检测对抗样本_对抗T恤以逃避ML人检测器

检测对抗样本

Neural Networks are exceptionally good at recognizing objects shown in an image and in many cases, they have shown superhuman levels of accuracy(E.g.-Traffic sign recognition).

神经网络非常擅长识别图像中显示的物体，并且在许多情况下，它们已经显示出超人的准确度(例如，交通标志识别)。

But they are also known to have an interesting property where we can introduce some small changes to the input photo and have the Neural Network wrongly classify it into something completely different. Such attacks are known as adversarial attacks on a Neural Network. One important variant is known as the Fast Gradient sign method, by Ian GoodFellow et al, as seen in the paper Explaining and Harnessing Adversarial Examples. If properly implemented, such methods can add noise to the image barely perceptible to the human eye but it fools the Neural Network classifier. One classic example is shown below.

但是也众所周知，它们具有有趣的属性，我们可以在输入的照片上进行一些细微的更改，并使神经网络将其错误地分类为完全不同的东西。这种攻击被称为对神经网络的对抗攻击。一个重要的变体被Ian GoodFellow等人称为快速梯度符号法，如论文“ 解释和利用对抗性示例”中所见。如果实施得当，此类方法可能会给人眼几乎看不到的图像增加噪点，但却使神经网络分类器蒙昧。下面显示了一个经典示例。

Explaining and Harnessing Adversarial Examples解释和利用对抗示例

实时物体检测器-自动化监控的基础： (Real time Object detectors-The backbone of automated surveillance:)

Object detection is a classic problem in Computer Vision where given an image you have to localize an object present in the image as well as classify the category that an object belongs to. Usually this is done by training a neural network on a dataset containing sufficient number of images in each category we want to address and the output being the location of the object as well as the probability of the object belonging to the different categories.Some of the most popular Object detector models are YOLO and Faster RCNN. The detection is real-time and can be embedded in a video feed to detect objects instantaneously.

对象检测是Computer Vision中的经典问题，在给定图像的情况下，您必须定位图像中存在的对象以及对对象所属的类别进行分类。通常，这是通过在数据集上训练神经网络来完成的，该数据集包含我们要处理的每个类别中足够数量的图像，输出是对象的位置以及对象属于不同类别的概率。最受欢迎的对象检测器模型是YOLO和Faster RCNN。该检测是实时的，可以嵌入视频源中以即时检测对象。

Wikipedia under Creative Commons licenseWikipedia，由Creative Commons授权

欺骗对象检测器： (Fooling the Object detectors:)

Using the adversarial attacks discussed above researchers have successfully been able to create images or patches that can baffle an object detector. This can be used to evade detection of glass frames, stop signs and images attached to cardboard. But Surveillance systems often have to view a person from a wide variety of angles so creating just a patch is not sufficient for the problem at hand. To do this the authors tracked the deformations of the t-shirts and mapped them onto adversarial images until it was able to fool the classifier. The result was the creation of a checkerboard pattern whose every pattern of deformation in video frame was measured. Then finally the interpolation technique Thin Plate Spline Technique(TPS) was used to replace the checkerboard patch with other images.Finally, a t-shirt was designed by Kaidi Xu and colleagues at Northeastern, MIT-IBM Watson AI Lab, and MIT that was able to baffle variety of object detection methods including YOLO v2 and Faster RCNN which was unsuccessful at detection of people wearing this shirt.

使用上面讨论的对抗攻击，研究人员已经成功地能够创建图像或补丁，使目标检测器感到困惑。这可用于逃避对玻璃框的检测，停止粘贴在硬纸板上的标志和图像。但是监视系统通常必须从多种角度观察一个人，因此仅创建补丁不足以解决当前的问题。为此，作者跟踪了T恤的变形，并将其映射到对抗图像上，直到它能够使分类器蒙骗为止。结果就是创建了一个棋盘格图案，其视频帧中的每个变形图案都得到了测量。最后，使用插值技术Thin Plate Spline Technique(TPS)将棋盘格贴图替换为其他图像。能够挡住包括YOLO v2和Faster RCNN在内的多种对象检测方法，这些方法在检测穿这件衬衫的人方面均不成功。

Image taken from the paper Adversarial T-shirt! Evading Person Detectors in A Physical World

结果： (Results:)

Finally after printing these kinds of shirts they were put into action in front of surveillance cameras and videos of the result was recorded. It turns out YOLO v2 model was fooled in 57 percent of frames in the physical world and 74 percent in the digital world, a substantial improvement over the previous state of the art’s 18 percent and 24 percent.

最终，在将此类衬衫打印后，将它们投入监控摄像机的前面，并记录了结果的视频。原来YOLO V2模型是在现实世界中的帧的57％和在数字世界74％上当，比上的显着改进现有技术的状态的18％和24％。

结论： (Conclusion:)

This paper provides useful information on how adversarial perturbations and noises can be implemented in real life scenarios. Images generated by this method can be used to train the different classifiers and in turn produce more robust classifiers. Such classifiers may prevent object detectors from getting tricked in the future.

本文提供了有关如何在现实生活中实现对抗性扰动和噪音的有用信息。通过这种方法生成的图像可用于训练不同的分类器，进而产生更强大的分类器。这样的分类器可以防止对象检测器将来被欺骗。

翻译自: https://towardsdatascience.com/adversarial-t-shirts-to-evade-ml-person-detectors-8f4ee7af9331

检测对抗样本

http://www.taodudu.cc/news/show-863687.html

机器学习中一阶段网络是啥_机器学习项目的各个阶段
目标检测 dcn v2_使用Detectron2分6步进行目标检测
生成高分辨率pdf_用于高分辨率图像合成的生成变分自编码器
神经网络激活函数对数函数_神经网络中的激活函数
算法伦理
python 降噪_使用降噪自动编码器重建损坏的数据（Python代码）
bert简介_BERT简介
卷积神经网络结构_卷积神经网络
html两个框架同时_两个框架的故事
深度学习中交叉熵_深度计算机视觉，用于检测高熵合金中的钽和铌碎片
梯度提升树python_梯度增强树回归— Spark和Python
5行代码可实现5倍Scikit-Learn参数调整的更快速度
tensorflow 多人_使用TensorFlow2.x进行实时多人2D姿势估计
keras构建卷积神经网络_在Keras中构建，加载和保存卷积神经网络
深度学习背后的数学_深度学习背后的简单数学
深度学习：在图像上找到手势_使用深度学习的人类情绪和手势检测器：第1部分
单光子探测技术应用_我如何最终在光学/光子学应用程序中使用机器学习作为博士学位
基于深度学习的病理_组织病理学的深度学习（第二部分）
ai无法启动产品_启动AI启动的三个关键教训
达尔文进化奖_使用Kydavra GeneticAlgorithmSelector将达尔文进化应用于特征选择
变异函数 python_使用Python进行变异测试
信号处理深度学习机器学习_机器学习与信号处理
PinnerSage模型
零信任模型_关于信任模型
乐器演奏_深度强化学习代理演奏的蛇
深度学习模型建立过程_所有深度学习都是统计模型的建立
使用TensorFlow进行鬼写
使用OpenCV和Python从图像中提取形状
NLP的特征工程
无监督学习 k-means_无监督学习-第1部分