Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Backdoor attack defense method based on heat map, reverse engineering and model pruning

A reverse engineering and heat map technology, applied in the field of neural network model pruning, to improve efficiency, reduce search range, and defend against backdoor attacks

Active Publication Date: 2022-04-29
ZHEJIANG UNIV
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Based on the deficiencies of the prior art, the present invention proposes a backdoor attack method for defending deep neural networks based on heat map, reverse engineering and model pruning technology, which solves the problem of model-dependent backdoor attacks that are difficult to defend in traditional solutions, and makes up for related problems. Gaps in aspects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Backdoor attack defense method based on heat map, reverse engineering and model pruning
  • Backdoor attack defense method based on heat map, reverse engineering and model pruning
  • Backdoor attack defense method based on heat map, reverse engineering and model pruning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0037] The embodiment of the present invention discloses a backdoor attack defense method based on heat map, reverse engineering and model pruning, such as figure 1 and figure 2 shown, including the following steps:

[0038] Determine the backdoor triggers of each category in the target neural network, compare the L1 paradigm of the backdoor triggers through the outlier detection point algorithm, and determine the target label as the target label data;

[0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a backdoor attack defense method based on heat map, reverse engineering and model pruning, and relates to the field of neural network model pruning. The present invention determines each type of backdoor trigger in the target neural network, compares the L1 paradigm of the backdoor trigger through an outlier detection point algorithm, and determines the target label as target label data; Calculate the corresponding data set by model inversion, draw a heat map according to the data set, determine the optimal position of the backdoor trigger according to the heat map; input target label data to the target neural network in sequence, and The weight value and activation value of the data are used to screen out target neurons in the target neural network; and to perform model pruning on the target neural network according to the target neurons. The invention can effectively defend against backdoor attacks based on random triggers and model-dependent triggers.

Description

technical field [0001] The invention relates to the field of neural network model pruning, and more specifically relates to a backdoor attack defense method based on heat map, reverse engineering and model pruning. Background technique [0002] Recently, a new type of attack - Backdoor Attacks (Backdoor Attacks) has attracted much attention. After the attacker uses malicious data with a backdoor trigger (Backdoor Trigger) to train the model, the model will be injected into the backdoor. The backdoor model can correctly classify all benign data, but when input data with backdoor triggers, it will misclassify. Backdoor attacks are extremely concealed, which brings great challenges to attack detection, and also brings considerable risks to some resource-limited users who need to outsource the training process. [0003] Heatmaps (also known as correlation coefficient maps) are the primary method for data visualization. The user can judge the magnitude of the correlation betwe...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06K9/62G06N3/08
CPCG06F21/563G06N3/082G06F18/241
Inventor 陈艳姣龚雪鸾徐文渊李晓媛彭艺欣
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com