Method and device for protecting neural network model security

A neural network model and network model technology, applied in biological neural network models, neural learning methods, neural architectures, etc., can solve problems such as attackers or gray-produced attacks, stealing model sensitive information, etc., to achieve privacy protection and guarantee prediction. performance, the effect of reducing resource consumption
CN112100628BActive Publication Date: 2021-02-05ALIPAY (HANGZHOU) INFORMATION TECH CO LTD
3 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ALIPAY (HANGZHOU) INFORMATION TECH CO LTD
Publication Date
2021-02-05

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The embodiment of this specification provides a method for protecting the safety of a neural network model, including: obtaining a neural network model, including multiple network layers obtained by training with training data; for any first network layer among them, fixing other network layer parameters In the case of , the above-mentioned training data is used to perform the first parameter adjustment on the first network layer to obtain the first fine-tuning model; determine the first index value corresponding to the preset performance index of the first fine-tuning model, and the index of the preset performance index The value depends on the corresponding model, the relative size between the test loss on the test data and the training loss on the above training data; similarly, using the training data and test data to perform the second parameter adjustment on the first network layer, we get The second fine-tuning model, and determine the second index value; based on the relative size of the first index value and the second index value, determine the information sensitivity corresponding to the first network layer, and if it is greater than a predetermined threshold, the first network layer for security processing.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The embodiments of this specification relate to the technical field of data security, and in particular to a method and device for protecting the security of a neural network model. Background technique

[0002] At present, it is a classic practice in the industry to use a large amount of data to train a neural network so that the neural network has a good prediction effect. The neural network remembers the characteristics of the data to give accurate predictions when making predictions. However, when the training data is sensitive or private data such as user personal information, the trained neural network carries a large amount of sensitive and private information. If the model is directly exposed, it is easy to be attacked by an attacker or a gray product through the model to steal the information in the model. Sensitive information carried.

[0003] Therefore, there is a need for a solution that can protect the security of the neural network mod...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More