Member reasoning attack-oriented deep model privacy protection method based on abnormal point detection

A deep model, privacy protection technology, applied in digital data protection, biological neural network model, electrical digital data processing, etc.

Pending Publication Date: 2021-08-20
ZHEJIANG UNIV OF TECH
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In order to solve the above-mentioned problems existing in the prior art, the present invention provides a deep model privacy protection method based on outlier detection for member reas

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Member reasoning attack-oriented deep model privacy protection method based on abnormal point detection
  • Member reasoning attack-oriented deep model privacy protection method based on abnormal point detection
  • Member reasoning attack-oriented deep model privacy protection method based on abnormal point detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be noted that the following embodiments are intended to facilitate the understanding of the present invention, but do not limit it in any way.

[0051] The technical idea of ​​the present invention is: model overfitting is the main reason for member reasoning attacks, through the regularization method, the degree of overfitting of the target model is alleviated, and the performance of member reasoning attacks is reduced, but at this time there are still a small number of samples that are vulnerable to Membership inference attack. In order to further improve the defense performance, the present invention detects abnormal samples, finds out samples that are vulnerable to member reasoning attacks, deletes these abnormal samples from the training set of the model, and retrains the target model, which can effectively defend against member reas...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a member reasoning attack-oriented deep model privacy protection method based on abnormal point detection, which comprises the following steps of: relieving the overfitting degree of a target model through a regularization method, finding out abnormal samples which are easily attacked by member reasoning on the model, and deleting the samples from a training set of the target model, so as to improve the privacy of the target model; and finally, re-training the target model to achieve a defense effect. In order to determine samples susceptible to member reasoning attacks, the method comprises the following steps: firstly, establishing a reference model training set, establishing a reference model, training the reference model by using the reference model training set, inputting a to-be-tested sample into the reference model, obtaining feature vectors of the to-be-tested sample, and determining the distance between the feature vectors of different to-be-tested samples; and calculating a local outlier factor of the to-be-detected sample, wherein the sample with the local outlier factor greater than 1 is an abnormal sample. By utilizing the method, the problems of unstable gradient, non-convergent training, low convergence speed and the like of a traditional defense method can be eliminated, and relatively good defense performance is achieved.

Description

technical field [0001] The invention belongs to the field of artificial intelligence security, and in particular relates to a deep model privacy protection method based on anomalous point detection oriented to member reasoning attacks. Background technique [0002] Machine learning technology is widely used in image classification, natural language processing, financial analysis and other fields. As an increasingly popular business model, many companies (e.g., Google, Microsoft, and Amazon) deploy machine learning as a service (MLaaS) to provide various functions such as data processing, model training, and data prediction to different customers. Users can upload data to these service providers to train their own models, or they can publish these models in a black box way. Others have access to these models, but do not know the specific information (internal parameters) inside these models. On the other hand, the data uploaded by users is their own unique private data, suc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06K9/62G06F21/62G06N3/04
CPCG06F21/6245G06N3/045G06F18/2433G06F18/2415G06F18/214
Inventor 陈晋音上官文昌吴长安郑雅羽
Owner ZHEJIANG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap