CN115761859A - Determination method and device of confrontation sample and computer readable storage medium - Google Patents
Determination method and device of confrontation sample and computer readable storage medium Download PDFInfo
- Publication number
- CN115761859A CN115761859A CN202211510764.6A CN202211510764A CN115761859A CN 115761859 A CN115761859 A CN 115761859A CN 202211510764 A CN202211510764 A CN 202211510764A CN 115761859 A CN115761859 A CN 115761859A
- Authority
- CN
- China
- Prior art keywords
- image
- face image
- face
- sample
- recognition model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Collating Specific Patterns (AREA)
Abstract
The application discloses a determination method and device of a confrontation sample and a computer readable storage medium, and relates to the field of artificial intelligence and the field of information security. Wherein, the method comprises the following steps: acquiring a face image sent by terminal equipment; inputting the face image into a face recognition model to obtain a first feature vector output by the face recognition model; filtering image interference signals in the face image to obtain a target face image, and inputting the target face image into a face recognition model to obtain a second feature vector output by the face recognition model; calculating cosine similarity between the first characteristic vector and the second characteristic vector; and when the cosine similarity is smaller than a preset threshold value, determining the face image as a confrontation sample, wherein the confrontation sample is an image with confrontation disturbance noise, and the confrontation disturbance noise is an image interference signal which enables the face recognition model to generate error classification. The application solves the technical problem of low determination efficiency of the confrontation sample in the prior art.
Description
Technical Field
The present application relates to the field of artificial intelligence and the field of information security, and in particular, to a method and an apparatus for determining a countermeasure sample, and a computer-readable storage medium.
Background
In the field of face recognition, a confrontation sample is an image sample with confrontation disturbance noise so that a face recognition model makes a wrong classification. In order to identify a countermeasure sample, a mode of modifying a face recognition model is generally adopted in the prior art, firstly a countermeasure sample used for training is constructed through a normal face image, and then the face recognition model is continuously modified and optimized based on the constructed countermeasure sample and the normal face image so as to expect to obtain the face recognition model with higher robustness.
However, this method requires preparation of a large number of normal face images and construction of a large number of confrontation samples, which results in a large workload of preparation work in the early stage, wastes a large amount of manpower and material resources, and cannot ensure that the confrontation samples can be identified by the face recognition model when the confrontation samples are not complete enough.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the application provides a method and a device for determining a countermeasure sample and a computer-readable storage medium, so as to at least solve the technical problem of low efficiency in determining the countermeasure sample in the prior art.
According to an aspect of an embodiment of the present application, there is provided a method for determining a confrontation sample, including: acquiring a face image sent by terminal equipment; inputting the face image into a face recognition model to obtain a first feature vector output by the face recognition model; filtering image interference signals in the face image to obtain a target face image, and inputting the target face image into a face recognition model to obtain a second feature vector output by the face recognition model; calculating cosine similarity between the first feature vector and the second feature vector; and when the cosine similarity is smaller than a preset threshold value, determining the face image as a confrontation sample, wherein the confrontation sample is an image with confrontation disturbance noise, and the confrontation disturbance noise is an image interference signal which causes the face recognition model to generate error classification.
Further, the method for determining the confrontation sample further comprises the following steps: and when the cosine similarity is greater than or equal to a preset threshold value, determining the face image as a normal sample, wherein the normal sample is an image without anti-disturbance noise.
Further, the method for determining the confrontation sample further comprises the following steps: and filtering target image noise in the face image to obtain a target face image, wherein the target image noise at least comprises anti-disturbance noise.
Further, the method for determining the confrontation sample further comprises the following steps: after the face image is determined to be a countermeasure sample, acquiring equipment information of the terminal equipment, wherein the equipment information at least comprises an equipment identifier of the terminal equipment; and recording the equipment information in a preset equipment list, wherein the equipment information recorded in the preset equipment list is the equipment information of the abnormal equipment.
Further, the method for determining the confrontation sample further comprises the following steps: after the device information is recorded in a preset device list, receiving a plurality of face images sent by the terminal device within a preset time period, wherein the preset time period is a time period after the current time; detecting whether all the face images are normal samples; and when all the face images are normal samples, deleting the equipment information in a preset equipment list.
Further, the method for determining the confrontation sample further comprises the following steps: after the face image is determined to be a countermeasure sample, constructing a training negative sample based on the face image; constructing a training positive sample based on the target face image; and training the face recognition model according to the training negative sample and the training positive sample to obtain an updated face recognition model.
Further, the method for determining the confrontation sample further comprises the following steps: after the face image is determined to be a confrontation sample, generating prompt information according to the face image, wherein the prompt information is used for prompting a user that the face image is an abnormal image; and sending the prompt information to the terminal equipment.
According to another aspect of the embodiments of the present application, there is also provided a determination apparatus of a confrontation sample, including: the acquisition module is used for acquiring a face image sent by the terminal equipment; the input module is used for inputting the face image into the face recognition model to obtain a first feature vector output by the face recognition model; the filtering module is used for filtering image interference signals in the face image to obtain a target face image, inputting the target face image into the face recognition model and obtaining a second feature vector output by the face recognition model; the calculating module is used for calculating cosine similarity between the first characteristic vector and the second characteristic vector; and the determining module is used for determining the face image as a confrontation sample when the cosine similarity is smaller than a preset threshold, wherein the confrontation sample is an image with confrontation disturbance noise, and the confrontation disturbance noise is an image interference signal which causes the face recognition model to generate error classification.
According to another aspect of embodiments of the present application, there is also provided a computer-readable storage medium having a computer program stored therein, wherein the computer program is configured to execute the above-mentioned determination method of the confrontation sample when running.
According to another aspect of embodiments of the present application, there is also provided an electronic device including one or more processors and a memory for storing one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the determination method of the countermeasure sample described above.
In the method, a face image sent by a terminal device is firstly obtained by calculating cosine similarity between a first feature vector and a second feature vector, then the face image is input into a face recognition model to obtain a first feature vector output by the face recognition model, an image interference signal in the face image is filtered to obtain a target face image, the target face image is input into the face recognition model to obtain a second feature vector output by the face recognition model, finally the cosine similarity between the first feature vector and the second feature vector is calculated, and when the cosine similarity is smaller than a preset threshold value, the face image is determined to be a countermeasure sample, wherein the countermeasure sample is an image with countermeasure disturbance noise, and the countermeasure disturbance noise is an image interference signal which enables the face recognition model to generate misclassification.
As can be seen from the above, in the present application, on one hand, a face image is directly input into a face recognition model to obtain a first feature vector, and on the other hand, the face image is subjected to image interference signal filtering and then input into the face recognition model to obtain a second feature vector. If a face image is not a countermeasure sample, the difference between the image after filtering the image interference signal and the original image is not large, that is, the cosine similarity between the first feature vector and the second feature vector is higher, that is, the cosine similarity is greater than or equal to the preset threshold. Therefore, according to the technical scheme, whether the face image is the countermeasure sample can be determined without modifying the face recognition model, and the countermeasure sample training face recognition model does not need to be constructed independently, so that a large amount of training time and sample preparation time can be saved, and the determination efficiency of the countermeasure sample is improved.
By means of the analysis, the technical scheme achieves the purpose of determining the confrontation sample on the basis of not modifying the face recognition model, so that the effect of reducing the training cost of the face recognition model is achieved, and the technical problem of low efficiency in determining the confrontation sample in the prior art is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a flow chart of an alternative method of determination of a challenge sample according to an embodiment of the present application;
FIG. 2 is a flow chart of another alternative method of determining a challenge sample according to an embodiment of the present application;
FIG. 3 is a flow chart of an alternative method for obtaining a face image within a predetermined time period according to an embodiment of the present application;
FIG. 4 is a schematic diagram of an confrontation sample determination device according to an embodiment of the application;
fig. 5 is a schematic diagram of an electronic device according to an embodiment of the application.
Detailed Description
In order to make the technical solutions of the present application better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In addition, it should be noted that the relevant information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) related to the present disclosure are information and data authorized by the user or sufficiently authorized by each party. For example, an interface is provided between the system and the relevant user or organization, before obtaining the relevant information, an obtaining request needs to be sent to the user or organization through the interface, and after receiving the consent information fed back by the user or organization, the relevant information is obtained.
Example 1
In accordance with an embodiment of the present application, there is provided an embodiment of a method for determining a countermeasure sample, it is noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
Fig. 1 is a flowchart of an alternative determination method of a confrontation sample according to an embodiment of the present application, as shown in fig. 1, the method including the steps of:
and step S101, acquiring a face image sent by the terminal equipment.
In step S101, the terminal device includes, but is not limited to, a smart phone, a smart tablet, a laptop, a desktop, and a monitoring security device. The terminal device at least comprises an image acquisition device for shooting a human face image, such as a camera or a camera.
In an alternative embodiment, a target application may be run on the terminal device, and the target application may be used to make mobile payments. In the mobile payment process, a user can start a face payment function, so that when the user needs to perform transfer transaction, a terminal device can acquire a face image of the user through an image acquisition device and then send the face image to a server corresponding to a target application program, and after the server receives the face image, the face image is detected according to the determination method of the confrontation sample in the embodiment of the application, so that whether the face image is the confrontation sample or not is determined.
Step S102, the face image is input into a face recognition model, and a first feature vector output by the face recognition model is obtained.
In step S102, the server runs a background service of the target application, and deploys a pre-trained face recognition model, where the face recognition model is a deep learning neural network model.
Optionally, fig. 2 shows a flowchart of another determination method of a countermeasure sample according to an embodiment of the present application. After receiving a face image sent by a terminal device, a server side performs a parallel process, the first process is to directly input the face image into a face recognition model to obtain a first feature vector Embedding1 output by the face recognition model, and for convenience of description, the first feature vector can be recorded as E1.
And step S103, filtering image interference signals in the face image to obtain a target face image, inputting the target face image into the face recognition model, and obtaining a second feature vector output by the face recognition model.
As shown in fig. 2, when performing the second processing of the parallel processing, the server performs a signal processing on the face image first, where the signal processing is mainly used to filter an image interference signal in the face image. It should be noted that, since the countermeasure sample is a kind of adding countermeasure disturbance noise to the normal image, the face recognition model generates the misclassified image, and the countermeasure disturbance noise is an image interference signal. Therefore, if a face image is a robust sample, after signal processing, the robust disturbance noise on the face image will be filtered.
After the signal processing is completed on the face image, the server may obtain a target face image, and then, the server inputs the target face image into the face recognition model, and obtains a second feature vector Embedding2 output by the face recognition model, and for convenience of description, the second feature vector may be denoted as E2.
Step S104, calculating a cosine similarity between the first feature vector and the second feature vector.
In step S104, the more similar the first feature vector and the second feature vector are, the higher the cosine similarity therebetween is. It is easy to note that if a face image is a countermeasure sample, after signal processing, the countermeasure disturbance noise in the face image is removed, in other words, the target face image has undergone a larger feature change than the original face image, and therefore, there is a larger difference between the second feature vector corresponding to the target face image and the first feature vector corresponding to the face image, that is, the cosine similarity is lower.
In addition, if one face image is not a countermeasure sample, the feature change between the target face image after signal processing and the original face image is small, even the feature change does not occur, so the cosine similarity between the obtained second feature vector and the first feature vector is higher.
Step S105, when the cosine similarity is smaller than a preset threshold, determining the face image as a countermeasure sample, wherein the countermeasure sample is an image with countermeasure disturbance noise, and the countermeasure disturbance noise is an image interference signal which enables the face recognition model to generate error classification.
In step S105, when the cosine similarity is greater than or equal to the preset threshold, the face image is determined to be a normal sample, where the normal sample is an image without anti-disturbance noise. In addition, the preset threshold may be set by self-definition, and it should be noted that, in order to ensure the accuracy of the preset threshold, the preset threshold may be determined through an experiment. For convenience of description, the preset threshold may be denoted by T in this application.
As shown in fig. 2, if cos _ sin (E1, E2) < T, the server determines that the face image sent by the terminal device is a countermeasure sample, and if cos _ sin (E1, E2) ≧ T, the server determines that the face image sent by the terminal device is a normal sample.
Based on the contents of the above steps S101 to S105, in the present application, a face image sent by the terminal device is obtained first by calculating a cosine similarity between the first feature vector and the second feature vector, then the face image is input into the face recognition model to obtain the first feature vector output by the face recognition model, and an image interference signal in the face image is filtered to obtain a target face image, the target face image is input into the face recognition model to obtain the second feature vector output by the face recognition model, and finally the cosine similarity between the first feature vector and the second feature vector is calculated, and when the cosine similarity is smaller than a preset threshold, the face image is determined to be an antagonistic sample, where the antagonistic sample is an image with antagonistic disturbance noise, and the antagonistic disturbance noise is an image interference signal that causes the face recognition model to generate an incorrect classification.
As can be seen from the above, in the present application, on one hand, a face image is directly input into a face recognition model to obtain a first feature vector, and on the other hand, the face image is subjected to image interference signal filtering and then input into the face recognition model to obtain a second feature vector, because the countermeasure sample is an image obtained by adding countermeasure disturbance noise to a normal image, if a face image is a countermeasure sample, after the image interference signal is filtered, the countermeasure disturbance noise in the face image is removed, so that there is a great difference between the second feature vector output by the face recognition model and the first feature vector, that is, the cosine similarity is lower, that is, it is smaller than the preset threshold. If a face image is not a countermeasure sample, the difference between the image after filtering the image interference signal and the original image is not large, that is, the cosine similarity between the first feature vector and the second feature vector is higher, that is, the cosine similarity is greater than or equal to a preset threshold. Therefore, according to the technical scheme, whether the face image is the confrontation sample can be determined without modifying the face recognition model, and because the confrontation sample training face recognition model does not need to be constructed independently, a large amount of training time and sample preparation time can be saved, and the determination efficiency of the confrontation sample is improved.
By means of the analysis, the technical scheme achieves the purpose of determining the confrontation sample on the basis of not modifying the face recognition model, so that the effect of reducing the training cost of the face recognition model is achieved, and the technical problem of low efficiency in determining the confrontation sample in the prior art is solved.
In an optional embodiment, in order to obtain the target face image, the server side filters target image noise in the face image to obtain the target face image, where the target image noise at least includes anti-disturbance noise.
Specifically, the server may filter target image noise in the face image using a target filter, where the target filter includes, but is not limited to, a median filter, a gaussian filter, and other filters.
In an optional embodiment, after determining that the face image is the countermeasure sample, the server further obtains device information of the terminal device, and records the device information in a preset device list, where the device information at least includes a device identifier of the terminal device, and the device information recorded in the preset device list is device information of an abnormal device.
It should be noted that, when a specific person creates a countermeasure sample, the specific person typically uses a specific device that has undergone some modification to create the countermeasure sample, and in consideration of the device cost, the number of specific devices is generally limited, so when a face image sent by a certain terminal device is determined to be the countermeasure sample, for safety, the server will regard the terminal device as an abnormal device with information security risk, and analyze and obtain the device information of the terminal device from the log by calling the log uploaded by the terminal device, and record the device information in a preset device list. The device information at least includes a device identifier of the terminal device, for example, a device model, an IP address of the device, a MAC address of the device, and the like.
In addition, after the server side continuously receives the face image sent by the terminal equipment, if the server side detects that the equipment information of the terminal equipment is recorded in a preset equipment list, the server side directly determines that the terminal equipment is abnormal equipment and rejects the face image sent by the terminal equipment, so that the information safety and fund transaction safety of the user are ensured on the equipment dimension.
In an optional embodiment, after the device information is recorded in the preset device list, the server may further receive a plurality of face images sent by the terminal device within a preset time period, where the preset time period is a time period after the current time. Then, the terminal device detects whether all the face images are normal samples, and when all the face images are normal samples, the terminal device deletes the device information in a preset device list.
Optionally, for some special cases, for example, the user has repaired the terminal device with information security risk, or the user has deleted the application program for generating the countermeasure sample in the terminal device, at this time, in order to enable the terminal device of the user to recover to normal use. The server can periodically receive a plurality of face images sent by the terminal device within a preset time, detect the plurality of face images according to the determination method of the countermeasure sample in the embodiment of the application, and delete the device information of the terminal device from a preset device list if all the plurality of face images are determined as normal samples.
The method comprises the steps of obtaining a plurality of face images, wherein the obtaining of the face images at least comprises two types, one type is that the face images are obtained from the fact that application information sent by a user through terminal equipment is received, and the application information is an application request used by the user for requesting the terminal equipment to be recovered to be normally used. For example, the user sends the application information through the terminal device, and the time when the server receives the application information is T1, the server will obtain a plurality of face images sent by the terminal device within a preset time period from T1, where the preset time period can be set by user, for example, three days, a week, a month, and the like. If all the obtained face images are normal samples, the server deletes the equipment information of the terminal equipment in a preset equipment list, and sends first recovery information to the terminal equipment, wherein the first recovery information is used for representing that the application information successfully passes; if at least one confrontation sample exists in the face images, the server side continuously keeps the equipment information of the terminal equipment in a preset equipment list and sends second reply information to the terminal equipment, wherein the second reply information is used for representing that the application information does not pass successfully.
Another way of obtaining is shown in fig. 3:
step one, the server acquires time when the device information is successfully added into a preset device list, determines the time as starting time, and then acquires a plurality of face images sent by the terminal device within a preset time period from the starting time, wherein the preset time period can be set in a self-defined mode, for example, three days, one week, one month and the like.
Step two, if all the obtained face images are normal samples, the server side deletes the equipment information of the terminal equipment in a preset equipment list, and skips to step four;
step three, if at least one confrontation sample exists in the face images, the server side continuously keeps the equipment information of the terminal equipment in a preset equipment list, and the starting time in the step one is updated to be the current time;
step four, the server side detects whether the equipment information of the terminal equipment still remains in the preset equipment list, if not, the whole process is directly ended, and if yes, the steps from the first step to the third step are repeatedly executed.
In an optional embodiment, after the face image is determined to be the countermeasure sample, the server side further constructs a training negative sample based on the face image, constructs a training positive sample based on the target face image, and finally trains the face recognition model according to the training negative sample and the training positive sample to obtain the updated face recognition model.
It is easy to notice that if the face image sent by the terminal device is detected to be a confrontation sample, the server can directly use the confrontation sample as a training negative sample for optimizing the face recognition model, and compared with the prior art in which technicians need to spend a lot of time on constructing the confrontation sample, the method for acquiring the confrontation sample is more direct and the acquisition cost is lower. In addition, if one face image is a countermeasure sample, after filtering out image interference signals on the face image, the server-side equivalently filters out countermeasure interference noise on the face image, and the finally obtained target face image is exactly a normal sample corresponding to the face image. On the basis, the server side can directly use the face images to construct training negative samples, can also use the target face images to construct training positive samples, and finally carries out optimization training on the face recognition model according to the training negative samples and the training positive samples, so that the robustness of the face recognition model is improved.
In an optional embodiment, after the face image is determined to be the confrontation sample, the server generates prompt information according to the face image, and sends the prompt information to the terminal device. The prompt information is used for prompting the face image of the user to be an abnormal image.
Optionally, a user of the terminal device may not know that the terminal device has become an abnormal device, for example, when the user uses the terminal device to browse a certain abnormal website, the abnormal website may automatically push an installation package of an abnormal application program to the terminal device, and the user is tricked to install the abnormal application program by using false software description information, but after the terminal device successfully installs the abnormal application program, the abnormal application program performs specific processing on a face image acquired by the terminal device, so that the face image becomes a countermeasure sample. In order to timely inform a user that the terminal equipment used by the user has a fund transaction safety risk, after the server detects that the face image sent by the terminal equipment is a countermeasure sample, prompt information is generated according to the face image and sent to the terminal equipment, so that the face image of the user is timely prompted to be an abnormal image, and the terminal equipment used by the user is prompted to possibly have the fund transaction safety risk.
Example 2
The embodiment of the present application further provides a determination apparatus for a confrontation sample, and it should be noted that the determination apparatus for a confrontation sample according to the embodiment of the present application can be used to execute the determination method for a confrontation sample provided in embodiment 1 of the present application. The following describes an apparatus for determining a challenge sample according to an embodiment of the present application.
Fig. 4 is a schematic diagram of a determination apparatus of a challenge sample according to an embodiment of the present application. As shown in fig. 4, the apparatus includes: an obtaining module 401, configured to obtain a face image sent by a terminal device; an input module 402, configured to input a face image into a face recognition model to obtain a first feature vector output by the face recognition model; the filtering module 403 is configured to filter an image interference signal in the face image to obtain a target face image, input the target face image into the face recognition model, and obtain a second feature vector output by the face recognition model; a calculating module 404, configured to calculate a cosine similarity between the first feature vector and the second feature vector; the determining module 405 is configured to determine the face image as a countermeasure sample when the cosine similarity is smaller than a preset threshold, where the countermeasure sample is an image with countermeasure disturbance noise, and the countermeasure disturbance noise is an image interference signal that causes the face recognition model to generate an erroneous classification.
Optionally, the apparatus for determining the confrontation sample further includes: the first determining module is used for determining the face image as a normal sample when the cosine similarity is greater than or equal to a preset threshold, wherein the normal sample is an image without anti-disturbance noise.
Optionally, the filtering module further includes: and the filtering unit is used for filtering target image noise in the face image to obtain a target face image, wherein the target image noise at least comprises anti-disturbance noise.
Optionally, the apparatus for determining the confrontation sample further includes: the device comprises a first acquisition module and a recording module. The first obtaining module is used for obtaining equipment information of the terminal equipment, wherein the equipment information at least comprises an equipment identifier of the terminal equipment; the recording module is used for recording the equipment information in a preset equipment list, wherein the equipment information recorded in the preset equipment list is the equipment information of abnormal equipment.
Optionally, the apparatus for determining the confrontation sample further includes: the device comprises a receiving module, a detecting module and a deleting module. The receiving module is used for receiving a plurality of face images sent by the terminal equipment within a preset time period, wherein the preset time period is a time period after the current time; the detection module is used for detecting whether all the face images are normal samples; and the deleting module is used for deleting the equipment information in the preset equipment list when all the face images are normal samples.
Optionally, the apparatus for determining the confrontation sample further includes: the system comprises a first building module, a second building module and a training module. The first construction module is used for constructing a training negative sample based on the face image; the second construction module is used for constructing a training positive sample based on the target face image; and the training module is used for training the face recognition model according to the training negative sample and the training positive sample to obtain an updated face recognition model.
Optionally, the apparatus for determining the confrontation sample further includes: the device comprises a generating module and a sending module. The generating module is used for generating prompt information according to the face image, wherein the prompt information is used for prompting a user that the face image is an abnormal image; and the sending module is used for sending the prompt information to the terminal equipment.
Example 3
According to another aspect of embodiments of the present application, there is also provided a computer-readable storage medium having a computer program stored therein, wherein the computer program is configured to execute the determination method of the countermeasure sample in embodiment 1 described above when running.
Example 4
According to another aspect of embodiments of the present application, there is also provided an electronic device including one or more processors and a memory for storing one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the determination method of the countermeasure sample in embodiment 1 described above.
As shown in fig. 5, an embodiment of the present application provides an electronic device, where the device includes a processor, a memory, and a program stored in the memory and executable on the processor, and the processor executes the program to implement the following steps:
acquiring a face image sent by terminal equipment; inputting the face image into a face recognition model to obtain a first feature vector output by the face recognition model; filtering image interference signals in the face image to obtain a target face image, inputting the target face image into a face recognition model, and obtaining a second feature vector output by the face recognition model; calculating cosine similarity between the first characteristic vector and the second characteristic vector; and when the cosine similarity is smaller than a preset threshold value, determining the face image as a confrontation sample, wherein the confrontation sample is an image with confrontation disturbance noise, and the confrontation disturbance noise is an image interference signal which causes the face recognition model to generate error classification.
Optionally, the processor executes the program to further implement the following steps: and when the cosine similarity is greater than or equal to a preset threshold value, determining the face image as a normal sample, wherein the normal sample is an image without anti-disturbance noise.
Optionally, the following steps are also implemented when the processor executes the program: and filtering the target image noise in the face image to obtain a target face image, wherein the target image noise at least comprises anti-disturbance noise.
Optionally, the following steps are also implemented when the processor executes the program: after the face image is determined to be a confrontation sample, acquiring equipment information of the terminal equipment, wherein the equipment information at least comprises an equipment identifier of the terminal equipment; and recording the equipment information in a preset equipment list, wherein the equipment information recorded in the preset equipment list is the equipment information of the abnormal equipment.
Optionally, the following steps are also implemented when the processor executes the program: after the device information is recorded in a preset device list, receiving a plurality of face images sent by the terminal device within a preset time period, wherein the preset time period is a time period after the current time; detecting whether all the face images are normal samples; and when all the face images are normal samples, deleting the equipment information in a preset equipment list.
Optionally, the processor executes the program to further implement the following steps: after the face image is determined to be a confrontation sample, constructing a training negative sample based on the face image; constructing a training positive sample based on the target face image; and training the face recognition model according to the training negative sample and the training positive sample to obtain an updated face recognition model.
Optionally, the processor executes the program to further implement the following steps: after the face image is determined to be a confrontation sample, generating prompt information according to the face image, wherein the prompt information is used for prompting a user that the face image is an abnormal image; and sending the prompt information to the terminal equipment.
The above-mentioned serial numbers of the embodiments of the present application are merely for description, and do not represent the advantages and disadvantages of the embodiments.
In the embodiments of the present application, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to the related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, a division of a unit may be a division of a logic function, and an actual implementation may have another division, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or may not be executed. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be an indirect coupling or communication connection through some interfaces, units or modules, and may be electrical or in other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present application and it should be noted that, as will be apparent to those skilled in the art, numerous modifications and adaptations can be made without departing from the principles of the present application and such modifications and adaptations are intended to be considered within the scope of the present application.
Claims (10)
1. A method for determining a challenge sample, comprising:
acquiring a face image sent by terminal equipment;
inputting the face image into a face recognition model to obtain a first feature vector output by the face recognition model;
filtering image interference signals in the face image to obtain a target face image, and inputting the target face image into the face recognition model to obtain a second feature vector output by the face recognition model;
calculating cosine similarity between the first feature vector and the second feature vector;
and when the cosine similarity is smaller than a preset threshold value, determining the face image as a countermeasure sample, wherein the countermeasure sample is an image with countermeasure disturbance noise, and the countermeasure disturbance noise is an image interference signal which enables the face recognition model to generate error classification.
2. The method of claim 1, further comprising:
and when the cosine similarity is greater than or equal to the preset threshold, determining the face image as a normal sample, wherein the normal sample is an image without the anti-disturbance noise.
3. The method of claim 1, wherein filtering image interference signals in the face image to obtain a target face image comprises:
and filtering target image noise in the face image to obtain the target face image, wherein the target image noise at least comprises the anti-disturbance noise.
4. The method of claim 1, wherein after determining that the face image is a challenge sample, the method further comprises:
acquiring equipment information of the terminal equipment, wherein the equipment information at least comprises an equipment identifier of the terminal equipment;
and recording the equipment information in a preset equipment list, wherein the equipment information recorded in the preset equipment list is the equipment information of abnormal equipment.
5. The method of claim 4, wherein after recording the device information in a preset device list, the method further comprises:
receiving a plurality of face images sent by the terminal equipment within a preset time period, wherein the preset time period is a time period after the current time;
detecting whether all the face images are normal samples;
and deleting the equipment information in the preset equipment list when all the face images are normal samples.
6. The method of claim 1, wherein after determining that the face image is a challenge sample, the method further comprises:
constructing a training negative sample based on the face image;
constructing a training positive sample based on the target face image;
and training the face recognition model according to the training negative sample and the training positive sample to obtain an updated face recognition model.
7. The method of claim 1, wherein after determining that the face image is a challenge sample, the method further comprises:
generating prompt information according to the face image, wherein the prompt information is used for prompting a user that the face image is an abnormal image;
and sending the prompt information to the terminal equipment.
8. A challenge sample determination apparatus, comprising:
the acquisition module is used for acquiring a face image sent by the terminal equipment;
the input module is used for inputting the face image into a face recognition model to obtain a first feature vector output by the face recognition model;
the filtering module is used for filtering image interference signals in the face image to obtain a target face image, inputting the target face image into the face recognition model and obtaining a second feature vector output by the face recognition model;
the calculating module is used for calculating cosine similarity between the first feature vector and the second feature vector;
and the determining module is used for determining the face image as a countermeasure sample when the cosine similarity is smaller than a preset threshold, wherein the countermeasure sample is an image with countermeasure disturbance noise, and the countermeasure disturbance noise is an image interference signal which enables the face recognition model to generate error classification.
9. A computer-readable storage medium, in which a computer program is stored, wherein the computer program is arranged to execute the method of determining a challenge sample as claimed in any one of claims 1 to 7 when executed.
10. An electronic device comprising one or more processors and memory storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of determining countermeasure samples of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211510764.6A CN115761859A (en) | 2022-11-29 | 2022-11-29 | Determination method and device of confrontation sample and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211510764.6A CN115761859A (en) | 2022-11-29 | 2022-11-29 | Determination method and device of confrontation sample and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115761859A true CN115761859A (en) | 2023-03-07 |
Family
ID=85340168
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211510764.6A Pending CN115761859A (en) | 2022-11-29 | 2022-11-29 | Determination method and device of confrontation sample and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115761859A (en) |
-
2022
- 2022-11-29 CN CN202211510764.6A patent/CN115761859A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20110246426A1 (en) | Method and apparatus for information recovery using snapshot database | |
| CN110442712B (en) | Risk determination method, risk determination device, server and text examination system | |
| CN104009964A (en) | Network link detection method and system | |
| CN111241873A (en) | Image reproduction detection method, training method of model thereof, payment method and payment device | |
| CN112001200A (en) | Identification code identification method, device, equipment, storage medium and system | |
| CN110738184B (en) | Early warning information generation method and device for paper certificates | |
| CN114841705A (en) | Anti-fraud monitoring method based on scene recognition | |
| CN111371581A (en) | Method, device, equipment and medium for detecting business abnormity of Internet of things card | |
| CN115761859A (en) | Determination method and device of confrontation sample and computer readable storage medium | |
| CN116049138A (en) | Transaction data tracing method, tracing device and tracing system | |
| CN115439247A (en) | Transaction data processing method and device | |
| CN115391224A (en) | Flow playback method and device, computer equipment and readable storage medium | |
| CN112035287B (en) | Method, device, storage medium and equipment for testing data cleaning result | |
| CN114090650A (en) | Sample data identification method and device, electronic equipment and storage medium | |
| CN113703916B (en) | Cloud virtual machine life cycle state dependency relation extraction method oriented to anomaly detection | |
| CN116431459B (en) | Distributed log link tracking data processing method and device | |
| CN116070268B (en) | Privacy data identification monitoring method, device and equipment | |
| CN110610083A (en) | Method for judging pollution of monitoring data and corresponding device | |
| CN112733916B (en) | False certificate picture identification method and device, electronic equipment and storage medium | |
| CN114666142B (en) | Object authentication method, device and system | |
| CN113220488B (en) | Recording list pasting method and device based on mobile terminal | |
| CN113034337B (en) | Image detection method and related device | |
| CN114862401A (en) | Payment abnormity processing method, device, equipment and medium | |
| CN115965461A (en) | Method and device for acquiring risk data, computer equipment and readable storage medium | |
| CN114398599A (en) | Method and system for protecting man-vehicle authentication information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |