Search

CN-114648673-B - Method and device for generating challenge sample

CN114648673BCN 114648673 BCN114648673 BCN 114648673BCN-114648673-B

Abstract

The present disclosure provides a method and apparatus for generating an countermeasure sample, involving image processing, target detection, and deep learning in artificial intelligence. The method comprises the steps of obtaining an original image and an initial countermeasure sample generated according to the original image, carrying out target detection on target objects in the original image and the initial countermeasure sample to obtain detection information, constructing a loss function of the target objects according to the detection information, the original image and the initial countermeasure sample, and adjusting the initial countermeasure sample based on the loss function of the target objects to obtain a final countermeasure sample, so that the defect of low accuracy caused by manually generating the final countermeasure sample in a correlation manner can be avoided, the accuracy and reliability of the generated final countermeasure sample are improved, and the generation efficiency is improved.

Inventors

  • TIAN WEIJUAN
  • WANG YANG
  • Lv Zhonghou
  • HUANG YINGREN
  • ZHANG HUAZHENG
  • Gan Yixian
  • GAO MENGHAN

Assignees

  • 北京百度网讯科技有限公司
  • 北京百度网讯科技有限公司

Dates

Publication Date
20260421
Application Date
20220301
Priority Date
20220301

Claims (20)

  1. 1. A method of generating a challenge sample, comprising: acquiring an original image and an initial challenge sample generated according to the original image; performing target detection on the original image and the target object in the initial countermeasure sample to obtain the confidence coefficient of the target object under a real category and the confidence coefficient of the target object under other categories, wherein the other categories are categories outside the real category; constructing an inter-class differential loss function according to the confidence coefficient of the target object under other classes, wherein the inter-class differential loss function is the sum of the confidence coefficient of the target object under other classes; Constructing a loss function of the target object according to the confidence level of the target object under the real category, the inter-category difference loss function, the original image and the initial countermeasure sample; And adjusting the initial challenge sample to meet the condition that the loss function of the target object is smaller than a preset loss threshold value, and determining the adjusted initial challenge sample which meets the condition that the loss function of the target object is smaller than the loss threshold value as a final challenge sample, wherein the final challenge sample is used for training a network model, and the target objects of different network models are different.
  2. 2. The method of claim 1, wherein performing target detection on the original image and the target object in the initial challenge sample to obtain a confidence level of the target object under a true category and a confidence level of the target object under other categories, comprises: Performing target detection on a target object in the original image to obtain a real class of the target object; and carrying out target detection on the target object in the initial countermeasure sample to obtain the confidence coefficient of the target object under the real category and the confidence coefficient of the target object under other categories.
  3. 3. The method of claim 2, wherein constructing an inter-class variability loss function based on the confidence of the target object under other classes comprises: sequentially obtaining N maximum confidence degrees from the confidence degrees of the target object under other categories, wherein N is a positive integer greater than 1; and constructing the inter-class difference loss function according to the acquired N maximum confidence degrees.
  4. 4. A method according to claim 2 or 3, wherein constructing a loss function for the target object based on the confidence level of the target object under the true class, the inter-class differential loss function, the original image, and the initial challenge sample, comprises: Determining difference information between the original image and the initial challenge sample; and constructing a loss function of the target object according to the difference information, the confidence coefficient of the target object under the real category and the difference loss function between the categories.
  5. 5. The method of claim 4, the method further comprising: Determining smoothing information of the initial challenge sample, wherein the smoothing information characterizes a difference in confidence of the initial challenge sample in the same pixel location and different categories and a difference in confidence of the initial challenge sample in the same category and different pixel locations; And constructing a loss function of the target object according to the difference information, the confidence coefficient of the target object under the real category and the inter-category difference loss function, wherein the method comprises the following steps: And constructing a loss function of the target object according to the difference information, the confidence level of the target object under the real category, the inter-category difference loss function and the smooth information.
  6. 6. The method of claim 5, wherein constructing the loss function of the target object based on the difference information, the confidence of the target object under the true class, the inter-class differential loss function, and the smoothing information comprises: calculating a difference between the inter-class difference loss function and the confidence level of the target object under the real class; calculating a sum between the difference information and the smoothing information; And constructing a loss function of the target object according to the difference between the inter-class difference loss function and the confidence coefficient of the target object under the real class and the sum of the difference information and the smooth information.
  7. 7. The method of claim 1, wherein performing target detection on the original image and the target object in the initial challenge sample to obtain a confidence level of the target object under a true category and a confidence level of the target object under other categories, comprises: performing target detection on a target object in the original image to obtain the real class of the target object and the confidence degrees of the target object corresponding to the target object under each class; performing target detection on the target object in the initial countermeasure sample to obtain the confidence of the target object under other categories; The detection information obtained by carrying out target detection on the original image and the target object in the initial countermeasure sample further comprises confidence of the misjudgment object corresponding to the target object under a preset category.
  8. 8. The method of claim 7, the method further comprising: and determining the confidence coefficient of the target object under the real category according to the respective corresponding confidence coefficient of the target object under each category.
  9. 9. The method of claim 8, wherein determining the confidence level of the target object under the true category based on the respective confidence levels of the target object under each category comprises: according to the respective corresponding confidence degrees of the target objects under each class, determining the confidence degrees of the target objects under the preset misjudgment classes of the target objects; Acquiring target confidence coefficients from the respective corresponding confidence coefficients of the target objects under each class, wherein the target confidence coefficients are larger than the confidence coefficients under the misjudgment class; And determining the confidence of the target object under the real category according to the target confidence.
  10. 10. The method of any of claims 1-3, 5-9, prior to acquiring an initial challenge sample generated from the original image, the method further comprising: acquiring an initial disturbance area of the original image; and carrying out replacement processing on an initial disturbance area in the original image according to the target model applied by the final countermeasure sample to obtain the initial countermeasure sample.
  11. 11. The method of claim 10, wherein substituting the initial disturbance area in the original image according to the target model applied by the final challenge sample to obtain the initial challenge sample comprises: carrying out parameter initialization processing on the initial disturbance area according to the target model to obtain a disturbance area of the target; And replacing the initial disturbance area in the original image by the disturbance area of the target to obtain the initial countermeasure sample.
  12. 12. An apparatus for generating a challenge sample, comprising: A first acquisition unit configured to acquire an original image and an initial challenge sample generated from the original image; The detection unit is used for carrying out target detection on the original image and the target object in the initial countermeasure sample to obtain the confidence level of the target object under the real category and the confidence level of the target object under other categories, wherein the other categories are categories outside the real category; A building unit comprising: A first construction subunit, configured to construct an inter-class differential loss function according to the confidence level of the target object under other classes, where the inter-class differential loss function is a sum of the confidence levels of the target object under other classes; A second construction subunit, configured to construct a loss function of the target object according to a confidence level of the target object under a real category, the inter-category differential loss function, the original image, and the initial challenge sample; An adjustment unit comprising: An adjustment subunit, configured to adjust the initial challenge sample to satisfy the loss function of the target object being less than a preset loss threshold; And the second determination subunit is used for determining an initial countermeasure sample after adjustment when the loss function of the target object is smaller than the loss threshold value as a final countermeasure sample, wherein the final countermeasure sample is used for training a network model, and the target objects of different network models are different.
  13. 13. The apparatus of claim 12, wherein the detection unit comprises: The first detection subunit is used for carrying out target detection on a target object in the original image to obtain the real category of the target object; The second detection unit is used for carrying out target detection on the target object in the initial countermeasure sample to obtain the confidence coefficient of the target object under the real category and the confidence coefficient of the target object under other categories, wherein the other categories are categories outside the real category.
  14. 14. The apparatus of claim 13, wherein the first build subunit comprises: The first acquisition module is used for sequentially acquiring N maximum confidence degrees from the confidence degrees of the target object under other categories, wherein N is a positive integer greater than 1; and the first construction module is used for constructing the inter-class difference loss function according to the acquired N maximum confidence degrees.
  15. 15. The apparatus of claim 13 or 14, wherein the second building subunit comprises: a first determining module for determining difference information between the original image and the initial challenge sample; And the second construction module is used for constructing the loss function of the target object according to the difference information, the confidence coefficient of the target object under the real category and the inter-category difference loss function.
  16. 16. The apparatus of claim 15, the apparatus further comprising: A determining unit configured to determine smoothing information of the initial challenge sample, where the smoothing information characterizes a difference in confidence of the initial challenge sample in the same pixel position and in different categories and a difference in confidence of the initial challenge sample in the same category and in different pixel positions; And the construction unit is used for constructing the loss function of the target object according to the difference information, the confidence level of the target object under the real category, the inter-category difference loss function and the smooth information.
  17. 17. The apparatus of claim 16, wherein the building element comprises: A first calculating subunit, configured to calculate a difference between the inter-class differential loss function and a confidence level of the target object under the real class; A second calculation subunit for calculating a sum between the difference information and the smoothing information; and a third construction subunit, configured to construct a loss function of the target object according to a difference between the inter-class differential loss function and the confidence level of the target object under the real class and a sum between the differential information and the smoothing information.
  18. 18. The apparatus of claim 12, wherein the detection unit comprises: the third detection subunit is used for carrying out target detection on the target object in the original image to obtain the real category of the target object and the confidence degrees of the target object corresponding to the real category; the second detection subunit is used for carrying out target detection on the target object in the initial countermeasure sample to obtain the confidence of the target object under other categories; The detection information obtained by carrying out target detection on the original image and the target object in the initial countermeasure sample further comprises confidence of the misjudgment object corresponding to the target object under a preset category.
  19. 19. The apparatus of claim 18, wherein the building unit further comprises: And the first determination subunit is used for determining the confidence level of the target object under the real category according to the respective corresponding confidence level of the target object under each category.
  20. 20. The apparatus of claim 19, wherein the first determination subunit comprises: the second determining module is used for determining the confidence coefficient of the target object under the preset misjudgment category of the target object according to the respective corresponding confidence coefficient of the target object under each category; The second acquisition module is used for acquiring target confidence degrees from the respective corresponding confidence degrees of the target objects under each category, wherein the target confidence degrees are larger than the confidence degrees under the misjudgment categories; and the third determining module is used for determining the confidence coefficient of the target object under the real category according to the target confidence coefficient.

Description

Method and device for generating challenge sample Technical Field The present disclosure relates to image processing, object detection, and deep learning in artificial intelligence, and more particularly to a method and apparatus for generating an challenge sample. Background To test the effectiveness of the target detection algorithm in the field of artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) security, it may be implemented by interfering with the sample image to generate an antagonistic sample. In the related art, interference information may be artificially added to a sample image to generate an countermeasure sample. However, in the above manner, there is a technical problem that the accuracy of generating the challenge sample is low. Disclosure of Invention The present disclosure provides a method and apparatus for generating challenge samples for improving the accuracy of generating challenge samples. According to a first aspect of the present disclosure, there is provided a method of generating an challenge sample, comprising: acquiring an original image and an initial countermeasure sample generated according to the original image; Performing target detection on the original image and a target object in the initial countermeasure sample to obtain detection information; And constructing a loss function of the target object according to the detection information, the original image and the initial countermeasure sample, and adjusting the initial countermeasure sample based on the loss function of the target object to obtain a final countermeasure sample. According to a second aspect of the present disclosure, there is provided an apparatus for generating an challenge sample, comprising: A first acquisition unit configured to acquire an original image and an initial challenge sample generated from the original image; The detection unit is used for carrying out target detection on the original image and a target object in the initial countermeasure sample to obtain detection information; a construction unit for constructing a loss function of the target object based on the detection information, the original image, and the initial challenge sample; and the adjusting unit is used for adjusting the initial countermeasure sample based on the loss function of the target object to obtain a final countermeasure sample. According to a third aspect of the present disclosure, there is provided an electronic device comprising: At least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of the first aspect. According to a fourth aspect of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method according to the first aspect. According to a fifth aspect of the present disclosure, there is provided a computer program product comprising a computer program stored in a readable storage medium, the computer program being readable from the readable storage medium by at least one processor of an electronic device, the at least one processor executing the computer program causing the electronic device to perform the method of the first aspect. According to the combined detection information disclosed by the invention, the loss function of the target object is constructed according to the detection information, the original image and the initial countermeasure sample, so that the final countermeasure sample is obtained by adjusting the constructed loss function, the defect of low accuracy caused by manually generating the final countermeasure sample in correlation can be avoided, the accuracy and reliability of the generated final countermeasure sample are improved, and the generation efficiency is improved. It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification. Drawings The drawings are for a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein: FIG. 1 is a schematic diagram according to a first embodiment of the present disclosure; FIG. 2 is a schematic diagram according to a second embodiment of the present disclosure; FIG. 3 is a schematic diagram according to a third embodiment of the present disclosure; FIG. 4 is a schematic diagram according to a fourth embodiment of the present disclosure; FIG. 5 is a schematic diagram according to a fifth embodiment of the present disclosure; FIG. 6 is a schematic diagram according to a sixth embodiment of the present disclosure; FIG. 7 is a schematic diagram according to a