Unlock instant, AI-driven research and patent intelligence for your innovation.
Data poisoning attack method, electronic equipment, storage medium and system
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A data and attack model technology, applied in the field of data security, can solve the problem of weakening the attack effect of poisoning attack, sensitivity, etc., and achieve the effect of obvious poisoning attack effect
Inactive Publication Date: 2022-06-28
广州中平智能科技有限公司
View PDF1 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
However, the poisoning samples generated by the existing poisoning attacks for the attack effect often have a large gradient, which leads to the existing poisoning attacks being sensitive to the gradient clipping operation.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0038] As an aspect of the embodiments of the present disclosure, this embodiment provides a data poisoning attack method, such as figure 1 shown, including the following steps:
[0039] S101. Set the target model of the attack as , the original training set is ( ), where X is the feature set, Y is the label set, and training samples .
[0040] S102. Calculate weight parameters gradient, gradient The formula for calculating is as follows:
[0041] (1)
[0042] in represents the loss function, training samples , the original training set is D=(X, Y), where X is the feature set, Y is the label set, and b is the bias parameter of the model
[0043] S103. Obtain a poisoned sample The calculation formula of , that is to say, the poisoning sample that satisfies the following formula , the model parameters can be modified in the direction with the smallest gradient variance:
[0044] (2)
[0045] in, is the variable value that indicates the objective fu...
Embodiment 4
[0081] As another aspect of the embodiments of the present disclosure, the present embodiment provides a data poisoning attack system 100, such as image 3 shown, including:
[0082] Gradient acquisition module 1, establishes the target model and obtains the gradient of the weight parameter w in the target model ;
[0083] Specifically, let the target model of the attack be , the original training set is ( ), where X is the feature set, Y is the label set, and the training samples ( )∈ .
[0084] Calculate the gradient of the weight parameter w, gradient The formula for calculating is as follows:
[0085] (1)
[0086] in, represents the loss function, the training samples ( )∈ , the original training set is D=(X, Y), where X is the feature set, Y is the label set, and b is the bias parameter of the model.
[0087] Poisoning attack model training module 2, calculating gradient The direction with the smallest variance of the data distribution is used ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention relates to a data poisoning attack method, electronic equipment, a storage medium and a system. The method comprises the following steps: establishing a target model; obtaining the gradient of a weight parameter w in the target model; the direction with the minimum gradient data distribution variance is calculated to serve as the direction of poison attackmodel modification for training; and generating a poisoning sample by using the trained poisoning attack model. Compared with other poisoning sample generation methods which randomly select model modification directions, the method has the advantages that the direction with the minimum gradient variance is used as the model modification direction, so that on the premise of achieving the same attack effect as other poisoning attack methods, the poisoning sample generates a smaller gradient than the poisoning sample in other poisoning schemes; and the smaller gradient has robustness to the gradient cutting operation.
Description
technical field [0001] The present disclosure relates to the field of data security, in particular to a data poisoning attack method, an electronic device, a storage medium and a system. Background technique [0002] The purpose of the data poisoning attack is to manipulate the model generated by the learning algorithm by maliciously modifying the training set, and the trained model will generate prediction results according to the needs of the attacker. The basic method of data poisoning is to add perturbation to a specific training sample (x, y) to generate a poisoned sample (xp, yp), and then mix the poisoned sample into the training data set of the model, and use the training after poisoning The prediction results of the model trained on the set will change according to the attacker's wishes. [0003] In the prior art, such as patent CN112182576A, a poisoning attack method based on feature collision in deep learning is disclosed. The method generates a specific neural n...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More