Neural network model stealing defense method in AIoT scene

A neural network model and scene technology, applied in the field of neural network model theft defense, can solve problems such as model theft, inability to obtain private information, data leakage, etc., and achieve the effect of low cost, guaranteed security, and avoiding leakage

Active Publication Date: 2020-03-31
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF9 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] In terms of model stealing detection, M.Juuti et al. proposed a model stealing detection method based on the difference between the attacker's query distribution and the normal customer query distribution; in terms of model stealing detection defense, N.Papernot et al. Private student-teacher network architecture, and through this network architecture, the direct connection between the training set and the final deployment model is isolated, so that attackers cannot directly obtain the private information in the original training set through public APIs
[0008] However, in the AIoT scenario, data leakage may occur when the edge device transmits data to the cloud server, resulting in model theft.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Neural network model stealing defense method in AIoT scene
  • Neural network model stealing defense method in AIoT scene
  • Neural network model stealing defense method in AIoT scene

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0069] Different from the existing model theft detection and defense method scenarios, this invention considers that in the AIoT scenario, data leakage may occur when the edge device transmits data to the cloud server, resulting in model theft, and proposes a brand new model theft defense method. Starting from the characteristics of the neural network itself, the present invention proposes a neural network-based model stealing defense method; the defense against model stealing is realized by encrypting inferred data images and labels, the encrypted image part is based on neural network-like activation mapping technology, and the encrypted label part is based on Undercomplete autoencoder techniques.

[0070] For the convenience of those skilled in the art to understand the content of the present invention, the following prior art is now described:

[0071] 1. Neural Network Activation Mapping Technology

[0072] The neural network class activation mapping technology was first ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a neural network model stealing defense method in an AIoT scene. Application to the field of network safety, aIoT scenario, in order to solve the problem of model stealing caused by data leakage possibly occurring when edge end equipment transmits data to a cloud server, the invention realizes defense of model stealing by encrypting an inference data image and a label, an encrypted image part is based on a neural network class activation mapping technology, and an encrypted label part is based on an under-complete auto-encoder technology; the method mainly comprises a training stage and a deployment stage, the training stage is carried out on a server, the deployment stage is carried out after the training stage is completed, data of the training stage is deployed to edge end equipment and a cloud server, and the method can effectively prevent a neural network model in an AIoT scene from being stolen.

Description

technical field [0001] The invention belongs to the field of network defense, in particular to a neural network model stealing defense technology. Background technique [0002] Model stealing is a serious threat to neural network (NN) based artificial intelligence (AI) applications. Such as figure 1 As shown, the principle of model stealing is to send a large number of inferred requests to public machine learning APIs such as Amazon AWS, Microsoft Azure, Google Cloud, and BigML. And the output and input of the API can constitute the training data set of the stolen model, and then use various common machine learning models for training and find the best results. The purpose of stealing a model is to bypass the original model and use an alternative model to obtain future predictions for commercial gain. and / or steal model knowledge and generate transferable adversarial samples that can be used to perturb the original model to make wrong predictions. Model stealing technolo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/62G06F21/60G06N3/04
CPCG06F21/6245G06F21/602G06N3/04
Inventor 江维詹瑾瑜龚子成何致远潘唯迦吴俊廷
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap