Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Backdoor attack detection and identification method for privacy protection neural network model

A neural network model and privacy protection technology, applied in biological neural network models, neural learning methods, digital data protection, etc., can solve problems such as security loopholes, traffic accidents, and users' inability to communicate on the platform

Active Publication Date: 2021-06-18
SHANGHAI OCEAN UNIV
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In September 2016, it was revealed that Yahoo had been hacked to steal at least 500 million user account information; in 2017, Microsoft’s Skype software service suffered a DDOS attack, which prevented users from communicating on the platform; The Times and The Guardian both reported that Cambridge Analytica stole the profiles of up to 50 million Facebook users without their permission
In April 2020, the Washington Post reported a major security breach in the video conferencing software Zoom: Tens of thousands of private Zoom videos were uploaded to public web pages, where anyone can watch them online, many of which contained personally identifiable information, and even It's a private conversation at home
Using this attack model can cause serious consequences, such as causing traffic accidents in the field of automatic driving, and identifying any face with a trigger as a specific person, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Backdoor attack detection and identification method for privacy protection neural network model
  • Backdoor attack detection and identification method for privacy protection neural network model
  • Backdoor attack detection and identification method for privacy protection neural network model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. Here, the exemplary embodiments and descriptions of the present invention are used to explain the present invention, but not to limit the present invention.

[0032] The invention designs a backdoor detection algorithm operating in the Sifang environment, that is, to judge whether a given neural network model has been infected by the backdoor. The key is that the backdoor attack is no matter what the input label is, the final target label A is obtained. Think of classification problems as creating partitions in a multidimensional space, with each dimension capturing some features. Then the backdoor attack is a "shortcut" created from the space area belonging to labels B and C to the space area belonging to A, as shown in the attached figure 1 As...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a backdoor attack detection and identification method for a privacy protection neural network model. The method comprises the following steps: (1), generating a mask matrix and a trigger matrix; (2) setting an initial state of related parameters of back door detection; (3), constructing adversarial input; (4) carrying out optimization training on the mask matrix and the trigger matrix; (5), calculating gradients of the mask matrix and the trigger matrix; (6) resetting the mask matrix and the trigger matrix; and (7), performing trigger reverse engineering. According to the method, the neural network model is trained in a three-party environment in a fixed-point number operation mode, and the neural network model which protects data privacy and model privacy and is provided with the backdoor is obtained. According to the method, the privacy of model parameters and data can be protected in an environment of a four-side server, whether a backdoor exists in the model or not can be detected, and a specific attacked label can be identified.

Description

technical field [0001] The invention relates to the technical fields of cryptography and machine learning (deep learning), in particular to the detection and identification of a backdoor attack on a neural network model with a privacy protection property that hides a backdoor. Background technique [0002] Relying on the development of cloud computing, Internet of Things, and big data technology, artificial intelligence technology represented by data mining and deep learning is changing human social life, and has become a representative of advanced technology applications and a hot spot of social concern. As a strategic technology leading the future, artificial intelligence technology has been promoted by countries all over the world as a major strategy for developing national competitiveness and maintaining national security. [0003] Machine learning (Machine Learning, ML) is a way to realize artificial intelligence, and it is the main research field in recent years. At p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/71G06F21/62G06N3/08
CPCG06F21/71G06F21/6245G06N3/08
Inventor 魏立斐张蕾陈聪聪
Owner SHANGHAI OCEAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com