Neural network backdoor attack method based on frequency energy

Neural network backdoor attack method based on frequency energy

The invention relates to a neural network backdoor attack method based on frequency energy, which comprises the following steps that: an attacker firstly generates a preliminary poisoning image with a trigger, specifically, Fourier transform and Walsh-Hadamard transform are carried out on the image...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: WANG WENJIE, LI JUNJIAN, QIU JINGHAN, CHEN HONGLONG, GAO YUDONG, YU JIMIAO, LI JUNWEI
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention relates to a neural network backdoor attack method based on frequency energy, which comprises the following steps that: an attacker firstly generates a preliminary poisoning image with a trigger, specifically, Fourier transform and Walsh-Hadamard transform are carried out on the image and the trigger image to obtain frequency energy distribution of the two images; and the high-energy parts of the two frequency energy distributions are mixed in proportion to inject trigger information into image high-frequency band information. In order to reduce the influence of different high-frequency band information contained in different sample images on the trigger, an attacker adjusts the mixing proportion by judging the image contrast to control the trigger intensity so as to relieve the influence of image features on the trigger. And finally, global disturbance brought by a trigger is smoothed randomly through two times of cosine transformation, so that the visual quality of a poisoning image is improve