Method and system for measuring correlation between data sample and model decision boundary

Abstract

The invention discloses a method and system for measuring correlation between a data sample and a model decision boundary, which belong to the field of data protection of the Internet of Things. The method comprises the steps of obtaining an input sample of a to-be-evaluated model from the Internet of Things, firstly generating an initial confrontation sample at the model decision boundary, and carrying out the gradient estimation, obtaining a normal vector perpendicular to the decision boundary, solving the correlation between a difference vector from an input sample to an initial adversarial sample and the normal vector, updating the samples on the decision boundary, and finally calculating the distance between a final sample and the input sample to obtain a distance matrix from each sample to each model decision boundary in the deep learning training process. Therefore, the correlation between each data sample and a model decision boundary is measured. Therefore, the privacy protection of the data can be realized under the condition that the internal information of the model does not need to be deeply learned and the model training process does not need to be modified, and the method has extremely high practicability and universality.

Description

technical field [0001] The invention belongs to the field of Internet of Things data protection, and more specifically relates to a method and system for measuring the correlation between data samples and model decision boundaries. Background technique [0002] With the increase in the amount of data in the Internet of Things and the improvement of the computing power of computing devices, deep learning technology has been widely used. However, the current deep learning technology requires a large amount of data for training, which makes the current deep learning model face serious data security and privacy protection problems. For example, most companies currently use centralized learning to train models, which requires large-scale collection of user data information, but there is no uniform standard for user privacy protection. Attackers modify, delete, or inject bad data. It can shift the decision boundary of the model and produce wrong predictions. With the promulgatio...

AI Technical Summary

Problems solved by technology

[0003] At present, researchers at home and abroad have conducted systematic and in-depth research on the correlation between data and models in deep learning, but there are certain defects and problems in the existing research work: 1. Most of the existing research work is Evaluate model-to-data relevance with knowledge of deep learning model internal parameters and training settings

However, most existing adversarial example generation techniques only focus on the perturbation size control of adversarial examples, while ignoring the geometric correlation between samples and decision boundaries.

The obtained adversarial samples cannot accurately represent the decision boundary, which leads to bias in the results of correlation analysis

4. The existing research work is all static analysis, that is, to analyze the decision boundary of the model after training, ignoring the changes in the relationship between the decision boundary and the data during the entire training process

Images