Nothing Special   »   [go: up one dir, main page]

CN111783982B - Method, device, equipment and medium for acquiring attack sample - Google Patents

Method, device, equipment and medium for acquiring attack sample Download PDF

Info

Publication number
CN111783982B
CN111783982B CN202010610570.8A CN202010610570A CN111783982B CN 111783982 B CN111783982 B CN 111783982B CN 202010610570 A CN202010610570 A CN 202010610570A CN 111783982 B CN111783982 B CN 111783982B
Authority
CN
China
Prior art keywords
data
attack
training data
initial
attack sample
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010610570.8A
Other languages
Chinese (zh)
Other versions
CN111783982A (en
Inventor
刘彦宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An International Smart City Technology Co Ltd
Original Assignee
Ping An International Smart City Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An International Smart City Technology Co Ltd filed Critical Ping An International Smart City Technology Co Ltd
Priority to CN202010610570.8A priority Critical patent/CN111783982B/en
Publication of CN111783982A publication Critical patent/CN111783982A/en
Application granted granted Critical
Publication of CN111783982B publication Critical patent/CN111783982B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Molecular Biology (AREA)
  • Computational Linguistics (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Mathematical Physics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to a data processing technology, and discloses an attack sample acquisition method, which comprises the following steps: acquiring a classification model, training data of the classification model and data labels corresponding to the training data; generating disturbance data corresponding to the training data by utilizing an attack algorithm; predicting disturbance data by using the classification model to obtain a prediction tag; when the predicted label is inconsistent with the data label corresponding to the training data, determining that the disturbance data is an initial attack sample; and carrying out iterative computation on the initial attack sample for preset times by using a gradient descent algorithm, and computing the distance values of all initial updated attack samples generated by iteration and training data to obtain an initial updated attack sample corresponding to the minimum distance value as a standard attack sample. In addition, the present invention relates to blockchain techniques in which training data may be stored in blockchain nodes. The invention can improve the quality of the acquired attack data.

Description

Method, device, equipment and medium for acquiring attack sample
Technical Field
The present invention relates to the field of big data processing technologies, and in particular, to a method and apparatus for acquiring an attack sample, an electronic device, and a computer readable storage medium.
Background
With the advent of deep neural networks, intelligent recognition technology has been rapidly developed, however, deep neural networks face a poor resistance to attacks. For example, a deep neural network with an image classification function may cause a difference in image classification results due to a change in tiny pixels in an image during image classification.
At present, most of methods for improving the aggressiveness of the deep neural network add aggressive data in the process of training the deep neural network, so that the robustness and accuracy of the deep neural network are improved. However, if the quality of the attack data is not high, the purpose of improving the robustness and accuracy of the deep neural network cannot be achieved. Therefore, how to obtain high-quality attack data becomes a problem to be solved.
Disclosure of Invention
The invention provides a method and a device for acquiring an attack sample, electronic equipment and a computer readable storage medium, and mainly aims to provide a method for improving the quality of acquired attack data.
In order to achieve the above object, the present invention provides a method for acquiring an attack sample, including:
acquiring a classification model, training data of the classification model and a data tag corresponding to the training data;
Generating disturbance data corresponding to the training data by utilizing an attack algorithm;
Predicting the disturbance data by using the classification model to obtain a prediction tag;
when the predicted label is inconsistent with the data label corresponding to the training data, determining that the disturbance data is an initial attack sample;
And carrying out iterative computation on the initial attack sample for preset times by using a gradient descent algorithm, and computing the distance values between all initial updated attack samples generated by iteration and the training data to obtain an initial updated attack sample corresponding to the minimum distance value as a standard attack sample.
Optionally, the generating disturbance data corresponding to the training data by using an attack algorithm includes:
and adding disturbance factors into the training data by using an attack algorithm to obtain disturbance data.
Optionally, the training data is a training image, and the attack algorithm is:
Trans=(δR+xR)+(δG+xG)+(δB+xB)
Wherein, trans is disturbance data, x R、xG、xB is three components of any pixel point in the training image, delta R、δG、δB is three components of any pixel point in disturbance factor, and the disturbance factor is the image with the same size as the training image.
Optionally, the performing, by using a gradient descent algorithm, iterative computation on the initial attack sample for a preset number of times includes:
Setting iteration parameters, wherein the iteration parameters comprise, but are not limited to, iteration times, learning rate, norm update factors and norms of disturbance images;
Initializing iteration parameters, fixing weight parameters of the classification model, and solving gradients of loss functions in the classification model;
Updating the initial attack sample by utilizing the gradient to obtain a plurality of initial updating attack samples;
projecting the plurality of initial attack samples onto the spherical surface of a norm sphere with a preset radius;
Cutting norms on the norms sphere into a preset pixel interval;
And generating an initial attack sample again by using the cut norm, and inputting the initial attack sample into the classification model to judge until the iteration times reach the preset iteration times.
Optionally, calculating the distance values of all initial update attack samples generated by the iteration and the training data includes:
calculating the distance values between all initial update attack samples generated by iteration and the training data by using the following distance algorithm:
wherein L (X, Y) is the distance value, X is the training data, Y is the data label corresponding to the training data, and f (x+delta) is the prediction label generated by the initial updating attack sample.
Optionally, after the iterative computation of the initial attack sample for a preset number of times by using a gradient descent algorithm, the method further includes:
Storing an iteration result generated after each iteration to a local end where a backup database is located;
and carrying out mirror image copying on the iteration result generated after each iteration to obtain a mirror image iteration result, and storing the mirror image iteration result to a different place end where a server of the backup database is located.
Optionally, the acquiring training data of the classification model includes:
The training data is obtained from a blockchain used to store the training data using a pessimistic lock.
In order to solve the above-mentioned problem, the present invention also provides an apparatus for acquiring an attack sample, the apparatus comprising:
The data acquisition module is used for acquiring the classification model, training data of the classification model and a data tag corresponding to the training data;
the disturbance data generation module is used for generating disturbance data corresponding to the training data by utilizing an attack algorithm;
The label prediction module is used for predicting the disturbance data by using the classification model to obtain a prediction label;
The initial attack sample generation module is used for determining the disturbance data as an initial attack sample when the prediction label is inconsistent with the data label corresponding to the training data;
the standard attack sample generation module is used for carrying out iterative computation on the initial attack samples for preset times by utilizing a gradient descent algorithm, calculating the distance values between all initial update attack samples generated by iteration and the training data, and acquiring the initial update attack sample corresponding to the minimum distance value as the standard attack sample.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
A memory storing at least one instruction; and
And the processor executes the instructions stored in the memory to realize the method for acquiring the attack sample according to any one of the above.
In order to solve the above-mentioned problems, the present invention also provides a computer-readable storage medium including a storage data area storing created data and a storage program area storing a computer program; wherein the computer program, when executed by a processor, implements the method for obtaining an attack sample according to any one of the above.
In the embodiment of the invention, a classification model, training data of the classification model and a data tag corresponding to the training data are acquired; generating disturbance data corresponding to the training data by utilizing an attack algorithm; predicting the disturbance data by using the classification model to obtain a prediction tag; when the predicted label is inconsistent with the data label corresponding to the training data, determining that the disturbance data is an initial attack sample; and carrying out iterative computation on the initial attack sample for preset times by using a gradient descent algorithm, and computing the distance values between all initial updated attack samples generated by iteration and the training data to obtain an initial updated attack sample corresponding to the minimum distance value as a standard attack sample. By generating disturbance data, further determining the disturbance data as initial attack samples according to conditions, the number of attack samples is increased, accidental errors caused by the small number of attack samples are reduced, and the quality of the obtained standard attack samples is improved; the method comprises the steps of carrying out iterative computation on an initial attack sample, calculating a distance value between the initial attack sample and training data generated by iteration, screening the initial attack sample based on the distance value, and screening a standard attack sample with better reliability, thereby improving the quality of the obtained standard attack sample. Therefore, the method, the device, the equipment and the medium for acquiring the attack sample can improve the quality of acquired attack data.
Drawings
Fig. 1 is a flowchart of a method for acquiring an attack sample according to an embodiment of the present invention;
fig. 2 is a schematic block diagram of an apparatus for acquiring an attack sample according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an internal structure of an electronic device for implementing a method for acquiring an attack sample according to an embodiment of the present invention;
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The execution body of the method for acquiring the attack sample provided by the embodiment of the application comprises at least one of a server, a terminal and the like which can be configured to execute the method provided by the embodiment of the application. In other words, the method for acquiring the attack sample may be performed by software or hardware installed in the terminal device or the server device, where the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
The invention provides an attack sample acquisition method. Referring to fig. 1, a flowchart of a method for acquiring an attack sample according to an embodiment of the present invention is shown. The method may be performed by an apparatus, which may be implemented in software and/or hardware.
In this embodiment, the method for acquiring the attack sample includes:
S1, acquiring a classification model, training data of the classification model and a data tag corresponding to the training data.
In an embodiment of the present invention, the classification model includes, but is not limited to, an image classification model and a data classification model. The training data of the classification model is a data set used for training the classification model, and the data set comprises the training data and a data label corresponding to the training data.
According to the embodiment of the invention, the training data can be acquired from the block chain for storing the training data in a pessimistic lock mode, a large amount of training data can be acquired at one time by utilizing the high throughput of the block chain, and the efficiency of acquiring the training data is improved.
The pessimistic locking mode means that when the training data is obtained each time, other programs may modify the content in the training data, so that the training data is locked each time the training data is obtained, so that the other programs cannot modify the content in the training data, and the accuracy of the content in the obtained training data is ensured.
In this embodiment, the number of training data is one or more, and when there are multiple training data, multiple data labels corresponding to the multiple training data are obtained, that is, the data label corresponding to each training data is obtained.
In this embodiment, the data tag is a result identifier for classifying training data.
In an alternative embodiment of the present invention, the data tag is pre-stored.
Preferably, in another optional embodiment of the present invention, after the classification model and the training data are acquired, the training data are input into the classification model, so as to obtain a data tag corresponding to the training data. For example, the training image x is input to the image classification model, so as to obtain an image label f (x) corresponding to the training image x.
In the following embodiments, the present invention will be described by taking a classification model as an image classification model and training data as a training image set for training the image classification model as an example.
In the embodiment of the invention, the image classification model is a convolutional neural network with an image classification function, and the convolutional neural network comprises a convolutional layer, a pooling layer and a full-connection layer. Specific:
The convolution layer is used for carrying out convolution processing on the image, firstly locally perceiving each feature in the image, and then carrying out comprehensive operation on the local at a higher level so as to obtain global information;
the pooling layer is used for pooling the convolved image and is mainly used for feature dimension reduction, training data and parameter quantity, reducing overfitting and improving fault tolerance of the model;
The full-connection layer is used for final linear classification due to the fact that the large parameter quantity of the full-connection layer is easy to overfit and does not accord with the local perception principle of human beings on images, and the full-connection layer is equivalent to performing linear combination on the extracted high-level feature vectors and outputting final image classification results.
S2, generating disturbance data corresponding to the training data by utilizing an attack algorithm.
In the embodiment of the present invention, the generating disturbance data corresponding to the training data by using an attack algorithm includes:
and adding disturbance factors into the training data by using an attack algorithm to obtain disturbance data.
In the embodiment of the invention, if the number of the training data is multiple, disturbance factors can be respectively added into the multiple training data by using a preset attack algorithm, so as to obtain multiple disturbance data. For example, a disturbance factor delta is added to a training image x by using a preset attack algorithm to obtain a disturbance image (i.e. disturbance data), wherein the disturbance factor delta is an image with the same size as the training image x.
In detail, when the training data is a training image, the attack algorithm is:
Trans=(δR+xR)+(δG+xG)+(δB+xB)
Wherein, trans is disturbance data, x R、xG、xB is three components of any pixel point in the training image, delta R、δG、δB is three components of any pixel point in disturbance factor, and the disturbance factor is the image with the same size as the training image.
And after the pixel values of all pixels in the plurality of training images are converted according to an attack algorithm, obtaining a plurality of disturbance images.
S3, predicting the disturbance data by using the classification model to obtain a prediction tag.
After disturbance data is obtained through an attack algorithm, the disturbance data is input into a classification model, and the disturbance data is predicted through the classification model to obtain a prediction result of the disturbance data, namely a prediction label.
For example, the disturbance image x+δ is input into the image classification model, and the prediction label f (x+δ) of the disturbance image can be obtained.
And S4, when the predicted label is inconsistent with the data label corresponding to the training data, determining that the disturbance data is an initial attack sample.
In this embodiment, the data tag corresponding to the predicted tag and the training data is matched, so as to determine whether the predicted tag is consistent with the training data.
For example, whether the predicted label f (x+δ) of the disturbance image is the same as the label f (x) corresponding to the training image is determined; if the images are the same, determining that the disturbance images are not the initial attack samples; if the disturbance images are different, determining the disturbance images as initial attack samples.
Further, if the disturbance image is not the initial attack sample, the disturbance image corresponding to the training image may be regenerated.
S5, carrying out iterative computation on the initial attack sample for preset times by using a gradient descent algorithm, and computing the distance values between all initial updated attack samples generated by iteration and the training data to obtain an initial updated attack sample corresponding to the minimum distance value as a standard attack sample.
In the embodiment of the present invention, when the training data is a training image, the performing iterative computation on the initial attack sample for a preset number of times by using a gradient descent algorithm includes:
(1) Setting iteration parameters: iteration times K, learning rate alpha and norm update factor gamma, wherein the iteration index K corresponds to disturbance image delta k generated by the kth iteration, and the norm epsilon k of the disturbance image.
The iteration times K are used for determining the upper limit of the iteration training times and preventing the classification model from carrying out excessive unnecessary training times; the learning rate alpha is a parameter of the classification model and is used for representing the parameter updating efficiency of the classification model; the norm update factor gamma represents the update degree of each iteration on the initial attack sample, the iteration index k is used for marking a disturbance factor image delta k generated by the kth iteration, and the norm epsilon k of the disturbance image represents the distance value between a training image measured by Euclidean distance based on the L2 norm and the initial attack sample.
(2) Initializing iteration parameters: δ 0←0,∈0 ++1, k++1, fixing the weight parameter θ of the classification model, and solving the gradient g for δ k-1 (i.e. the initial attack sample) in the loss function J (x+δ k-1, y, θ) in the classification model;
(3) Updating the initial attack sample delta k-1 by utilizing the gradient value g to obtain an initial update attack sample delta k=δk-1 +g, wherein the generation step of the update attack sample is repeated for a plurality of times to generate a plurality of initial update attack samples;
It should be emphasized that, in the embodiment of the present invention, when the gradient value g is used to update the initial attack sample δ k-1, if f (x+δ k-1) noteqy, the initial attack sample δ k-1 is moved to the direction of decreasing the norm e k=(1-γ)∈k-1; if f (x+δ k-1) =y, the initial attack sample δ k-1 is shifted by e k=(1+γ)∈k-1 in the direction of increasing the norm.
(4) Projecting the plurality of initial attack samples onto a sphere of a norm sphere having a radius e k;
(5) Clipping the norms on the norms sphere to be within a preset pixel interval [0, M ] (M is usually 255 and represents a normal pixel range);
(6) And generating an initial attack sample again by using the cut norm, and inputting the initial attack sample into the classification model to judge until the number of iterations K reaches the preset iteration number K.
Specifically, the embodiment of the invention calculates the distance value between the initial updated attack sample and the training data generated in the iterative process by using a preset distance algorithm, and determines the initial attack sample corresponding to the minimum distance value as the standard attack sample.
Preferably, calculating the distance values between all initial updated attack samples generated by the iteration and the training data includes:
calculating the distance values between all initial update attack samples generated by iteration and the training data by using the following distance algorithm:
wherein L (X, Y) is the distance value, X is the training data, Y is the data label corresponding to the training data, and f (x+delta) is the prediction label generated by the initial updating attack sample.
By using the method for calculating the distance value, the similarity degree of the initial attack sample and the training image can be more intuitively displayed, and the standard attack sample can be selected according to the calculated distance value.
Further, the embodiment of the invention further comprises storing the iteration result of each step after carrying out iterative computation of the preset times on the initial attack sample by using a gradient descent algorithm.
Specifically, after the initial attack sample is iterated for a preset number of times by using the gradient descent algorithm, the method further includes:
Storing an iteration result generated after each iteration to a local end where a backup database is located;
and carrying out mirror image copying on the iteration result generated after each iteration to obtain a mirror image iteration result, and storing the mirror image iteration result to a different place end where a server of the backup database is located.
In this embodiment, the iteration result generated after each iteration includes an initial update attack sample.
In this embodiment, the remote end where the server of the backup database is located refers to a local server of the backup database; the remote end of the server of the backup database refers to the remote server of the backup database.
Specifically, the iteration result is stored in a local end where the backup database is located, the iteration result is copied to a copy to obtain a mirror image iteration result, a remote server of the backup database is found through an addressing method, and the mirror image iteration result is stored in the remote server of the backup database, namely, a remote end where the server of the backup database is located.
When any step in the iteration process is blocked, downtime and other anomalies occur, the iteration result of the last step can be directly called from the local end and/or the remote end to be continuously executed, and the loss of data is avoided.
In this embodiment, since some anomalies may occur during the acquisition process of the standard attack sample, in order to reduce the situations such as re-execution when the anomalies occur, the data loss can be avoided by storing the iteration result, and the stability of the acquisition of the attack sample is improved.
In the embodiment of the invention, a classification model, training data of the classification model and a data tag corresponding to the training data are acquired; generating disturbance data corresponding to the training data by utilizing an attack algorithm; predicting the disturbance data by using the classification model to obtain a prediction tag; when the predicted label is inconsistent with the data label corresponding to the training data, determining that the disturbance data is an initial attack sample; and carrying out iterative computation on the initial attack sample for preset times by using a gradient descent algorithm, and computing the distance values between all initial updated attack samples generated by iteration and the training data to obtain an initial updated attack sample corresponding to the minimum distance value as a standard attack sample. By generating disturbance data, further determining the disturbance data as initial attack samples according to conditions, the number of attack samples is increased, accidental errors caused by the small number of attack samples are reduced, and the quality of the obtained standard attack samples is improved; the method comprises the steps of carrying out iterative computation on an initial attack sample, calculating a distance value between the initial attack sample and training data generated by iteration, screening the initial attack sample based on the distance value, and screening a standard attack sample with better reliability, thereby improving the quality of the obtained standard attack sample. Therefore, the method for acquiring the attack sample can improve the quality of the acquired attack data.
Fig. 2 is a schematic block diagram of an apparatus for acquiring an attack sample according to the present invention.
The device 100 for acquiring an attack sample according to the present invention may be installed in an electronic device. The means for obtaining the attack samples may include a data obtaining module 101, a disturbance data generating module 102, a tag predicting module 103, an initial attack sample generating module 104 and a standard attack sample generating module 105 according to the implemented functions. The module of the present invention may also be referred to as a unit, meaning a series of computer program segments capable of being executed by the processor of the electronic device and of performing fixed functions, stored in the memory of the electronic device.
In the present embodiment, the functions concerning the respective modules/units are as follows:
The data acquisition module 101 is configured to acquire a classification model, and acquire training data of the classification model and a data tag corresponding to the training data;
the disturbance data generation module 102 is configured to generate disturbance data corresponding to the training data by using an attack algorithm;
the tag prediction module 103 is configured to predict the disturbance data by using the classification model to obtain a predicted tag;
the initial attack sample generation module 104 is configured to determine that the disturbance data is an initial attack sample when the prediction label is inconsistent with the data label corresponding to the training data;
the standard attack sample generation module 105 is configured to perform iterative computation on the initial attack samples for a preset number of times by using a gradient descent algorithm, and compute distance values between all initial update attack samples generated by iteration and the training data, so as to obtain an initial update attack sample corresponding to a minimum distance value as a standard attack sample.
In detail, the specific implementation modes of each module of the attack sample acquisition device are as follows:
The data acquisition module 101 is configured to acquire a classification model, training data of the classification model, and a data tag corresponding to the training data.
In an embodiment of the present invention, the classification model includes, but is not limited to, an image classification model and a data classification model. The training data of the classification model is a data set used for training the classification model, and the data set comprises the training data and a data label corresponding to the training data.
The data acquisition module 101 may acquire the training data from the blockchain for storing the training data in a pessimistic lock manner, and may acquire a large amount of training data at a time by using high throughput of the blockchain, thereby improving the efficiency of acquiring the training data.
The pessimistic locking mode means that when the training data is obtained each time, other programs may modify the content in the training data, so that the training data is locked each time the training data is obtained, so that the other programs cannot modify the content in the training data, and the accuracy of the content in the obtained training data is ensured.
In this embodiment, the number of training data is one or more, and when there are multiple training data, multiple data labels corresponding to the multiple training data are obtained, that is, the data label corresponding to each training data is obtained.
In this embodiment, the data tag is a result identifier for classifying training data.
In an alternative embodiment of the present invention, the data tag is pre-stored.
Preferably, after the data acquisition module 101 acquires the classification model and the training data, the training data is input into the classification model to obtain a data tag corresponding to the training data. For example, the training image x is input to the image classification model, so as to obtain an image label f (x) corresponding to the training image x.
In the following embodiments, the present invention will be described by taking a classification model as an image classification model and training data as a training image set for training the image classification model as an example.
In the embodiment of the invention, the image classification model is a convolutional neural network with an image classification function, and the convolutional neural network comprises a convolutional layer, a pooling layer and a full-connection layer. Specific:
The convolution layer is used for carrying out convolution processing on the image, firstly locally perceiving each feature in the image, and then carrying out comprehensive operation on the local at a higher level so as to obtain global information;
the pooling layer is used for pooling the convolved image and is mainly used for feature dimension reduction, training data and parameter quantity, reducing overfitting and improving fault tolerance of the model;
The full-connection layer is used for final linear classification due to the fact that the large parameter quantity of the full-connection layer is easy to overfit and does not accord with the local perception principle of human beings on images, and the full-connection layer is equivalent to performing linear combination on the extracted high-level feature vectors and outputting final image classification results.
The disturbance data generation module 102 is configured to generate disturbance data corresponding to the training data by using an attack algorithm.
In the embodiment of the present invention, the disturbance data generation module 102 is specifically configured to
And adding disturbance factors into the training data by using an attack algorithm to obtain disturbance data.
In the embodiment of the invention, if the number of the training data is multiple, disturbance factors can be respectively added into the multiple training data by using a preset attack algorithm, so as to obtain multiple disturbance data. For example, a disturbance factor delta is added to a training image x by using a preset attack algorithm to obtain a disturbance image (i.e. disturbance data), wherein the disturbance factor delta is an image with the same size as the training image x.
In detail, when the training data is a training image, the attack algorithm is:
Trans=(δR+xR)+(δG+xG)+(δB+xB)
Wherein, trans is disturbance data, x R、xG、xB is three components of any pixel point in the training image, delta R、δG、δB is three components of any pixel point in disturbance factor, and the disturbance factor is the image with the same size as the training image.
And after the pixel values of all pixels in the plurality of training images are converted according to an attack algorithm, obtaining a plurality of disturbance images.
The tag prediction module 103 is configured to predict the disturbance data by using the classification model to obtain a predicted tag.
After obtaining the disturbance data through the attack algorithm, the tag prediction module 103 inputs the disturbance data into the classification model, predicts the disturbance data through the classification model, and obtains a prediction result of the disturbance data, namely a prediction tag.
For example, the disturbance image x+δ is input into the image classification model, and the prediction label f (x+δ) of the disturbance image can be obtained.
The initial attack sample generation module 104 is configured to determine that the disturbance data is an initial attack sample when the prediction label is inconsistent with the data label corresponding to the training data.
In this embodiment, the initial attack sample generation module 104 determines whether the predicted tag is consistent with the training data by matching the predicted tag with the data tag corresponding to the training data.
For example, whether the predicted label f (x+δ) of the disturbance image is the same as the label f (x) corresponding to the training image is determined; if the images are the same, determining that the disturbance images are not the initial attack samples; if the disturbance images are different, determining the disturbance images as initial attack samples.
Further, if the disturbance image is not the initial attack sample, the disturbance image corresponding to the training image may be regenerated.
The standard attack sample generation module 105 is configured to perform iterative computation on the initial attack samples for a preset number of times by using a gradient descent algorithm, and compute distance values between all initial update attack samples generated by iteration and the training data, so as to obtain an initial update attack sample corresponding to a minimum distance value as a standard attack sample.
In the embodiment of the present invention, when the training data is a training image, the standard attack sample generation module 105 performs iterative computation on the initial attack sample for a preset number of times by using a gradient descent algorithm, including:
(1) Setting iteration parameters: iteration times K, learning rate alpha and norm update factor gamma, wherein the iteration index K corresponds to disturbance image delta k generated by the kth iteration, and the norm epsilon k of the disturbance image.
The iteration times K are used for determining the upper limit of the iteration training times and preventing the classification model from carrying out excessive unnecessary training times; the learning rate alpha is a parameter of the classification model and is used for representing the parameter updating efficiency of the classification model; the norm update factor gamma represents the update degree of each iteration on the initial attack sample, the iteration index k is used for marking a disturbance factor image delta k generated by the kth iteration, and the norm epsilon k of the disturbance image represents the distance value between a training image measured by Euclidean distance based on the L2 norm and the initial attack sample.
(2) Initializing iteration parameters: δ 0←0,∈0 ++1, k++1, fixing the weight parameter θ of the classification model, and solving the gradient g for δ k-1 (i.e. the initial attack sample) in the loss function J (x+δ k-1, y, θ) in the classification model;
(3) Updating the initial attack sample delta k-1 by utilizing the gradient value g to obtain an initial update attack sample delta k=δk-1 +g, wherein the generation step of the update attack sample is repeated for a plurality of times to generate a plurality of initial update attack samples;
It should be emphasized that, in the embodiment of the present invention, when the gradient value g is used to update the initial attack sample δ k-1, if f (x+δ k-1) noteqy, the initial attack sample δ k-1 is moved to the direction of decreasing the norm e k=(1-γ)∈k-1; if f (x+δ k-1) =y, the initial attack sample δ k-1 is shifted by e k=(1+γ)∈k-1 in the direction of increasing the norm.
(4) Projecting the plurality of initial attack samples onto a sphere of a norm sphere having a radius e k;
(5) Clipping the norms on the norms sphere to be within a preset pixel interval [0, M ] (M is usually 255 and represents a normal pixel range);
(6) And generating an initial attack sample again by using the cut norm, and inputting the initial attack sample into the classification model to judge until the number of iterations K reaches the preset iteration number K.
Specifically, the embodiment of the invention calculates the distance value between the initial updated attack sample and the training data generated in the iterative process by using a preset distance algorithm, and determines the initial attack sample corresponding to the minimum distance value as the standard attack sample.
Specifically, the embodiment of the invention calculates the distance value between the initial updated attack sample and the training data generated in the iterative process by using a preset distance algorithm, and determines the initial attack sample corresponding to the minimum distance value as the standard attack sample.
Preferably, calculating the distance values between all initial updated attack samples generated by the iteration and the training data includes:
calculating the distance values between all initial update attack samples generated by iteration and the training data by using the following distance algorithm:
wherein L (X, Y) is the distance value, X is the training data, Y is the data label corresponding to the training data, and f (x+delta) is the prediction label generated by the initial updating attack sample.
By using the distance algorithm, the similarity degree of the initial attack sample and the training image can be displayed more intuitively, and the standard attack sample can be selected according to the calculated distance value.
Further, the device for acquiring the attack sample further comprises a backup module, configured to:
Storing an iteration result generated after each iteration to a local end where a backup database is located;
and carrying out mirror image copying on the iteration result generated after each iteration to obtain a mirror image iteration result, and storing the mirror image iteration result to a different place end where a server of the backup database is located.
In this embodiment, the iteration result generated after each iteration includes an initial update attack sample.
In this embodiment, the remote end where the server of the backup database is located refers to a local server of the backup database; the remote end of the server of the backup database refers to the remote server of the backup database.
Specifically, the iteration result is stored in a local end where the backup database is located, the iteration result is copied to a copy to obtain a mirror image iteration result, a remote server of the backup database is found through an addressing method, and the mirror image iteration result is stored in the remote server of the backup database, namely, a remote end where the server of the backup database is located.
When any step in the iteration process is blocked, downtime and other anomalies occur, the iteration result of the last step can be directly called from the local end and/or the remote end to be continuously executed, and the loss of data is avoided.
In this embodiment, since some anomalies may occur during the acquisition process of the standard attack sample, in order to reduce the situations such as re-execution when the anomalies occur, the data loss can be avoided by storing the iteration result, and the stability of the acquisition of the attack sample is improved.
In the embodiment of the invention, a classification model, training data of the classification model and a data tag corresponding to the training data are acquired; generating disturbance data corresponding to the training data by utilizing an attack algorithm; predicting the disturbance data by using the classification model to obtain a prediction tag; when the predicted label is inconsistent with the data label corresponding to the training data, determining that the disturbance data is an initial attack sample; and carrying out iterative computation on the initial attack sample for preset times by using a gradient descent algorithm, and computing the distance values between all initial updated attack samples generated by iteration and the training data to obtain an initial updated attack sample corresponding to the minimum distance value as a standard attack sample. By generating disturbance data, further determining the disturbance data as initial attack samples according to conditions, the number of attack samples is increased, accidental errors caused by the small number of attack samples are reduced, and the quality of the obtained standard attack samples is improved; the method comprises the steps of carrying out iterative computation on an initial attack sample, calculating a distance value between the initial attack sample and training data generated by iteration, screening the initial attack sample based on the distance value, and screening a standard attack sample with better reliability, thereby improving the quality of the obtained standard attack sample. Therefore, the device for acquiring the attack sample can improve the quality of the acquired attack data.
Fig. 3 is a schematic structural diagram of an electronic device for implementing the method for acquiring an attack sample according to the present invention.
The electronic device 1 may comprise a processor 10, a memory 11 and a bus, and may further comprise a computer program stored in the memory 11 and executable on the processor 10, such as an attack sample acquisition program 12.
The memory 11 includes at least one type of readable storage medium, including flash memory, a mobile hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may in other embodiments also be an external storage device of the electronic device 1, such as a plug-in mobile hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD) or the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only for storing application software installed in the electronic device 1 and various types of data, such as codes of the acquisition program 12 of an attack sample, but also for temporarily storing data that has been output or is to be output.
The processor 10 may be comprised of integrated circuits in some embodiments, for example, a single packaged integrated circuit, or may be comprised of multiple integrated circuits packaged with the same or different functions, including one or more central processing units (Central Processing unit, CPU), microprocessors, digital processing chips, graphics processors, combinations of various control chips, and the like. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects respective components of the entire electronic device using various interfaces and lines, executes or executes programs or modules stored in the memory 11 (for example, executes an acquisition program of an attack sample, etc.), and invokes data stored in the memory 11 to perform various functions of the electronic device 1 and process data.
The bus may be a peripheral component interconnect standard (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
Fig. 3 shows only an electronic device with components, it being understood by a person skilled in the art that the structure shown in fig. 3 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or may combine certain components, or may be arranged in different components.
For example, although not shown, the electronic device 1 may further include a power source (such as a battery) for supplying power to each component, and preferably, the power source may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device 1 may further include various sensors, bluetooth modules, wi-Fi modules, etc., which will not be described herein.
Further, the electronic device 1 may also comprise a network interface, optionally the network interface may comprise a wired interface and/or a wireless interface (e.g. WI-FI interface, bluetooth interface, etc.), typically used for establishing a communication connection between the electronic device 1 and other electronic devices.
The electronic device 1 may optionally further comprise a user interface, which may be a Display, an input unit, such as a Keyboard (Keyboard), or a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device 1 and for displaying a visual user interface.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The acquisition program 12 of attack samples stored in the memory 11 of the electronic device 1 is a combination of instructions that, when executed in the processor 10, can implement:
Acquiring a classification model, training data of the classification model and a data tag corresponding to the training data;
Generating disturbance data corresponding to the training data by utilizing an attack algorithm;
Predicting the disturbance data by using the classification model to obtain a prediction tag;
when the predicted label is inconsistent with the data label corresponding to the training data, determining that the disturbance data is an initial attack sample;
And carrying out iterative computation on the initial attack sample for preset times by using a gradient descent algorithm, and computing the distance values between all initial updated attack samples generated by iteration and the training data to obtain an initial updated attack sample corresponding to the minimum distance value as a standard attack sample.
Further, the modules/units integrated in the electronic device 1 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as separate products. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
Further, the computer-usable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created from the use of blockchain nodes, and the like.
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any accompanying diagram representation in the claims should not be considered as limiting the claim concerned.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The blockchain (Blockchain), essentially a de-centralized database, is a string of data blocks that are generated in association using cryptographic methods, each of which contains information from a batch of network transactions for verifying the validity (anti-counterfeit) of its information and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.

Claims (8)

1. A method for obtaining an attack sample, the method comprising:
acquiring a classification model, training data of the classification model and a data tag corresponding to the training data;
Generating disturbance data corresponding to the training data by utilizing an attack algorithm;
Predicting the disturbance data by using the classification model to obtain a prediction tag;
when the predicted label is inconsistent with the data label corresponding to the training data, determining that the disturbance data is an initial attack sample;
Performing iterative computation on the initial attack sample for preset times by using a gradient descent algorithm, and computing the distance values between all initial updated attack samples generated by iteration and the training data to obtain an initial updated attack sample corresponding to the minimum distance value as a standard attack sample;
the performing iterative computation of the initial attack sample for a preset number of times by using a gradient descent algorithm includes: setting iteration parameters, wherein the iteration parameters comprise iteration times; initializing iteration parameters, fixing weight parameters of the classification model, and solving gradients of loss functions in the classification model; updating the initial attack sample by utilizing the gradient to obtain a plurality of initial updating attack samples; projecting the initial attack sample onto the spherical surface of a norm sphere with a preset radius; cutting norms on the norms sphere into a preset pixel interval; generating an initial attack sample again by using the cut norm, and inputting the initial attack sample into the classification model to judge until the iteration times reach the preset iteration times;
And calculating the distance values between all initial updated attack samples generated by iteration and the training data, wherein the distance values comprise: calculating the distance values between all initial update attack samples generated by iteration and the training data by using the following distance algorithm:
wherein L (X, Y) is the distance value, X is the training data, Y is the data label corresponding to the training data, and f (x+delta) is the prediction label generated by the initial updating attack sample.
2. The method for obtaining an attack sample according to claim 1, wherein generating disturbance data corresponding to the training data using an attack algorithm comprises:
and adding disturbance factors into the training data by using an attack algorithm to obtain disturbance data.
3. The method for obtaining an attack sample according to claim 2, wherein the training data is a training image, and the attack algorithm is:
Trans=(δR+xR)+(δG+xG)+(δB+xB)
Wherein, trans is disturbance data, x R、xG、xB is three components of any pixel point in the training image, delta R、δG、δB is three components of any pixel point in disturbance factor, and the disturbance factor is the image with the same size as the training image.
4. A method of obtaining an attack sample according to any of claims 1 to 3, wherein after performing a preset number of iterative computations on the initial attack sample using a gradient descent algorithm, the method further comprises:
Storing an iteration result generated after each iteration to a local end where a backup database is located;
and carrying out mirror image copying on the iteration result generated after each iteration to obtain a mirror image iteration result, and storing the mirror image iteration result to a different place end where a server of the backup database is located.
5. The method for acquiring the attack sample according to claim 1, wherein the acquiring training data of the classification model includes:
The training data is obtained from a blockchain used to store the training data using a pessimistic lock.
6. An attack sample acquisition device for implementing the attack sample acquisition method according to any one of claims 1 to 5, characterized in that the device comprises:
the data acquisition module is used for acquiring the classification model, training data of the classification model and a data tag corresponding to the training data;
the disturbance data generation module is used for generating disturbance data corresponding to the training data by utilizing an attack algorithm;
The label prediction module is used for predicting the disturbance data by using the classification model to obtain a prediction label;
The initial attack sample generation module is used for determining the disturbance data as an initial attack sample when the prediction label is inconsistent with the data label corresponding to the training data;
the standard attack sample generation module is used for carrying out iterative computation on the initial attack samples for preset times by utilizing a gradient descent algorithm, calculating the distance values between all initial update attack samples generated by iteration and the training data, and acquiring the initial update attack sample corresponding to the minimum distance value as the standard attack sample.
7. An electronic device, the electronic device comprising:
at least one processor; and
A memory communicatively coupled to the at least one processor; wherein,
The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of acquiring an attack sample according to any of claims 1 to 5.
8. A computer-readable storage medium comprising a storage data area storing created data and a storage program area storing a computer program; wherein the computer program, when executed by a processor, implements the method of obtaining an attack sample according to any of claims 1 to 5.
CN202010610570.8A 2020-06-30 2020-06-30 Method, device, equipment and medium for acquiring attack sample Active CN111783982B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010610570.8A CN111783982B (en) 2020-06-30 2020-06-30 Method, device, equipment and medium for acquiring attack sample

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010610570.8A CN111783982B (en) 2020-06-30 2020-06-30 Method, device, equipment and medium for acquiring attack sample

Publications (2)

Publication Number Publication Date
CN111783982A CN111783982A (en) 2020-10-16
CN111783982B true CN111783982B (en) 2024-06-04

Family

ID=72760334

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010610570.8A Active CN111783982B (en) 2020-06-30 2020-06-30 Method, device, equipment and medium for acquiring attack sample

Country Status (1)

Country Link
CN (1) CN111783982B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112215292B (en) * 2020-10-19 2022-03-29 电子科技大学 Image countermeasure sample generation device and method based on mobility
CN112419820B (en) * 2020-11-04 2022-04-26 武汉大学 Block chain attack and defense virtual simulation experiment teaching system and method
CN112446025B (en) * 2020-11-23 2024-07-26 平安科技(深圳)有限公司 Federal learning defense method, federal learning defense device, electronic equipment and storage medium
CN112910865B (en) * 2021-01-20 2022-04-05 西安电子科技大学 Inference attack stage maximum likelihood estimation method and system based on factor graph
CN112836764B (en) * 2021-03-02 2023-07-28 中山大学 Universal target attack method and device for target classification system
CN114241268B (en) * 2021-12-21 2024-09-03 支付宝(杭州)信息技术有限公司 Model training method, device and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107248996A (en) * 2017-06-29 2017-10-13 南京邮电大学 A kind of detection of DNS amplification attacks and filter method
CN110334742A (en) * 2019-06-10 2019-10-15 浙江大学 A kind of figure confrontation sample generating method by adding dummy node based on intensified learning
CN111027060A (en) * 2019-12-17 2020-04-17 电子科技大学 Knowledge distillation-based neural network black box attack type defense method
CN111209370A (en) * 2019-12-27 2020-05-29 同济大学 Text classification method based on neural network interpretability
CN111340180A (en) * 2020-02-10 2020-06-26 中国人民解放军国防科技大学 Countermeasure sample generation method and device for designated label, electronic equipment and medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170357911A1 (en) * 2014-12-18 2017-12-14 Asml Netherlands B.V. Feature search by machine learning

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107248996A (en) * 2017-06-29 2017-10-13 南京邮电大学 A kind of detection of DNS amplification attacks and filter method
CN110334742A (en) * 2019-06-10 2019-10-15 浙江大学 A kind of figure confrontation sample generating method by adding dummy node based on intensified learning
CN111027060A (en) * 2019-12-17 2020-04-17 电子科技大学 Knowledge distillation-based neural network black box attack type defense method
CN111209370A (en) * 2019-12-27 2020-05-29 同济大学 Text classification method based on neural network interpretability
CN111340180A (en) * 2020-02-10 2020-06-26 中国人民解放军国防科技大学 Countermeasure sample generation method and device for designated label, electronic equipment and medium

Also Published As

Publication number Publication date
CN111783982A (en) 2020-10-16

Similar Documents

Publication Publication Date Title
CN111783982B (en) Method, device, equipment and medium for acquiring attack sample
CN112257774B (en) Target detection method, device, equipment and storage medium based on federal learning
CN111814962B (en) Parameter acquisition method and device for identification model, electronic equipment and storage medium
CN112446544B (en) Traffic flow prediction model training method and device, electronic equipment and storage medium
CN112699775B (en) Certificate identification method, device, equipment and storage medium based on deep learning
CN112990374B (en) Image classification method, device, electronic equipment and medium
CN111932562B (en) Image identification method and device based on CT sequence, electronic equipment and medium
CN112137591B (en) Target object position detection method, device, equipment and medium based on video stream
CN111914939B (en) Method, apparatus, device and computer readable storage medium for recognizing blurred image
CN113705461B (en) Face definition detection method, device, equipment and storage medium
CN113327136B (en) Attribution analysis method, attribution analysis device, electronic equipment and storage medium
CN113298159B (en) Target detection method, target detection device, electronic equipment and storage medium
CN111476760B (en) Medical image generation method and device, electronic equipment and medium
CN111694844B (en) Enterprise operation data analysis method and device based on configuration algorithm and electronic equipment
CN112528633B (en) Text error correction method, apparatus, electronic device and computer readable storage medium
CN114913371B (en) Multi-task learning model training method and device, electronic equipment and storage medium
CN114494800B (en) Predictive model training method and device, electronic equipment and storage medium
CN113627394B (en) Face extraction method and device, electronic equipment and readable storage medium
CN112269875A (en) Text classification method and device, electronic equipment and storage medium
CN112101481B (en) Method, device, equipment and storage medium for screening influence factors of target object
CN115049836B (en) Image segmentation method, device, equipment and storage medium
CN116630712A (en) Information classification method and device based on modal combination, electronic equipment and medium
CN116664949A (en) Target object defect detection method, device, equipment and storage medium
CN113705686B (en) Image classification method, device, electronic equipment and readable storage medium
CN113869455B (en) Unsupervised clustering method and device, electronic equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant