Method and apparatus for heuristically defending against local adversarial attack
Abstract:
The present disclosure relates to a method and apparatus for heuristically defending against a local adversarial attack through gradient optimization. The method includes: processing an original image to obtain a gradient image; selecting a noise region in the gradient image and suppressing the noise region to form a defense patch; performing gradient enhancement on the original image to form a gradient-enhanced image; and projecting the defense patch onto the gradient-enhanced image to form a defense-processed image. The present disclosure can suppress high-frequency noise and prevent a deep neural network from being attracted by the high-frequency noise to make misjudgment, to suppress an adversarial patch. In addition, a contour and texture of the original image are enhanced by performing gradient enhancement on the original image, recognition by a classifier is facilitated, and image recognition accuracy is improved.
Information query
Patent Agency Ranking
0/0