Speech is easily leaked imperceptibly.When people use their phones,the personal voice assistant is constantly listening and waiting to be activated.Private content in speech may be maliciously extracted through automa...Speech is easily leaked imperceptibly.When people use their phones,the personal voice assistant is constantly listening and waiting to be activated.Private content in speech may be maliciously extracted through automatic speech recognition(ASR)technology by some applications on phone devices.To guarantee that the recognized speech content is accurate,speech enhancement technology is used to denoise the input speech.Speech enhancement technology has developed rapidly along with deep neural networks(DNNs),but adversarial examples can cause DNNs to fail.Considering that the vulnerability of DNN can be used to protect the privacy in speech.In this work,we propose an adversarial method to degrade speech enhancement systems,which can prevent the malicious extraction of private information in speech.Experimental results show that the generated enhanced adversarial examples can be removed most content of the target speech or replaced with target speech content by speech enhancement.The word error rate(WER)between the enhanced original example and enhanced adversarial example recognition result can reach 89.0%.WER of target attack between enhanced adversarial example and target example is low at 33.75%.The adversarial perturbation in the adversarial example can bring much more change than itself.The rate of difference between two enhanced examples and adversarial perturbation can reach more than 1.4430.Meanwhile,the transferability between different speech enhancement models is also investigated.The low transferability of the method can be used to ensure the content in the adversarial example is not damaged,the useful information can be extracted by the friendly ASR.This work can prevent the malicious extraction of speech.展开更多
Recent years have witnessed the ever-increasing performance of Deep Neural Networks(DNNs)in computer vision tasks.However,researchers have identified a potential vulnerability:carefully crafted adversarial examples ca...Recent years have witnessed the ever-increasing performance of Deep Neural Networks(DNNs)in computer vision tasks.However,researchers have identified a potential vulnerability:carefully crafted adversarial examples can easily mislead DNNs into incorrect behavior via the injection of imperceptible modification to the input data.In this survey,we focus on(1)adversarial attack algorithms to generate adversarial examples,(2)adversarial defense techniques to secure DNNs against adversarial examples,and(3)important problems in the realm of adversarial examples beyond attack and defense,including the theoretical explanations,trade-off issues and benign attacks in adversarial examples.Additionally,we draw a brief comparison between recently published surveys on adversarial examples,and identify the future directions for the research of adversarial examples,such as the generalization of methods and the understanding of transferability,that might be solutions to the open problems in this field.展开更多
The emergence of adversarial examples has revealed the inadequacies in the robustness of image classification models based on Convolutional Neural Networks (CNNs). Particularly in recent years, the discovery of natura...The emergence of adversarial examples has revealed the inadequacies in the robustness of image classification models based on Convolutional Neural Networks (CNNs). Particularly in recent years, the discovery of natural adversarial examples has posed significant challenges, as traditional defense methods against adversarial attacks have proven to be largely ineffective against these natural adversarial examples. This paper explores defenses against these natural adversarial examples from three perspectives: adversarial examples, model architecture, and dataset. First, it employs Class Activation Mapping (CAM) to visualize how models classify natural adversarial examples, identifying several typical attack patterns. Next, various common CNN models are analyzed to evaluate their susceptibility to these attacks, revealing that different architectures exhibit varying defensive capabilities. The study finds that as the depth of a network increases, its defenses against natural adversarial examples strengthen. Lastly, Finally, the impact of dataset class distribution on the defense capability of models is examined, focusing on two aspects: the number of classes in the training set and the number of predicted classes. This study investigates how these factors influence the model’s ability to defend against natural adversarial examples. Results indicate that reducing the number of training classes enhances the model’s defense against natural adversarial examples. Additionally, under a fixed number of training classes, some CNN models show an optimal range of predicted classes for achieving the best defense performance against these adversarial examples.展开更多
Network intrusion detection systems(IDS)are a prevalent method for safeguarding network traffic against attacks.However,existing IDS primarily depend on machine learning(ML)models,which are vulnerable to evasion throu...Network intrusion detection systems(IDS)are a prevalent method for safeguarding network traffic against attacks.However,existing IDS primarily depend on machine learning(ML)models,which are vulnerable to evasion through adversarial examples.In recent years,the Wasserstein Generative Adversarial Network(WGAN),based on Wasserstein distance,has been extensively utilized to generate adversarial examples.Nevertheless,several challenges persist:(1)WGAN experiences the mode collapse problem when generating multi-category network traffic data,leading to subpar quality and insufficient diversity in the generated data;(2)Due to unstable training processes,the authenticity of the data produced by WGAN is often low.This study improves WGAN to address these issues and proposes a new adversarial sample generation algorithm called Distortion Enhanced Multi-Generator Generative Adversarial Network(DEMGAN).DEMGAN effectively evades ML-based IDS by proficiently obfuscating network traffic data samples.We assess the efficacy of our attack method against five ML-based IDS using two public datasets.The results demonstrate that our method can successfully bypass IDS,achieving average evasion rates of 97.42%and 87.51%,respectively.Furthermore,empirical findings indicate that retraining the IDS with the generated adversarial samples significantly bolsters the system’s capability to detect adversarial samples,resulting in an average recognition rate increase of 86.78%.This approach not only enhances the performance of the IDS but also strengthens the network’s resilience against potential threats,thereby optimizing network security measures.展开更多
Transfer-based Adversarial Attacks(TAAs)can deceive a victim model even without prior knowledge.This is achieved by leveraging the property of adversarial examples.That is,when generated from a surrogate model,they re...Transfer-based Adversarial Attacks(TAAs)can deceive a victim model even without prior knowledge.This is achieved by leveraging the property of adversarial examples.That is,when generated from a surrogate model,they retain their features if applied to other models due to their good transferability.However,adversarial examples often exhibit overfitting,as they are tailored to exploit the particular architecture and feature representation of source models.Consequently,when attempting black-box transfer attacks on different target models,their effectiveness is decreased.To solve this problem,this study proposes an approach based on a Regularized Constrained Feature Layer(RCFL).The proposed method first uses regularization constraints to attenuate the initial examples of low-frequency components.Perturbations are then added to a pre-specified layer of the source model using the back-propagation technique,in order to modify the original adversarial examples.Afterward,a regularized loss function is used to enhance the black-box transferability between different target models.The proposed method is finally tested on the ImageNet,CIFAR-100,and Stanford Car datasets with various target models,The obtained results demonstrate that it achieves a significantly higher transfer-based adversarial attack success rate compared with baseline techniques.展开更多
[Objective] Taking the characteristic of flower diameter of Tagetes L.as an example,this study aimed to select example varieties used in the DUS Test Guideline of Tagetes L.[Method] Two continuous years of measurement...[Objective] Taking the characteristic of flower diameter of Tagetes L.as an example,this study aimed to select example varieties used in the DUS Test Guideline of Tagetes L.[Method] Two continuous years of measurements of flower diameter of 25 varieties were collected and then analyzed by using the box plot to illustrate the uniformity and stability of flower diameter of each variety.[Result] According to the information of variability,distribution symmetry of measurements and outliers of flower diameter of varieties provided by box plots,variety 16,2 and 4 were selected as the example varieties for the three expression states with respective flower diameter of 3.0-4.4,6.0-7.4 and 9.0-10.4 cm.[Conclusion] The box plot is an efficient method for the general analysis of varieties,which provides information covering the actual and possible expression range,median and outliers of measurements of flower diameter of each variety.It also provides references for selecting example varieties for other quantitative characteristics and evaluating the quality of varieties.展开更多
In order to narrow the semantic gap existing in content-based image retrieval (CBIR),a novel retrieval technology called auto-extended multi query examples (AMQE) is proposed.It expands the single one query image ...In order to narrow the semantic gap existing in content-based image retrieval (CBIR),a novel retrieval technology called auto-extended multi query examples (AMQE) is proposed.It expands the single one query image used in traditional image retrieval into multi query examples so as to include more image features related with semantics.Retrieving images for each of the multi query examples and integrating the retrieval results,more relevant images can be obtained.The property of the recall-precision curve of a general retrieval algorithm and the K-means clustering method are used to realize the expansion according to the distance of image features of the initially retrieved images.The experimental results demonstrate that the AMQE technology can greatly improve the recall and precision of the original algorithms.展开更多
Synthesizing images or texts automatically becomes a useful research area in the artificial intelligence nowadays.Generative adversarial networks(GANs),proposed by Goodfellow,et al.in 2014,make this task to be done mo...Synthesizing images or texts automatically becomes a useful research area in the artificial intelligence nowadays.Generative adversarial networks(GANs),proposed by Goodfellow,et al.in 2014,make this task to be done more efficiently by using deep neural networks(DNNs).The authors consider generating corresponding images from a single-sentence input text description using a GAN.Specifically,the authors analyze the GAN-CLS algorithm,which is a kind of advanced method of GAN proposed by Reed,et al.in 2016.In this paper the authors show the theoretical problem with this algorithm and correct it by modifying the objective function of the model.Experiments are performed on the Oxford-102 dataset and the CUB dataset to support the theoretical results.Since the proposed modification can be seen as an idea which can be used to improve all such kind of GAN models,the authors try two models,GAN-CLS and AttnGAN_(GPT).As a result,in both of the two models,the proposed modified algorithm is more stable and can generate images which are more plausible than the original algorithm.Also,some of the generated images match the input texts better,and the proposed modified algorithm has better performance on the quantitative indicators including FID and Inception Score.Finally,the authors propose some future application prospect of the modification idea,especially in the area of large language models.展开更多
Objective The dissolution and precipitation of carbonate during burial diagenetic process controls the reservoir property in deep buried strata. The geological process related with it has become a research focus durin...Objective The dissolution and precipitation of carbonate during burial diagenetic process controls the reservoir property in deep buried strata. The geological process related with it has become a research focus during recent years. The most important dissolution fluids to carbonates are probably H2S and CO2 as byproducts of sulfate reduction in deep-buried setting with sulfate minerals, but carbonates are more soluble in relatively low temperature, which is the so-called retrograde solubility. Several geological processes can result in the decrease of temperature, including the upward migration of thermal fluids and tectonic uplift.展开更多
A simple and effective image inpainting method is proposed in this paper, which is proved to be suitable for different kinds of target regions with shapes from little scraps to large unseemly objects in a wide range o...A simple and effective image inpainting method is proposed in this paper, which is proved to be suitable for different kinds of target regions with shapes from little scraps to large unseemly objects in a wide range of images. It is an important improvement upon the traditional image inpainting techniques. By introducing a new bijeetive-mapping term into the matching cost function, the artificial repetition problem in the final inpainting image is practically solved. In addition, by adopting an inpainting error map, not only the target pixels are refined gradually during the inpainting process but also the overlapped target patches are combined more seamlessly than previous method. Finally, the inpainting time is dramatically decreased by using a new acceleration method in the matching process.展开更多
The role of authigenic clay growth in clay gouge is increasingly recognized as a key to understanding the mechanics of berittle faulting and fault zone processes,including creep and seismogenesis,and providing new ins...The role of authigenic clay growth in clay gouge is increasingly recognized as a key to understanding the mechanics of berittle faulting and fault zone processes,including creep and seismogenesis,and providing new insights into the ongoing debate about the frictional strength of brittle fault(Haines and van der Pluijm,2012).However,neither the conditions nor the processes which展开更多
Objective Authigenic pyrite often develops extensively in marine sediments,which is an important product of sulfate reduction in an anoxic environment.It has a specific appearance and complicated sulfur isotopic prope...Objective Authigenic pyrite often develops extensively in marine sediments,which is an important product of sulfate reduction in an anoxic environment.It has a specific appearance and complicated sulfur isotopic properties,and acts as important evidence of methane seep in marine sediments.Strong AOM(anaerobic oxidation of methane)activity has developed in the Okinawa Trough.展开更多
The license plate recognition system(LPRS)has been widely adopted in daily life due to its efficiency and high accuracy.Deep neural networks are commonly used in the LPRS to improve the recognition accuracy.However,re...The license plate recognition system(LPRS)has been widely adopted in daily life due to its efficiency and high accuracy.Deep neural networks are commonly used in the LPRS to improve the recognition accuracy.However,researchers have found that deep neural networks have their own security problems that may lead to unexpected results.Specifically,they can be easily attacked by the adversarial examples that are generated by adding small perturbations to the original images,resulting in incorrect license plate recognition.There are some classic methods to generate adversarial examples,but they cannot be adopted on LPRS directly.In this paper,we modify some classic methods to generate adversarial examples that could mislead the LPRS.We conduct extensive evaluations on the HyperLPR system and the results show that the system could be easily attacked by such adversarial examples.In addition,we show that the generated images could also attack the black-box systems;we show some examples that the Baidu LPR system also makes incorrect recognitions.We hope this paper could help improve the LPRS by realizing the existence of such adversarial attacks.展开更多
Adversarial examples are hot topics in the field of security in deep learning.The feature,generation methods,attack and defense methods of the adversarial examples are focuses of the current research on adversarial ex...Adversarial examples are hot topics in the field of security in deep learning.The feature,generation methods,attack and defense methods of the adversarial examples are focuses of the current research on adversarial examples.This article explains the key technologies and theories of adversarial examples from the concept of adversarial examples,the occurrences of the adversarial examples,the attacking methods of adversarial examples.This article lists the possible reasons for the adversarial examples.This article also analyzes several typical generation methods of adversarial examples in detail:Limited-memory BFGS(L-BFGS),Fast Gradient Sign Method(FGSM),Basic Iterative Method(BIM),Iterative Least-likely Class Method(LLC),etc.Furthermore,in the perspective of the attack methods and reasons of the adversarial examples,the main defense techniques for the adversarial examples are listed:preprocessing,regularization and adversarial training method,distillation method,etc.,which application scenarios and deficiencies of different defense measures are pointed out.This article further discusses the application of adversarial examples which currently is mainly used in adversarial evaluation and adversarial training.Finally,the overall research direction of the adversarial examples is prospected to completely solve the adversarial attack problem.There are still a lot of practical and theoretical problems that need to be solved.Finding out the characteristics of the adversarial examples,giving a mathematical description of its practical application prospects,exploring the universal method of adversarial example generation and the generation mechanism of the adversarial examples are the main research directions of the adversarial examples in the future.展开更多
Image-denoising techniques are widely used to defend against Adversarial Examples(AEs).However,denoising alone cannot completely eliminate adversarial perturbations.The remaining perturbations tend to amplify as they ...Image-denoising techniques are widely used to defend against Adversarial Examples(AEs).However,denoising alone cannot completely eliminate adversarial perturbations.The remaining perturbations tend to amplify as they propagate through deeper layers of the network,leading to misclassifications.Moreover,image denoising compromises the classification accuracy of original examples.To address these challenges in AE defense through image denoising,this paper proposes a novel AE detection technique.The proposed technique combines multiple traditional image-denoising algorithms and Convolutional Neural Network(CNN)network structures.The used detector model integrates the classification results of different models as the input to the detector and calculates the final output of the detector based on a machine-learning voting algorithm.By analyzing the discrepancy between predictions made by the model on original examples and denoised examples,AEs are detected effectively.This technique reduces computational overhead without modifying the model structure or parameters,effectively avoiding the error amplification caused by denoising.The proposed approach demonstrates excellent detection performance against mainstream AE attacks.Experimental results show outstanding detection performance in well-known AE attacks,including Fast Gradient Sign Method(FGSM),Basic Iteration Method(BIM),DeepFool,and Carlini&Wagner(C&W),achieving a 94%success rate in FGSM detection,while only reducing the accuracy of clean examples by 4%.展开更多
基金This work was supported by the National Natural Science Foundation of China(Grant No.61300055)Zhejiang Natural Science Foundation(Grant No.LY20F020010)+2 种基金Ningbo Science and Technology Innovation Project(Grant No.2022Z075)Ningbo Natural Science Foundation(Grant No.202003N4089)K.C.Wong Magna Fund in Ningbo University.
文摘Speech is easily leaked imperceptibly.When people use their phones,the personal voice assistant is constantly listening and waiting to be activated.Private content in speech may be maliciously extracted through automatic speech recognition(ASR)technology by some applications on phone devices.To guarantee that the recognized speech content is accurate,speech enhancement technology is used to denoise the input speech.Speech enhancement technology has developed rapidly along with deep neural networks(DNNs),but adversarial examples can cause DNNs to fail.Considering that the vulnerability of DNN can be used to protect the privacy in speech.In this work,we propose an adversarial method to degrade speech enhancement systems,which can prevent the malicious extraction of private information in speech.Experimental results show that the generated enhanced adversarial examples can be removed most content of the target speech or replaced with target speech content by speech enhancement.The word error rate(WER)between the enhanced original example and enhanced adversarial example recognition result can reach 89.0%.WER of target attack between enhanced adversarial example and target example is low at 33.75%.The adversarial perturbation in the adversarial example can bring much more change than itself.The rate of difference between two enhanced examples and adversarial perturbation can reach more than 1.4430.Meanwhile,the transferability between different speech enhancement models is also investigated.The low transferability of the method can be used to ensure the content in the adversarial example is not damaged,the useful information can be extracted by the friendly ASR.This work can prevent the malicious extraction of speech.
基金Supported by the National Natural Science Foundation of China(U1903214,62372339,62371350,61876135)the Ministry of Education Industry University Cooperative Education Project(202102246004,220800006041043,202002142012)the Fundamental Research Funds for the Central Universities(2042023kf1033)。
文摘Recent years have witnessed the ever-increasing performance of Deep Neural Networks(DNNs)in computer vision tasks.However,researchers have identified a potential vulnerability:carefully crafted adversarial examples can easily mislead DNNs into incorrect behavior via the injection of imperceptible modification to the input data.In this survey,we focus on(1)adversarial attack algorithms to generate adversarial examples,(2)adversarial defense techniques to secure DNNs against adversarial examples,and(3)important problems in the realm of adversarial examples beyond attack and defense,including the theoretical explanations,trade-off issues and benign attacks in adversarial examples.Additionally,we draw a brief comparison between recently published surveys on adversarial examples,and identify the future directions for the research of adversarial examples,such as the generalization of methods and the understanding of transferability,that might be solutions to the open problems in this field.
文摘The emergence of adversarial examples has revealed the inadequacies in the robustness of image classification models based on Convolutional Neural Networks (CNNs). Particularly in recent years, the discovery of natural adversarial examples has posed significant challenges, as traditional defense methods against adversarial attacks have proven to be largely ineffective against these natural adversarial examples. This paper explores defenses against these natural adversarial examples from three perspectives: adversarial examples, model architecture, and dataset. First, it employs Class Activation Mapping (CAM) to visualize how models classify natural adversarial examples, identifying several typical attack patterns. Next, various common CNN models are analyzed to evaluate their susceptibility to these attacks, revealing that different architectures exhibit varying defensive capabilities. The study finds that as the depth of a network increases, its defenses against natural adversarial examples strengthen. Lastly, Finally, the impact of dataset class distribution on the defense capability of models is examined, focusing on two aspects: the number of classes in the training set and the number of predicted classes. This study investigates how these factors influence the model’s ability to defend against natural adversarial examples. Results indicate that reducing the number of training classes enhances the model’s defense against natural adversarial examples. Additionally, under a fixed number of training classes, some CNN models show an optimal range of predicted classes for achieving the best defense performance against these adversarial examples.
基金supported by the National Defense Basic Scientific Research Programof China under grant No.JCKY2023602C026.
文摘Network intrusion detection systems(IDS)are a prevalent method for safeguarding network traffic against attacks.However,existing IDS primarily depend on machine learning(ML)models,which are vulnerable to evasion through adversarial examples.In recent years,the Wasserstein Generative Adversarial Network(WGAN),based on Wasserstein distance,has been extensively utilized to generate adversarial examples.Nevertheless,several challenges persist:(1)WGAN experiences the mode collapse problem when generating multi-category network traffic data,leading to subpar quality and insufficient diversity in the generated data;(2)Due to unstable training processes,the authenticity of the data produced by WGAN is often low.This study improves WGAN to address these issues and proposes a new adversarial sample generation algorithm called Distortion Enhanced Multi-Generator Generative Adversarial Network(DEMGAN).DEMGAN effectively evades ML-based IDS by proficiently obfuscating network traffic data samples.We assess the efficacy of our attack method against five ML-based IDS using two public datasets.The results demonstrate that our method can successfully bypass IDS,achieving average evasion rates of 97.42%and 87.51%,respectively.Furthermore,empirical findings indicate that retraining the IDS with the generated adversarial samples significantly bolsters the system’s capability to detect adversarial samples,resulting in an average recognition rate increase of 86.78%.This approach not only enhances the performance of the IDS but also strengthens the network’s resilience against potential threats,thereby optimizing network security measures.
基金supported by the Intelligent Policing Key Laboratory of Sichuan Province(No.ZNJW2022KFZD002)This work was supported by the Scientific and Technological Research Program of Chongqing Municipal Education Commission(Grant Nos.KJQN202302403,KJQN202303111).
文摘Transfer-based Adversarial Attacks(TAAs)can deceive a victim model even without prior knowledge.This is achieved by leveraging the property of adversarial examples.That is,when generated from a surrogate model,they retain their features if applied to other models due to their good transferability.However,adversarial examples often exhibit overfitting,as they are tailored to exploit the particular architecture and feature representation of source models.Consequently,when attempting black-box transfer attacks on different target models,their effectiveness is decreased.To solve this problem,this study proposes an approach based on a Regularized Constrained Feature Layer(RCFL).The proposed method first uses regularization constraints to attenuate the initial examples of low-frequency components.Perturbations are then added to a pre-specified layer of the source model using the back-propagation technique,in order to modify the original adversarial examples.Afterward,a regularized loss function is used to enhance the black-box transferability between different target models.The proposed method is finally tested on the ImageNet,CIFAR-100,and Stanford Car datasets with various target models,The obtained results demonstrate that it achieves a significantly higher transfer-based adversarial attack success rate compared with baseline techniques.
基金Supported by the Special Fund for Agro-scientific Research in the Public Interest(200903008-14)the National "948" Project(2009-Z11)~~
文摘[Objective] Taking the characteristic of flower diameter of Tagetes L.as an example,this study aimed to select example varieties used in the DUS Test Guideline of Tagetes L.[Method] Two continuous years of measurements of flower diameter of 25 varieties were collected and then analyzed by using the box plot to illustrate the uniformity and stability of flower diameter of each variety.[Result] According to the information of variability,distribution symmetry of measurements and outliers of flower diameter of varieties provided by box plots,variety 16,2 and 4 were selected as the example varieties for the three expression states with respective flower diameter of 3.0-4.4,6.0-7.4 and 9.0-10.4 cm.[Conclusion] The box plot is an efficient method for the general analysis of varieties,which provides information covering the actual and possible expression range,median and outliers of measurements of flower diameter of each variety.It also provides references for selecting example varieties for other quantitative characteristics and evaluating the quality of varieties.
基金The National High Technology Research and Develop-ment Program of China (863 Program) (No.2002AA413420).
文摘In order to narrow the semantic gap existing in content-based image retrieval (CBIR),a novel retrieval technology called auto-extended multi query examples (AMQE) is proposed.It expands the single one query image used in traditional image retrieval into multi query examples so as to include more image features related with semantics.Retrieving images for each of the multi query examples and integrating the retrieval results,more relevant images can be obtained.The property of the recall-precision curve of a general retrieval algorithm and the K-means clustering method are used to realize the expansion according to the distance of image features of the initially retrieved images.The experimental results demonstrate that the AMQE technology can greatly improve the recall and precision of the original algorithms.
基金supported by the National Natural Science Foundation of China under Grant No.12288201。
文摘Synthesizing images or texts automatically becomes a useful research area in the artificial intelligence nowadays.Generative adversarial networks(GANs),proposed by Goodfellow,et al.in 2014,make this task to be done more efficiently by using deep neural networks(DNNs).The authors consider generating corresponding images from a single-sentence input text description using a GAN.Specifically,the authors analyze the GAN-CLS algorithm,which is a kind of advanced method of GAN proposed by Reed,et al.in 2016.In this paper the authors show the theoretical problem with this algorithm and correct it by modifying the objective function of the model.Experiments are performed on the Oxford-102 dataset and the CUB dataset to support the theoretical results.Since the proposed modification can be seen as an idea which can be used to improve all such kind of GAN models,the authors try two models,GAN-CLS and AttnGAN_(GPT).As a result,in both of the two models,the proposed modified algorithm is more stable and can generate images which are more plausible than the original algorithm.Also,some of the generated images match the input texts better,and the proposed modified algorithm has better performance on the quantitative indicators including FID and Inception Score.Finally,the authors propose some future application prospect of the modification idea,especially in the area of large language models.
基金financially supported by the NationalScience Foundation of China(grants No.41402293 and 41502089)the China Geological Survey Program (grant No.121201021000150009)
文摘Objective The dissolution and precipitation of carbonate during burial diagenetic process controls the reservoir property in deep buried strata. The geological process related with it has become a research focus during recent years. The most important dissolution fluids to carbonates are probably H2S and CO2 as byproducts of sulfate reduction in deep-buried setting with sulfate minerals, but carbonates are more soluble in relatively low temperature, which is the so-called retrograde solubility. Several geological processes can result in the decrease of temperature, including the upward migration of thermal fluids and tectonic uplift.
基金Supported by the National Natural Science Foundation of China (No. 60403044, No. 60373070) and partly funded by Microsoft Research Asia: Project 2004-Image-01.
文摘A simple and effective image inpainting method is proposed in this paper, which is proved to be suitable for different kinds of target regions with shapes from little scraps to large unseemly objects in a wide range of images. It is an important improvement upon the traditional image inpainting techniques. By introducing a new bijeetive-mapping term into the matching cost function, the artificial repetition problem in the final inpainting image is practically solved. In addition, by adopting an inpainting error map, not only the target pixels are refined gradually during the inpainting process but also the overlapped target patches are combined more seamlessly than previous method. Finally, the inpainting time is dramatically decreased by using a new acceleration method in the matching process.
基金financed by the National Youth Sciences Foundation of China (No. 41502044)
文摘The role of authigenic clay growth in clay gouge is increasingly recognized as a key to understanding the mechanics of berittle faulting and fault zone processes,including creep and seismogenesis,and providing new insights into the ongoing debate about the frictional strength of brittle fault(Haines and van der Pluijm,2012).However,neither the conditions nor the processes which
基金supported by the National Natural Science Foundation of China (grants No.41306062 and 41474119)the Key Laboratory of Gas Hydrate Foundation (grant No.SHW[2014]-DX-04)
文摘Objective Authigenic pyrite often develops extensively in marine sediments,which is an important product of sulfate reduction in an anoxic environment.It has a specific appearance and complicated sulfur isotopic properties,and acts as important evidence of methane seep in marine sediments.Strong AOM(anaerobic oxidation of methane)activity has developed in the Okinawa Trough.
基金This work is supported by the National Natural Science Foundation of China under Grant Nos.U1636215,61902082the Guangdong Key R&D Program of China 2019B010136003National Key R&D Program of China 2019YFB1706003.
文摘The license plate recognition system(LPRS)has been widely adopted in daily life due to its efficiency and high accuracy.Deep neural networks are commonly used in the LPRS to improve the recognition accuracy.However,researchers have found that deep neural networks have their own security problems that may lead to unexpected results.Specifically,they can be easily attacked by the adversarial examples that are generated by adding small perturbations to the original images,resulting in incorrect license plate recognition.There are some classic methods to generate adversarial examples,but they cannot be adopted on LPRS directly.In this paper,we modify some classic methods to generate adversarial examples that could mislead the LPRS.We conduct extensive evaluations on the HyperLPR system and the results show that the system could be easily attacked by such adversarial examples.In addition,we show that the generated images could also attack the black-box systems;we show some examples that the Baidu LPR system also makes incorrect recognitions.We hope this paper could help improve the LPRS by realizing the existence of such adversarial attacks.
基金This work is supported by the NSFC[Grant Nos.61772281,61703212]the Priority Academic Program Development of Jiangsu Higher Education Institutions(PAPD)and Jiangsu Collaborative Innovation Center on Atmospheric Environment and Equipment Technology(CICAEET).
文摘Adversarial examples are hot topics in the field of security in deep learning.The feature,generation methods,attack and defense methods of the adversarial examples are focuses of the current research on adversarial examples.This article explains the key technologies and theories of adversarial examples from the concept of adversarial examples,the occurrences of the adversarial examples,the attacking methods of adversarial examples.This article lists the possible reasons for the adversarial examples.This article also analyzes several typical generation methods of adversarial examples in detail:Limited-memory BFGS(L-BFGS),Fast Gradient Sign Method(FGSM),Basic Iterative Method(BIM),Iterative Least-likely Class Method(LLC),etc.Furthermore,in the perspective of the attack methods and reasons of the adversarial examples,the main defense techniques for the adversarial examples are listed:preprocessing,regularization and adversarial training method,distillation method,etc.,which application scenarios and deficiencies of different defense measures are pointed out.This article further discusses the application of adversarial examples which currently is mainly used in adversarial evaluation and adversarial training.Finally,the overall research direction of the adversarial examples is prospected to completely solve the adversarial attack problem.There are still a lot of practical and theoretical problems that need to be solved.Finding out the characteristics of the adversarial examples,giving a mathematical description of its practical application prospects,exploring the universal method of adversarial example generation and the generation mechanism of the adversarial examples are the main research directions of the adversarial examples in the future.
基金supported in part by the Natural Science Foundation of Hunan Province under Grant Nos.2023JJ30316 and 2022JJ2029in part by a project supported by Scientific Research Fund of Hunan Provincial Education Department under Grant No.22A0686+1 种基金in part by the National Natural Science Foundation of China under Grant No.62172058Researchers Supporting Project(No.RSP2023R102)King Saud University,Riyadh,Saudi Arabia.
文摘Image-denoising techniques are widely used to defend against Adversarial Examples(AEs).However,denoising alone cannot completely eliminate adversarial perturbations.The remaining perturbations tend to amplify as they propagate through deeper layers of the network,leading to misclassifications.Moreover,image denoising compromises the classification accuracy of original examples.To address these challenges in AE defense through image denoising,this paper proposes a novel AE detection technique.The proposed technique combines multiple traditional image-denoising algorithms and Convolutional Neural Network(CNN)network structures.The used detector model integrates the classification results of different models as the input to the detector and calculates the final output of the detector based on a machine-learning voting algorithm.By analyzing the discrepancy between predictions made by the model on original examples and denoised examples,AEs are detected effectively.This technique reduces computational overhead without modifying the model structure or parameters,effectively avoiding the error amplification caused by denoising.The proposed approach demonstrates excellent detection performance against mainstream AE attacks.Experimental results show outstanding detection performance in well-known AE attacks,including Fast Gradient Sign Method(FGSM),Basic Iteration Method(BIM),DeepFool,and Carlini&Wagner(C&W),achieving a 94%success rate in FGSM detection,while only reducing the accuracy of clean examples by 4%.
