Backdoor attack detection and identification method for privacy protection neural network model

Abstract

The invention provides a backdoor attack detection and identification method for a privacy protection neural network model. The method comprises the following steps: (1), generating a mask matrix and a trigger matrix; (2) setting an initial state of related parameters of back door detection; (3), constructing adversarial input; (4) carrying out optimization training on the mask matrix and the trigger matrix; (5), calculating gradients of the mask matrix and the trigger matrix; (6) resetting the mask matrix and the trigger matrix; and (7), performing trigger reverse engineering. According to the method, the neural network model is trained in a three-party environment in a fixed-point number operation mode, and the neural network model which protects data privacy and model privacy and is provided with the backdoor is obtained. According to the method, the privacy of model parameters and data can be protected in an environment of a four-side server, whether a backdoor exists in the model or not can be detected, and a specific attacked label can be identified.

Description

technical field [0001] The invention relates to the technical fields of cryptography and machine learning (deep learning), in particular to the detection and identification of a backdoor attack on a neural network model with a privacy protection property that hides a backdoor. Background technique [0002] Relying on the development of cloud computing, Internet of Things, and big data technology, artificial intelligence technology represented by data mining and deep learning is changing human social life, and has become a representative of advanced technology applications and a hot spot of social concern. As a strategic technology leading the future, artificial intelligence technology has been promoted by countries all over the world as a major strategy for developing national competitiveness and maintaining national security. [0003] Machine learning (Machine Learning, ML) is a way to realize artificial intelligence, and it is the main research field in recent years. At p...

AI Technical Summary

Problems solved by technology

In September 2016, it was revealed that Yahoo had been hacked to steal at least 500 million user account information; in 2017, Microsoft’s Skype software service suffered a DDOS attack, which prevented users from communicating on the platform; The Times and The Guardian both reported that Cambridge Analytica stole the profiles of up to 50 million Facebook users without their permission

In April 2020, the Washington Post reported a major security breach in the video conferencing software Zoom: Tens of thousands of private Zoom videos were uploaded to public web pages, where anyone can watch them online, many of which contained personally identifiable information, and even It's a private conversation at home

Using this attack model can cause serious consequences, such as causing traffic accidents in the field of automatic driving, and identifying any face with a trigger as a specific person, etc.

Images