Federal learning poisoning detection method and device based on feature confrontation

A detection method and federated technology, applied in machine learning, computer security devices, instruments, etc., can solve problems such as economic losses, local data cannot be observed, malicious data nodes are difficult to be detected, etc., to achieve improved robustness and fast convergence Effect

Pending Publication Date: 2021-06-01
优守(浙江)科技有限公司
View PDF0 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Model training failure or backdoor implantation will directly or indirectly cause huge economic losses to AI service platforms and ordinary users
[0006] In short, due to the privacy mechanism of federated learning, local data cannot be observed, and malicious data nodes are difficult to detect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Federal learning poisoning detection method and device based on feature confrontation
  • Federal learning poisoning detection method and device based on feature confrontation
  • Federal learning poisoning detection method and device based on feature confrontation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, and do not limit the protection scope of the present invention.

[0021] Aiming at the difficulty of detecting poisoning attacks in existing models, the embodiment of the present invention provides a federated learning poisoning detection method and device based on feature confrontation, and its main technical concept is as follows:

[0022] Using the feature space to explain the poisoning attack mechanism, the essence of the poisoning attack is feature embedding, so the embedding defense patch can form a confrontation with the characteristics of the poisoning patch in principle, and detect according to this confrontation form. Due to ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a federal learning poisoning detection method and device based on feature confrontation, and the method comprises the steps: dividing all clients of each round of parameter training into benign clients and defense clients, and configuring a defense patch data set for the defense clients; in each round of training, enabling the benign client to optimize the benign model by using the local data set, enabling the defense client to optimize the defense model by using the defense patch data set and the local data, and enabling the server to aggregate all the benign models and the defense models to obtain a federated learning model; after multiple rounds of training are finished, using the federated learning model of the last round for detecting a poisoning sample, and during detection, according to a prediction result of a target label of a test sample in the federated learning model, and judging whether the test sample is poisoned or not by judging whether the prediction result of the defense target label in the federated learning model meets the label mapping relation after the optimal defense patch data is added into the test sample, namely realizing federated learning poisoning detection.

Description

technical field [0001] The invention belongs to the field of federated learning, and in particular relates to a federated learning poisoning detection method and device based on feature confrontation. Background technique [0002] With the rapid development of data-driven intelligent applications, the machine learning paradigm is also facing new difficulties and challenges. On the one hand, the machine learning paradigm hopes to provide a robust and efficient functional service for all users. On the other hand, it is difficult to fully share data as the nutrition of learning algorithms. [0003] In order to solve this problem, federated learning emerged as a potential solution. Its main innovation is that it provides a distributed machine learning framework with privacy protection characteristics, and can coordinate data in a distributed manner Thousands of participants iteratively train on a particular machine learning model. Since the training data is still stored local...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N20/00
CPCG06F21/562G06N20/00
Inventor 伍一鸣张旭鸿
Owner 优守(浙江)科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap