Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Backdoor attack defense method based on thermodynamic diagram, reverse engineering and model pruning

A reverse engineering and heat map technology, applied in the field of neural network model pruning, to improve efficiency, reduce search range, and defend against backdoor attacks

Active Publication Date: 2021-07-13
ZHEJIANG UNIV
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Based on the deficiencies of the prior art, the present invention proposes a backdoor attack method for defending deep neural networks based on heat map, reverse engineering and model pruning technology, which solves the problem of model-dependent backdoor attacks that are difficult to defend in traditional solutions, and makes up for related problems. Gaps in aspects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Backdoor attack defense method based on thermodynamic diagram, reverse engineering and model pruning
  • Backdoor attack defense method based on thermodynamic diagram, reverse engineering and model pruning
  • Backdoor attack defense method based on thermodynamic diagram, reverse engineering and model pruning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0037] The embodiment of the present invention discloses a backdoor attack defense method based on heat map, reverse engineering and model pruning, such as figure 1 with figure 2 shown, including the following steps:

[0038] Determine the backdoor triggers of each category in the target neural network, compare the L1 paradigm of the backdoor triggers through the outlier detection point algorithm, and determine the target label as the target label data;

[...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a backdoor attack defense method based on a thermodynamic diagram, reverse engineering and model pruning, and relates to the field of neural network model pruning. The method comprises the following steps: determining each category of backdoor triggers in a target neural network, comparing L1 normal forms of the backdoor triggers through an outlier detection point algorithm, and determining target tags as target tag data; performing model inversion on the category of the target neural network to calculate a corresponding data set, drawing a thermodynamic diagram according to the data set, and determining an optimal position of the backdoor trigger according to the thermodynamic diagram; sequentially inputting target label data into the target neural network, and screening out target neurons in the target neural network according to the weight and the activation value of the input target label data; and performing model pruning on the target neural network according to the target neurons. According to the invention, backdoor attacks based on a random trigger and a model dependent trigger can be effectively defended.

Description

technical field [0001] The invention relates to the field of neural network model pruning, and more specifically relates to a backdoor attack defense method based on heat map, reverse engineering and model pruning. Background technique [0002] Recently, a new type of attack - Backdoor Attacks (Backdoor Attacks) has attracted much attention. After the attacker uses malicious data with a backdoor trigger (Backdoor Trigger) to train the model, the model will be injected into the backdoor. The backdoor model can correctly classify all benign data, but when input data with backdoor triggers, it will misclassify. Backdoor attacks are extremely concealed, which brings great challenges to attack detection, and also brings considerable risks to some resource-limited users who need to outsource the training process. [0003] Heatmaps (also known as correlation coefficient maps) are the primary method for data visualization. The user can judge the magnitude of the correlation betwe...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62G06N3/08
CPCG06F21/563G06N3/082G06F18/241
Inventor 陈艳姣龚雪鸾徐文渊李晓媛彭艺欣
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com