution similarity and corresponding threshold, D k And h k Respectively representing the similarity of the texture features and corresponding threshold values;
s106: a geographic object image with the countermeasure patch is obtained.
2. The method for grid map data protection based on countermeasures patch as claimed in claim 1, wherein: the neural network model in step S102 includes inclusion v3, Resnet50, Xception, VGG16, and VGG 19.
3. The method for protecting grid map data based on counterpatch as claimed in claim 1, wherein: in step S102, the classification target class of the neural network includes: a category for which it is desirable to misclassify the geographic object and a category for which it is desirable to correctly classify the geographic object.
4. The method for protecting grid map data based on counterpatch as claimed in claim 3, wherein: the patch initialization specifically comprises: one target category image is designated as an initial patch or one target category image is randomly selected as an initial patch.
5. The method for protecting grid map data based on counterpatch as claimed in claim 1, wherein: step S103 specifically includes:
s201: setting iteration times of patch training;
s202: randomly generating the placement position, the scaling size and the rotation angle of the patch on the geographic target image;
s203: the patch is added on the geographic target image through an operator of the patch application, and the calculation method comprises the following steps:
img′=G(img,p,l,t(s,z))
wherein img represents a geographical target image, p represents a patch, l represents a patch placement position, a function t represents a transformation operation performed on the patch, s represents a scaling, z represents a rotation angle, and img' represents the geographical target image after the patch is applied;
s204: guiding patch updating by using a random gradient descent method and a scrambling degree evaluation method;
s205: calculating the expected probability of img' being classified into the correct target class, and taking the patch which can maximize the expected probability as the updating result, wherein the calculation formula is as follows:
whereinRepresenting the correct target category, I is a geographic target image set, T is the distribution of patch conversion, L is the distribution of image positions, and Pr operation represents probability calculation;
s206: judging whether the preset iteration times are reached, if so, finishing the training, and turning to step 207; otherwise, returning to the step 202 and continuing the iteration;
s207: and outputting and recording the counterwork patch generation result of the last iteration.
6. The method for protecting grid map data based on counterpatch as claimed in claim 1, wherein: step S104 specifically includes:
s301: generating a candidate region by using a region correction method;
s302: selecting a candidate region with the highest regional score as the regional position of the geographic target on the geographic target image; wherein a region is scored as a classification probability that the region contains a geographic object.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110255017.1A CN113052167B (en) | 2021-03-09 | 2021-03-09 | Grid map data protection method based on countercheck patch |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110255017.1A CN113052167B (en) | 2021-03-09 | 2021-03-09 | Grid map data protection method based on countercheck patch |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113052167A CN113052167A (en) | 2021-06-29 |
CN113052167B true CN113052167B (en) | 2022-09-30 |
Family
ID=76510458
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110255017.1A Active CN113052167B (en) | 2021-03-09 | 2021-03-09 | Grid map data protection method based on countercheck patch |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113052167B (en) |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10997470B2 (en) * | 2019-08-30 | 2021-05-04 | Accenture Global Solutions Limited | Adversarial patches including pixel blocks for machine learning |
CN111340008B (en) * | 2020-05-15 | 2021-02-19 | 支付宝(杭州)信息技术有限公司 | Method and system for generation of counterpatch, training of detection model and defense of counterpatch |
CN111626925B (en) * | 2020-07-24 | 2020-12-01 | 支付宝(杭州)信息技术有限公司 | Method and device for generating counterwork patch |
CN112085069B (en) * | 2020-08-18 | 2023-06-20 | 中国人民解放军战略支援部队信息工程大学 | Multi-target countermeasure patch generation method and device based on integrated attention mechanism |
CN112364745B (en) * | 2020-11-04 | 2021-09-14 | 北京瑞莱智慧科技有限公司 | Method and device for generating countermeasure sample and electronic equipment |
CN112364915B (en) * | 2020-11-10 | 2024-04-26 | 浙江科技学院 | Imperceptible countermeasure patch generation method and application |
-
2021
- 2021-03-09 CN CN202110255017.1A patent/CN113052167B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN113052167A (en) | 2021-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109948658B (en) | Feature diagram attention mechanism-oriented anti-attack defense method and application | |
CN111754519B (en) | Class activation mapping-based countermeasure method | |
WO2021179157A1 (en) | Method and device for verifying product authenticity | |
CN113222802B (en) | Digital image watermarking method based on anti-attack | |
Hamid et al. | A Comparison between using SIFT and SURF for characteristic region based image steganography | |
Ulutas et al. | A new copy move forgery detection method resistant to object removal with uniform background forgery | |
CN115168210A (en) | Robust watermark forgetting verification method based on confrontation samples in black box scene in federated learning | |
Caldelli et al. | On the effectiveness of local warping against SIFT-based copy-move detection | |
CN114998080B (en) | Face tamper-proof watermark generation method, tamper detection method and attribute detection method | |
CN113435264A (en) | Face recognition attack resisting method and device based on black box substitution model searching | |
CN114244538A (en) | Digital watermark method for generating media content perception hash based on multiple attacks | |
Cui et al. | Multitask identity-aware image steganography via minimax optimization | |
Liu et al. | Data protection in palmprint recognition via dynamic random invisible watermark embedding | |
CN114881838A (en) | Bidirectional face data protection method, system and equipment for deep forgery | |
CN113052167B (en) | Grid map data protection method based on countercheck patch | |
CN112907431A (en) | Steganalysis method for resisting steganography robustness | |
CN110163163B (en) | Defense method and defense device for single face query frequency limited attack | |
CN111284157B (en) | Commodity package anti-counterfeiting printing and verifying method based on fractional order steganography technology | |
CN112200075A (en) | Face anti-counterfeiting method based on anomaly detection | |
CN113222480B (en) | Training method and device for challenge sample generation model | |
CN114299327A (en) | Anti-patch camouflage generation method based on content features | |
Lorch et al. | On the security of the one-and-a-half-class classifier for SPAM feature-based image forensics | |
Paunwala et al. | Dct watermarking approach for security enhancement of multimodal system | |
Shkilev et al. | Fortifying textual integrity: Evolutionary optimization-powered watermarking for tampering attack detection in digital documents | |
CN114254274B (en) | White-box deep learning model copyright protection method based on neuron output |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |