CN115063790A - Anti-attack method and device based on three-dimensional dynamic interaction scene - Google Patents
Anti-attack method and device based on three-dimensional dynamic interaction scene Download PDFInfo
- Publication number
- CN115063790A CN115063790A CN202210689005.4A CN202210689005A CN115063790A CN 115063790 A CN115063790 A CN 115063790A CN 202210689005 A CN202210689005 A CN 202210689005A CN 115063790 A CN115063790 A CN 115063790A
- Authority
- CN
- China
- Prior art keywords
- frame
- attacked
- attack
- agent
- historical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 230000008846 dynamic interplay Effects 0.000 title claims abstract description 19
- 230000007613 environmental effect Effects 0.000 claims abstract description 31
- 230000000694 effects Effects 0.000 claims abstract description 12
- 230000008569 process Effects 0.000 claims abstract description 11
- 230000007246 mechanism Effects 0.000 claims abstract description 10
- 238000009877 rendering Methods 0.000 claims abstract description 8
- 230000006870 function Effects 0.000 claims description 24
- 230000000007 visual effect Effects 0.000 claims description 9
- 238000013528 artificial neural network Methods 0.000 claims description 7
- 238000004422 calculation algorithm Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 6
- 238000009826 distribution Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 210000002569 neuron Anatomy 0.000 claims description 3
- 238000010606 normalization Methods 0.000 claims description 3
- 230000003068 static effect Effects 0.000 abstract description 10
- 230000002452 interceptive effect Effects 0.000 description 15
- 238000013135 deep learning Methods 0.000 description 7
- 238000013136 deep learning model Methods 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000003058 natural language processing Methods 0.000 description 3
- 241000282414 Homo sapiens Species 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 241000282412 Homo Species 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000019771 cognition Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V20/00—Scenes; Scene-specific elements
- G06V20/60—Type of objects
- G06V20/64—Three-dimensional objects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V10/00—Arrangements for image or video recognition or understanding
- G06V10/70—Arrangements for image or video recognition or understanding using pattern recognition or machine learning
- G06V10/77—Processing image or video features in feature spaces; using data integration or data reduction, e.g. principal component analysis [PCA] or independent component analysis [ICA] or self-organising maps [SOM]; Blind source separation
- G06V10/774—Generating sets of training patterns; Bootstrap methods, e.g. bagging or boosting
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Artificial Intelligence (AREA)
- Health & Medical Sciences (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Software Systems (AREA)
- Processing Or Creating Images (AREA)
Abstract
The invention discloses an anti-attack method and device based on a three-dimensional dynamic interaction scene. Firstly, selecting a frame to be attacked in a historical frame of an agent by combining an attention mechanism; aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample; and finally, the countermeasure sample is utilized to carry out countermeasure attack on the intelligent body, so that the problem in the traditional static scene attack is avoided, and the attack effect in the three-dimensional dynamic interaction scene is far superior to that of the traditional attack method.
Description
The invention is a divisional application of an invention application with the application number of 202010394266.4, which is entitled "method and device for resisting attacks based on three-dimensional dynamic interaction scene" and is filed on the year 2020, 5, month 11.
Technical Field
The invention relates to an attack resisting method based on a three-dimensional dynamic interaction scene, and simultaneously relates to a corresponding attack resisting device, belonging to the technical field of machine learning.
Background
The artificial intelligence field has a long-standing technical problem: how to manufacture an agent that can sense the surrounding environment, perform human-computer interaction, and accomplish a given task through a specific sequence of actions. In recent years, deep learning has achieved remarkable achievements in a plurality of challenging fields such as computer vision and natural language processing, and the deep learning also becomes a core module for constructing environment interactive intelligent agents. Researchers have combined computer vision with deep learning models in the natural language processing field in an attempt to build agents that meet the above requirements.
At present, researchers have conducted numerous studies on environmental interactive agent navigation and question-answering tasks using deep learning. In the task, the intelligent objects are randomly placed in the virtual environment, and given the problem described by the natural language, the intelligent navigation is required to be carried out in the environment according to the first-person perspective, the target place is reached, and the given specific task is completed. Researchers can enable the intelligent agents to learn active perception, common sense reasoning and score distribution in the virtual environment, and the intelligent agents can achieve good performance in the virtual environment.
On the other hand, confrontational samples are becoming a research focus in the field of deep learning. Since the environment interactive agent decision depends on the deep learning model, the robustness of the environment interactive agent decision is threatened by the confrontation sample. Therefore, in the scene of resisting the existence of the sample, the safety and the robustness of the intelligent agent have great hidden dangers. For three-dimensional (3D) scenes, researchers have proposed many methods of attacking deep learning models. However, most of those attack methods focus on static space issues only.
The environment interactive intelligent agent navigation and question-answering task is different from the deep learning task of a static scene, and the particularity of the environment interactive intelligent agent navigation and question-answering task lies in that: the agent can move, interact, navigate autonomously in the virtual environment in which it is located, and communicate with humans. The method is consistent with the traditional static scene problem, so that due to the fact that factors such as the angle and the distance of an intelligent agent for observing an object cause noise content change, the intelligent agent can easily ignore noise in the environment, and further poor attack results are caused.
Disclosure of Invention
The invention aims to provide an attack resisting method based on a three-dimensional dynamic interaction scene.
The invention provides an anti-attack device based on a three-dimensional dynamic interaction scene.
In order to achieve the purpose, the invention adopts the following technical scheme:
according to a first aspect of the embodiments of the present invention, there is provided a method for countering attacks based on a three-dimensional dynamic interaction scene, including the following steps:
selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
and carrying out counterattack on the agent by utilizing the counterattack sample.
Preferably, the attention mechanism is combined with historical frames of the agent, and the frame to be attacked is selected, specifically including:
calculating the decision contribution degree of each historical frame to the agent;
carrying out normalization processing on the decision contribution degree of each historical frame to obtain the weight of each historical frame;
the weights are sorted by a small order, and the top M (M > 0) historical frames are designated as the frames to be attacked.
Preferably, the calculation formula of the decision contribution degree is as follows:
in formula (1), y is the correct category, and Z is the feature of the current historical frame at a specific layer of the neural network,
the ith row and jth column values representing the nth neuron in the current network feature, u and v represent the height and width, respectively, of a particular layer feature of the neural network.
Preferably, the calculation formula of the weight is:
in the formula (2), μ is the mean value of the weights of the historical frames, σ is the variance of the historical frames, and e is a very small nonzero value for avoiding the situation that the denominator is zero.
Wherein preferably, specifically include:
acquiring the three-dimensional attribute of an environmental object appearing in a frame to be attacked;
constructing a conductive renderer, and optimizing three-dimensional counternoise by using a gradient descent algorithm and combining with a loss function of an intelligent agent;
and correspondingly adding three-dimensional counternoise into the three-dimensional attributes of the environmental object appearing in the frame to be attacked, thereby forming a corresponding countersample.
Preferably, after the three-dimensional counternoise is correspondingly added to the three-dimensional attribute of the environmental object appearing in the frame to be attacked, the method further comprises the following steps:
and when the loss function of the agent reaches a preset condition, stopping generating the countermeasure sample.
Preferably, the expression of the loss function is:
in the formula (3), x m Representing the mth environmental object in the current frame to be attacked, y is a real label, lambda is used for balancing the attack effect and the visual effect, and x adv Is expressed according to x m The generated environmental object with the resistance to the attack,
is a decision model for an agent that is,
for a conductive renderer, C is the current environment variable, C is the distribution of the environment variables, E c~C Indicating that the environment variable corresponds to the expectation.
Preferably, the expression of the countermeasure sample is:
in the formula (4), phi m Three-dimensional Properties, S, representing the mth Environment object in the Current historical frame k Representing all objects in the current frame to be attacked, K being the total number of objects in the current history frame, the function Φ () representing the environmental object selected from the K objects of the current history frame,
is the weight of the current historical frame.
Preferably, the attack effect loss function is defined as:
the visual effects loss function is defined as:
wherein, P represents the probability of the agent in decision, and S represents the frame to be attacked.
According to a second aspect of the embodiments of the present invention, there is provided an anti-attack apparatus based on a three-dimensional dynamic interaction scenario, including a processor and a memory, where the processor reads a computer program in the memory to perform the following operations:
selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
and carrying out counterattack on the agent by utilizing the counterattack sample.
The embodiment of the invention provides an anti-attack method based on a three-dimensional dynamic interaction scene, which is characterized in that a frame to be attacked is selected from historical frames of an agent by combining an attention mechanism, so that the optimal attack position is determined; and then, introducing a conductive rendering process to generate a confrontation sample, and finally, utilizing the confrontation sample to carry out confrontation attack, thereby avoiding the problems in the traditional static scene attack and enabling the attack effect in the three-dimensional dynamic interactive scene to be far superior to that of the traditional attack method.
Drawings
FIG. 1 is a flow chart of a method for countering attacks provided by the present invention;
fig. 2 is a structural example diagram of an attack-fighting device provided by the present invention.
Detailed Description
The technical contents of the invention are described in detail below with reference to the accompanying drawings and specific embodiments.
Deep learning has now achieved excellent success in a number of challenging areas such as computer vision and natural language processing. In the field of agent-related research, deep learning is an indispensable tool, and core modules of environment interactive agent navigation and question-and-answer tasks, for example, are composed of deep learning models. In the task, the intelligent objects are randomly placed in a simulation environment, and given the problem described by the natural language, the intelligent navigation is required to be carried out in the environment according to the first-person perspective, the target place is reached, and the given specific task is completed. Although agents perform well in a virtual environment, virtual environments often lack the noise that is inevitable in real environments, such as confrontational samples.
The countermeasure samples are the samples generated by slightly adjusting the original samples, which have no influence on the cognition and object recognition of human beings, but they can mislead the deep neural network to make wrong decisions, which poses a serious security threat to the practical application of machine learning in the digital and physical world. Since the three-dimensional dynamic interactive agent decision depends on a deep learning model, the robustness of the three-dimensional dynamic interactive agent decision is threatened by the confrontation sample. Challenge samples refer to a very subtle noise of design that is indistinguishable to the human eye but devastating to deep learning models:
F θ (x adv )≠y s.t.||x-x adv ||<ε
where x denotes a normal sample, x adv Representing a challenge sample. x and x adv There is a visual similarity between them, with distances less than ε, but the deep learning model F misclassifies them.
As shown in fig. 1, the attack countermeasure method based on the three-dimensional dynamic interaction scene provided by the embodiment of the present invention includes the following steps:
101. selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
specifically, the method comprises the following steps:
1011. calculating the decision contribution degree of each historical frame to the agent;
the calculation formula of the decision contribution degree is as follows:
in formula (1), y is the correct category, and Z is the feature of the current historical frame at a specific layer of the neural network,
the ith row and jth column values representing the nth neuron in the current network feature, u and v represent the height and width, respectively, of a particular layer feature of the neural network.
1012. Carrying out normalization processing on the decision contribution degree of each historical frame to obtain the weight of each historical frame;
the calculation formula of the weight is as follows:
in the formula (2), μ is the mean value of the weights of the historical frames, σ is the variance of the historical frames, and e is a very small nonzero value for avoiding the situation that the denominator is zero.
1013. The weights are sorted by a small order, and the top M (M > 0) historical frames are designated as the frames to be attacked.
In the existing method, the three-dimensional physical attributes of the object are often modified in a static scene, or the information acquired from a static view is often operated in a non-interactive scene. If the particularity of the three-dimensional dynamic interactive intelligent agent on the time dimension and the space dimension is ignored and the three-dimensional dynamic interactive intelligent agent is treated in accordance with the problem of the traditional static scene, the noise content changes due to factors such as the angle and the distance of the intelligent agent for observing the object, the intelligent agent can easily ignore the noise in the environment, and the poor attack result is further caused.
In the embodiment of the invention, when making a current decision, an agent in the three-dimensional dynamic interactive scene does not only depend on the currently seen picture of the frame, but also depends on the previously seen picture of the historical frame. Therefore, the most important frame for the current decision is needed to be found in the historical frames passed by the agent for attack. The "most important" assessment needs to be performed by the decision degree or weight of each historical frame. It is assumed that the found frames to be attacked are the 3 rd frame, the 6 th frame and the 9 th frame in the history frames.
102. Aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
specifically, the method comprises the following steps:
1021. acquiring the three-dimensional attribute of an environmental object appearing in a frame to be attacked;
in the embodiment of the invention, the environmental objects are all objects appearing in the frame to be attacked; three-dimensional attributes are physical attributes of each object, such as: shape, texture, etc. Physical attributes of all objects appearing at frames 3, 6 and 9 are obtained.
1022. Constructing a conductive renderer, and optimizing three-dimensional counternoise by using a gradient descent algorithm and combining with a loss function of an intelligent agent;
in the embodiment of the invention, the gradient descent algorithm is simple and convenient, and can be quickly optimized according to the three-dimensional attributes of the environmental object. Since the 2D picture is seen by the agent, we need to render the three-dimensional object as a 2D picture through the conductive renderer when we change the three-dimensional attributes of the environmental object.
The expression of the loss function is:
in the formula (3), x m Representing the mth environmental object in the current frame to be attacked, y is a real label, lambda is used for balancing the attack effect and the visual effect, and x adv Is expressed according to x m The generated environmental object with the resistance to the attack,
is a decision model for an agent that is,
for a conductive renderer, C is the current environment variable, C is the distribution of the environment variables, E c~C Indicating that the environment variable corresponds to the expectation.
The environmental object with the resistance to attack is the environmental object with the noise increased. Assuming that the pattern of the table in frame 3 is modified, the modified table in frame 3 is an environmental object with anti-attack property.
The attack effect loss function is defined as:
the visual effects loss function is defined as:
wherein, P represents the probability of the agent in decision, and S represents the frame to be attacked.
The effect of the attack effect loss function is to mislead the model of the three-dimensional dynamic interaction scene agent to make a wrong decision. The visual effect loss function has the function of ensuring that the attribute of the attack sample is close to that before the attack, and further ensuring that the visual effect of the confrontation sample is basically unchanged before and after the attack.
1023. Correspondingly adding three-dimensional counternoise into the three-dimensional attributes of the environmental object appearing in the frame to be attacked, thereby forming a corresponding countersample;
the expression of the confrontation sample is:
in the formula (4), phi m Three-dimensional Properties, S, representing the mth Environment object in the Current historical frame k Representing all objects in the current frame to be attacked, K being the total number of objects in the current history frame, the function Φ () representing the environmental object selected from the K objects of the current history frame,
is the weight of the current historical frame.
1024. And when the loss function of the agent reaches a preset condition, stopping generating the countermeasure sample.
In the embodiment of the invention, the three-dimensional attribute is changed in the optimization process, so that the loss function is minimized. And calculating a loss function through an iterative algorithm, and stopping generating the countermeasure sample when the iteration number reaches a preset threshold value or the value of the added noise reaches a preset upper limit.
103. And carrying out counterattack on the agent by utilizing the counterattack sample.
In the embodiment of the invention, the frame which is most important for the intelligent agent to make a decision in the historical frames is taken as the frame to be attacked. The frame to be attacked represents the optimal attack position, and the optimal attack is carried out aiming at each object in the frame to be attacked, so that the attack effect can be ensured to the maximum extent. In the process of optimizing the attack, the three-dimensional attributes of the environment object are changed through a conductive renderer and a gradient descent algorithm, so that three-dimensional counternoise is increased for the environment object of the frame pair to be attacked; and the three-dimensional countermeasure noise is constrained by a loss function. Therefore, the problems in the traditional static scene attack are avoided, and the attack effect in the three-dimensional dynamic interactive scene is far superior to that of the traditional attack method.
Further, the present invention also provides an anti-attack apparatus based on a three-dimensional dynamic interaction scenario, as shown in fig. 2, which includes a processor 22 and a memory 21, and may further include a communication component, a sensor component, a power component, a multimedia component, and an input/output interface according to actual needs. The memory, communication components, sensor components, power components, multimedia components, and input/output interfaces are coupled to the processor 22. As mentioned above, the memory 21 in the node device may be a Static Random Access Memory (SRAM), an Electrically Erasable Programmable Read Only Memory (EEPROM), an Erasable Programmable Read Only Memory (EPROM), a Programmable Read Only Memory (PROM), a Read Only Memory (ROM), a magnetic memory, a flash memory, etc., and the processor may be a Central Processing Unit (CPU), a Graphic Processing Unit (GPU), a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), a Digital Signal Processing (DSP) chip, etc. Other communication components, sensor components, power components, multimedia components, etc. may be implemented using common components in existing smartphones and are not specifically described herein.
On the other hand, in the above-mentioned three-dimensional dynamic interaction scenario-based counter attack apparatus, the processor 22 reads the computer program in the memory 21 for performing the following operations:
selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
and carrying out counterattack on the agent by utilizing the counterattack sample.
In the embodiment of the invention, the frame which is most important for the intelligent agent to make a decision is found as the frame to be attacked; then, the three-dimensional attributes of all environment objects in the frame to be attacked are attacked, so that the purpose of deceiving the intelligent agent can be achieved. Furthermore, the robustness and stability of the intelligent agent in a three-dimensional dynamic interaction scene are improved.
The method and the device for resisting attacks based on the three-dimensional dynamic interaction scene provided by the invention are explained in detail above. It will be apparent to those skilled in the art that any obvious modifications thereof can be made without departing from the spirit of the invention, which infringes the patent right of the invention and bears the corresponding legal responsibility.
Claims (10)
1. An attack resisting method based on a three-dimensional dynamic interaction scene is characterized by comprising the following steps:
selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
and carrying out counterattack on the agent by utilizing the counterattack sample.
2. The method according to claim 1, wherein the method for resisting attack in combination with the attention mechanism selects a frame to be attacked from the historical frames of the agent, and specifically comprises:
calculating the decision contribution degree of each historical frame to the agent;
carrying out normalization processing on the decision contribution degree of each historical frame to obtain the weight of each historical frame;
and ordering the weights by a small order, and designating the first M historical frames as frames to be attacked, wherein M is greater than 0.
3. The method of combating attacks according to claim 2, wherein said decision contribution is calculated by the formula:
wherein y is the correct category, Z is the characteristic of the current historical frame at a specific layer of the neural network,
the values of the ith row and jth column representing the nth neuron in the current network feature, u and v represent the height and width, respectively, of a particular layer feature of the neural network.
4. The method of combating attacks according to claim 3, wherein said weights are calculated by the formula:
wherein, mu is the average value of the weight of each historical frame, sigma is the variance of each historical frame, and epsilon is a very small non-zero value for avoiding the condition that the denominator is zero.
5. The method according to claim 1, wherein the introducing a renderable process to the environment object of the frame to be attacked generates the countersample, specifically comprising:
acquiring the three-dimensional attribute of an environmental object appearing in a frame to be attacked;
constructing a conductive renderer, and optimizing three-dimensional counternoise by using a gradient descent algorithm and combining with a loss function of an intelligent agent;
and correspondingly adding three-dimensional counternoise into the three-dimensional attributes of the environmental object appearing in the frame to be attacked, thereby forming a corresponding countersample.
6. The method for resisting attack according to claim 5, wherein after the three-dimensional counternoise is correspondingly added to the three-dimensional attributes of the environmental object appearing in the frame to be attacked, the method further comprises:
and when the loss function of the agent reaches a preset condition, stopping generating the countermeasure sample.
7. The method of combating attack of claim 6, wherein said penalty function is expressed by:
wherein x is m Representing the mth environmental object in the current frame to be attacked, y is a real label, lambda is used for balancing the attack effect and the visual effect, and x adv Is expressed according to x m The generated environmental object with the resistance to the attack,
is a decision model for an agent that is,
for a conductive renderer, C is the current environment variable, C is the distribution of the environment variables, E c~C Indicating that the environment variable corresponds to the expectation.
8. The method of combating attack of claim 7, wherein said challenge samples are expressed by:
wherein phi is m Three-dimensional Properties, S, representing the mth Environment object in the Current historical frame k Representing all objects in the current frame to be attacked, K being the total number of objects in the current history frame, the function Φ () representing the environmental object selected from the K objects of the current history frame,
is the weight of the current historical frame.
9. The method of combating attack of claim 8, wherein said attack effect loss function is:
the visual effect loss function is:
wherein, P represents the probability of the agent in decision, and S represents the frame to be attacked.
10. An apparatus for countering attacks based on a three-dimensional dynamic interaction scenario, comprising a processor and a memory, wherein the processor reads a computer program in the memory and executes the following operations:
selecting a frame to be attacked in the historical frames of the agent in combination with an attention mechanism;
aiming at an environmental object of a frame to be attacked, a conductive rendering process is introduced to generate a confrontation sample;
and carrying out counterattack on the agent by utilizing the counterattack sample.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210689005.4A CN115063790A (en) | 2020-05-11 | 2020-05-11 | Anti-attack method and device based on three-dimensional dynamic interaction scene |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210689005.4A CN115063790A (en) | 2020-05-11 | 2020-05-11 | Anti-attack method and device based on three-dimensional dynamic interaction scene |
| CN202010394266.4A CN111767786B (en) | 2020-05-11 | 2020-05-11 | Anti-attack method and device based on three-dimensional dynamic interaction scene |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010394266.4A Division CN111767786B (en) | 2020-05-11 | 2020-05-11 | Anti-attack method and device based on three-dimensional dynamic interaction scene |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115063790A true CN115063790A (en) | 2022-09-16 |
Family
ID=72719112
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010394266.4A Active CN111767786B (en) | 2020-05-11 | 2020-05-11 | Anti-attack method and device based on three-dimensional dynamic interaction scene |
| CN202210689005.4A Pending CN115063790A (en) | 2020-05-11 | 2020-05-11 | Anti-attack method and device based on three-dimensional dynamic interaction scene |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010394266.4A Active CN111767786B (en) | 2020-05-11 | 2020-05-11 | Anti-attack method and device based on three-dimensional dynamic interaction scene |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN111767786B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111767786B (en) * | 2020-05-11 | 2023-01-24 | 北京航空航天大学 | Anti-attack method and device based on three-dimensional dynamic interaction scene |
| CN112434791A (en) * | 2020-11-13 | 2021-03-02 | 北京圣涛平试验工程技术研究院有限责任公司 | Multi-agent strong countermeasure simulation method and device and electronic equipment |
| CN114492059B (en) * | 2022-02-07 | 2023-02-28 | 清华大学 | Multi-agent confrontation scene situation assessment method and device based on field energy |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108446765A (en) * | 2018-02-11 | 2018-08-24 | 浙江工业大学 | The multi-model composite defense method of sexual assault is fought towards deep learning |
| CN111767786A (en) * | 2020-05-11 | 2020-10-13 | 北京航空航天大学 | Anti-attack method and device based on three-dimensional dynamic interaction scene |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10785237B2 (en) * | 2018-01-19 | 2020-09-22 | General Electric Company | Learning method and system for separating independent and dependent attacks |
| CN109948658B (en) * | 2019-02-25 | 2021-06-15 | 浙江工业大学 | Feature diagram attention mechanism-oriented anti-attack defense method and application |
| CN110210573B (en) * | 2019-06-11 | 2023-01-06 | 腾讯科技(深圳)有限公司 | Method and device for generating confrontation image, terminal and storage medium |
| CN110334808A (en) * | 2019-06-12 | 2019-10-15 | 武汉大学 | A kind of confrontation attack defense method based on confrontation sample training |
| CN110334749B (en) * | 2019-06-20 | 2021-08-03 | 浙江工业大学 | Anti-attack defense model based on attention mechanism, construction method and application |
| CN112836798A (en) * | 2021-01-29 | 2021-05-25 | 华中科技大学 | Non-directional white-box attack resisting method aiming at scene character recognition |
-
2020
- 2020-05-11 CN CN202010394266.4A patent/CN111767786B/en active Active
- 2020-05-11 CN CN202210689005.4A patent/CN115063790A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108446765A (en) * | 2018-02-11 | 2018-08-24 | 浙江工业大学 | The multi-model composite defense method of sexual assault is fought towards deep learning |
| CN111767786A (en) * | 2020-05-11 | 2020-10-13 | 北京航空航天大学 | Anti-attack method and device based on three-dimensional dynamic interaction scene |
Non-Patent Citations (3)
| Title |
|---|
| DONG YINPENG等: "Boosting Adversarial Attacks with Momentum", 2018 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION, 16 December 2018 (2018-12-16) * |
| LIU AISHAN等: "Adversarial Attacks for Embodied Agents", ARXIV.ORG, 19 May 2020 (2020-05-19) * |
| 易平等: "人工智能对抗攻击研究综述", 上海交通大学学报, vol. 52, no. 10, 31 October 2018 (2018-10-31) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111767786B (en) | 2023-01-24 |
| CN111767786A (en) | 2020-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111767786B (en) | Anti-attack method and device based on three-dimensional dynamic interaction scene | |
| CN111563841A (en) | High-resolution image generation method based on generation countermeasure network | |
| CN110472627A (en) | One kind SAR image recognition methods end to end, device and storage medium | |
| JP2017513144A (en) | Face authentication method and system | |
| CN108009222B (en) | Three-dimensional model retrieval method based on better view and deep convolutional neural network | |
| CN107871098A (en) | Method and device for acquiring human face characteristic points | |
| CN107944459A (en) | A kind of RGB D object identification methods | |
| CN110084293A (en) | A kind of determination method and apparatus in complete bright pattern house | |
| KR102440385B1 (en) | Method and apparatus of recognizing motion pattern base on combination of multi-model | |
| CN111311702B (en) | Image generation and identification module and method based on BlockGAN | |
| CN110111426A (en) | A kind of determination method and apparatus in sound separate pattern house | |
| CN107066979A (en) | A kind of human motion recognition method based on depth information and various dimensions convolutional neural networks | |
| CN113420289B (en) | Hidden poisoning attack defense method and device for deep learning model | |
| CN115063847A (en) | Training method and device for facial image acquisition model | |
| Li | Application of deep learning in image recognition | |
| Liu et al. | Towards transferable unrestricted adversarial examples with minimum changes | |
| CN107239827A (en) | A kind of spatial information learning method based on artificial neural network | |
| Abdi et al. | An automatic graphic pattern generation algorithm and its application to the multipurpose camouflage pattern design | |
| CN115457374B (en) | Deep pseudo-image detection model generalization evaluation method and device based on reasoning mode | |
| CN115238271A (en) | AI security detection method based on generative learning | |
| Zhu et al. | Edge orientation-based multi-view object recognition | |
| Kordos et al. | A survey of factors influencing MLP error surface | |
| Chen et al. | Deep neural network guided evolution of l-system trees | |
| De Vries | Object recognition: a shape-based approach using artificial neural networks | |
| Racz et al. | Knowledge representation by dynamic competitive learning techniques |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |