What technology area does this patent fall under?

Primary CPC classification G06V20/56. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Apr 27 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Detecting adversarial samples by a vision based perception system

US10990855B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10990855-B2
Application number	US-201916440973-A
Country	US
Kind code	B2
Filing date	Jun 13, 2019
Priority date	Jun 13, 2019
Publication date	Apr 27, 2021
Grant date	Apr 27, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In one embodiment, a system receives a first image captured by a capturing device of an ADV. The system applies an image transformation to the first image to generate a second image. The system applies an object detection model to the first and the second images to generate a first and a second output, respectively. The system calculates a similarity metric between the first and the second output. The system detects the first image as an adversarial sample if a temporal variation of the similarity metric between the first image and a prior image is above a threshold.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method, comprising: receiving a first image captured by a capturing device of an autonomous driving vehicle (ADV); performing an image transformation to transform the first image to a second image; applying an object detection model to the first image and the second image to generate a first output and a second output, respectively; calculating a similarity metric calculated based on a distance between the first output and the second output, wherein the distance includes differences in a class prediction, a number of bounding boxes, and overlapping regions of the bounding boxes; detecting that the first image as an adversarial sample if a temporal variation of the similarity metric between the first image and a prior image is above a predetermined threshold; and activating a failsafe mechanism for the ADV if an adversarial sample is detected, wherein the failsafe mechanism includes ignoring the adversarial sample or transferring control to a user of the ADV if the ADV is in self-driving mode. 2. The method of claim 1 , wherein each of the first output and the second output includes a list of bounding boxes, the locations of the bounding boxes, and annotation of each class objects for the bounding boxes for the input image. 3. The method of claim 1 , wherein the image transformation includes a color depth reduction, an image compression, or a blurring transformation. 4. A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations, the operations comprising: receiving a first image captured by a capturing device of an autonomous driving vehicle (ADV); performing an image transformation to transform the first image to a second image; applying an object detection model to the first image and the second image to generate a first output and a second output, respectively; calculating a similarity metric calculated based on a distance between the first output and the second output, wherein the distance includes differences in a class prediction, a number of bounding boxes, and overlapping regions of the bounding boxes; detecting that the first image as an adversarial sample if a temporal variation of the similarity metric between the first image and a prior image is above a predetermined threshold; and activating a failsafe mechanism for the ADV if an adversarial sample is detected, wherein the failsafe mechanism includes ignoring the adversarial sample or transferring control to a user of the ADV if the ADV is in self-driving mode. 5. The non-transitory machine-readable medium of claim 4 , wherein each of the first output and the second output includes a list of bounding boxes, the locations of the bounding boxes, and annotation of each class objects for the bounding boxes for the input image. 6. The non-transitory machine-readable medium of claim 4 , wherein the image transformation includes a color depth reduction, an image compression, or a blurring transformation. 7. A data processing system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations, the operations including receiving a first image captured by a capturing device of an autonomous driving vehicle (ADV), performing an image transformation to transform the first image to a second image, applying an object detection model to the first image and the second image to generate a first output and a second output, respectively, calculating a similarity metric calculated based on a distance between the first output and the second output, wherein the distance includes differences in a class prediction, a number of bounding boxes, and overlapping regions of the bounding boxes, detecting that the first image as an adversarial sample if a temporal variation of the similarity metric between the first image and a prior image is above a predetermined threshold; and activating a failsafe mechanism for the ADV if an adversarial sample is detected, wherein the failsafe mechanism includes ignoring the adversarial sample or transferring control to a user of the ADV if the ADV is in self-driving mode. 8. The system of claim 7 , wherein each of the first output and the second output includes a list of bounding boxes, the locations of the bounding boxes, and annotation of each class objects for the bounding boxes for the input image. 9. The system of claim 7 , wherein the image transformation includes a color depth reduction, an image compression, or a blurring transformation. 10. The method of claim 1 , wherein the distance is calculated based on an equation with one or more weighted factors. 11. The method of claim 10 , wherein the one more weighted factors include a percentage of matching object classification for each of the bounding boxes. 12. The method of claim 10 , wherein the one more weighted factors include a ratio for the number of bounding boxes. 13. The method of claim 10 , wherein the one more weighted factors include a difference in confidence scores for the bounding boxes. 14. The non-transitory machine-readable medium of claim 4 , wherein the distance is calculated based on an equation with one or more weighted factors. 15. The non-transitory machine-readable medium of claim 14 , wherein the one more weighted factors include a percentage of matching object classification for each of the bounding boxes. 16. The non-transitory machine-readable medium of claim 14 , wherein the one more weighted factors include a ratio for the number of bounding boxes. 17. The non-transitory machine-readable medium of claim 14 , wherein the one more weighted factors include a difference in confidence scores for the bounding boxes. 18. The system of claim 7 , wherein the distance is calculated based on an equation with one or more weighted factors. 19. The system of claim 18 , wherein the one more weighted factors include a percentage of matching object classification for each of the bounding boxes. 20. The system of claim 18 , wherein the one more weighted factors include a ratio for the number of bounding boxes. 21. The system of claim 18 , wherein the one more weighted factors include a difference in confidence scores for the bounding boxes.

Assignees

Baidu Usa Llc

Inventors

Classifications

G06V30/248
involving plural approaches, e.g. verification by template match; Resolving confusion among similar patterns, e.g. "O" versus "Q" (G06V30/242 takes precedence) · CPC title
G06F18/2193
based on specific statistical tests · CPC title
G06V20/56Primary
exterior to a vehicle by using sensors mounted on the vehicle · CPC title
G06N3/045
Combinations of networks · CPC title
G06F18/241
relating to the classification model, e.g. parametric or non-parametric approaches · CPC title

Patent family

Related publications grouped by family.

View patent family 70056979

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10990855B2 cover?: In one embodiment, a system receives a first image captured by a capturing device of an ADV. The system applies an image transformation to the first image to generate a second image. The system applies an object detection model to the first and the second images to generate a first and a second output, respectively. The system calculates a similarity metric between the first and the second outp…
Who is the assignee on this patent?: Baidu Usa Llc
What technology area does this patent fall under?: Primary CPC classification G06V20/56. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Apr 27 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).