| CPC G06F 21/64 (2013.01) [G06T 5/20 (2013.01); G06T 5/50 (2013.01)] | 6 Claims |
|
1. A method for heuristically defending against a local adversarial attack through gradient optimization, comprising:
processing an original image to obtain a gradient image;
selecting a noise region from the gradient image and suppressing the noise region to form a defense patch, wherein high-frequency noise gradient suppression is achieved using a low-pass filter on the gradient image with the noise region marked, the gradient image processed through the low-pass filter is divided into k overlapping blocks of a same size, the noise region is selected based on a noise threshold, and high-frequency noise gradient suppression is performed on the noise region;
the high-frequency noise gradient suppression specifically comprises: multiplying the noise region by a smoothing coefficient to obtain a suppression gradient, and subtracting the suppression gradient from the noise region; and
a noise threshold adjustment coefficient is calculated based on an area attribute and a position attribute of the noise region in the gradient image, and the noise threshold is determined by multiplying the noise threshold adjustment coefficient with an initial noise threshold;
performing gradient enhancement on the original image to form a gradient-enhanced image, wherein the gradient enhancement is implemented on the original image by obtaining a gradient of any point in the original image, multiplying the gradient by a gradient enhancement coefficient to obtain an enhancement gradient, and superimposing the enhancement gradient on the original image; and
projecting the defense patch onto the gradient-enhanced image to form a defense-processed image.
|