Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Data poisoning attack method, electronic equipment, storage medium and system

A data and attack model technology, applied in the field of data security, can solve the problem of weakening the attack effect of poisoning attack, sensitivity, etc., and achieve the effect of obvious poisoning attack effect

Inactive Publication Date: 2022-06-28
广州中平智能科技有限公司
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the poisoning samples generated by the existing poisoning attacks for the attack effect often have a large gradient, which leads to the existing poisoning attacks being sensitive to the gradient clipping operation.
In other words, the gradient clipping operation of the stochastic gradient descent algorithm in deep learning will weaken the attack effect of existing poisoning attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data poisoning attack method, electronic equipment, storage medium and system
  • Data poisoning attack method, electronic equipment, storage medium and system
  • Data poisoning attack method, electronic equipment, storage medium and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] As an aspect of the embodiments of the present disclosure, this embodiment provides a data poisoning attack method, such as figure 1 shown, including the following steps:

[0039] S101. Set the target model of the attack as , the original training set is ( ), where X is the feature set, Y is the label set, and training samples .

[0040] S102. Calculate weight parameters gradient, gradient The formula for calculating is as follows:

[0041] (1)

[0042] in represents the loss function, training samples , the original training set is D=(X, Y), where X is the feature set, Y is the label set, and b is the bias parameter of the model

[0043] S103. Obtain a poisoned sample The calculation formula of , that is to say, the poisoning sample that satisfies the following formula , the model parameters can be modified in the direction with the smallest gradient variance:

[0044] (2)

[0045] in, is the variable value that indicates the objective fu...

Embodiment 4

[0081] As another aspect of the embodiments of the present disclosure, the present embodiment provides a data poisoning attack system 100, such as image 3 shown, including:

[0082] Gradient acquisition module 1, establishes the target model and obtains the gradient of the weight parameter w in the target model ;

[0083] Specifically, let the target model of the attack be , the original training set is ( ), where X is the feature set, Y is the label set, and the training samples ( )∈ .

[0084] Calculate the gradient of the weight parameter w, gradient The formula for calculating is as follows:

[0085] (1)

[0086] in, represents the loss function, the training samples ( )∈ , the original training set is D=(X, Y), where X is the feature set, Y is the label set, and b is the bias parameter of the model.

[0087] Poisoning attack model training module 2, calculating gradient The direction with the smallest variance of the data distribution is used ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a data poisoning attack method, electronic equipment, a storage medium and a system. The method comprises the following steps: establishing a target model; obtaining the gradient of a weight parameter w in the target model; the direction with the minimum gradient data distribution variance is calculated to serve as the direction of poison attack model modification for training; and generating a poisoning sample by using the trained poisoning attack model. Compared with other poisoning sample generation methods which randomly select model modification directions, the method has the advantages that the direction with the minimum gradient variance is used as the model modification direction, so that on the premise of achieving the same attack effect as other poisoning attack methods, the poisoning sample generates a smaller gradient than the poisoning sample in other poisoning schemes; and the smaller gradient has robustness to the gradient cutting operation.

Description

technical field [0001] The present disclosure relates to the field of data security, in particular to a data poisoning attack method, an electronic device, a storage medium and a system. Background technique [0002] The purpose of the data poisoning attack is to manipulate the model generated by the learning algorithm by maliciously modifying the training set, and the trained model will generate prediction results according to the needs of the attacker. The basic method of data poisoning is to add perturbation to a specific training sample (x, y) to generate a poisoned sample (xp, yp), and then mix the poisoned sample into the training data set of the model, and use the training after poisoning The prediction results of the model trained on the set will change according to the attacker's wishes. [0003] In the prior art, such as patent CN112182576A, a poisoning attack method based on feature collision in deep learning is disclosed. The method generates a specific neural n...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06K9/62G06N3/04G06N3/08
CPCG06F21/56G06N3/08G06N3/047G06F18/2135
Inventor 郑飞州
Owner 广州中平智能科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com