Intelligent model information leakage degree evaluation method and system, medium and equipment

Abstract

The invention belongs to the technical field of network security, and discloses an intelligent model information leakage degree evaluation method and system, a medium and equipment, and the method comprises the steps: defining an index representing the amount of information contained in a specific data set; utilizing a chain rule in an information theory to unfold the indexes and then calculate the indexes; defining an attack query and a model reply received by splicing query vectors; adding the vector to a query matrix; calculating the amount of information stolen from the training data set by single query; and calculating model information leakage degree. The invention designs the calculation method for evaluating the information amount leakage degree of the model, and the information leakage degree when the current model is attacked can be accurately calculated in real time. And meanwhile, the method can also be used for evaluating the common information amount between two types ofdata sets. According to the method, the index for evaluating the information amount leakage degree of the model is defined, the index is not influenced by the type, complexity and information leakagemode of the model to be evaluated, and the method can be applied to all intelligent models and data sets.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a method, system, medium and equipment for evaluating the degree of information leakage of an intelligent model. Background technique [0002] At present: in the information age, the amount of data is growing exponentially. The rapid development of big data technology has brought great progress and wide application to artificial intelligence technology. A large number of intelligent models have been applied to natural language processing, image recognition, recommendation systems and other fields. While bringing convenience to these production areas, it also magnifies the safety problems of the model itself. A large number of attacks against the model, such as model extraction attacks, poisoning attacks, inference attacks, etc., not only damage the model, but also cause serious model information leakage. Attackers usually use the leaked information to steal t...

AI Technical Summary

Problems solved by technology

[0006](1) Existing methods are difficult to construct equivalent proxy models for more complex models, the scope of application is small, and it is necessary to ensure that the attack distribution and the proxy model training data set remain the same distribution, higher requirements

[0007](2) Existing methods can be applied to very few models (currently only applied to DNN models), and the types of attacks that can be detected are also limited. At the same time, the degree of leakage The description is not accurate and timely enough, which is not conducive to promotion in actual use

[0008]The difficulty in solving the above problems and defects is: most of the current detection schemes rely on the proxy model or distribution, and do not directly solve the problem from the model, and the detection results cannot accurately reflect the The degree of information leakage of the model cannot accurately judge the attack and help the model to defend

At the same time, the structural complexity and inexplicability of the intelligent model make it difficult to directly understand its decision logic, judgment basis and method, which makes it impossible to fundamentally design and implement the construction of the detection scheme, further increasing the information leakage of the intelligent model Difficulty of detection

Images