Neural network distribution encryption and anti-collusion attack method thereof

A technology of neural network and encryption method, applied in the field of neural network distribution encryption and anti-collision attack, can solve the problems of unrealistic and weak practicability, and achieve the effect of preventing collusion attack

Pending Publication Date: 2022-08-09
薇链信息技术有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the fingerprint verification process of existing schemes requires that the model owner has access to the internal details of the suspect model, such as network structure, parameters, etc., which is often unrealistic
Therefore, DeepMarks is a neural network distribution system in a white-box scenario. It is necessary to extract the parameters of the target model whether it is to track the use of the distribution model or to detect the ownership of the participants involved in the collusion attack. Therefore, in practice Not very practical in life

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Neural network distribution encryption and anti-collusion attack method thereof
  • Neural network distribution encryption and anti-collusion attack method thereof
  • Neural network distribution encryption and anti-collusion attack method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0085] see figure 1 , the basic structure design of the neural network distribution and property rights protection framework of collusion security, according to its execution elements, this embodiment proposes a neural network distribution scheme of collusion security and property rights security in a black box scenario, which mainly includes two parties: a neural network Network model owner, multiple users to be distributed.

[0086] The specific implementation steps are as follows:

[0087] (1) According to the needs of the system, the owner of the neural network model first uses the adversarial sample generation algorithm to extract n adversarial samples and label pairs on the source model as a set of model fingerprint information.

[0088] (2) The model owner generates a relevant key for each user to be distributed, and then generates a series of sample label pairs different from the original data set through the key, as a unique set of users that is different from other ...

Embodiment 2

[0093] Assuming that the neural network model to be distributed or sold has extremely high commercial value, the neural network distribution and property rights protection framework designed in this embodiment can provide property rights tracking and verification through the dual fingerprint verification mechanism, and resist types such as collusion attacks, reverse attacks, Malicious model stealing attacks such as fingerprint removal.

[0094] In the first example, the basic structure required for the neural network distribution and property rights protection scheme against collusion attacks is briefly described, and then this embodiment will further describe the specific implementation details on the basis of the first example. The special features are as follows:

[0095] (1) Model fingerprint extraction of the source model

[0096] Adversarial examples are transferable, i.e. adversarial examples from one model are usually applicable to another model. Therefore, adversari...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

According to the neural network distribution encryption and collusion attack resisting method, a user fingerprint is constructed based on a neural network black box watermark technology, and a model fingerprint of a source model is extracted based on an adversarial sample technology, so that a dual fingerprint verification technology is provided for a neural network model; and a property right tracing and tracking function from coarse granularity to fine granularity is provided by adopting a dual fingerprint verification technology. In addition, two anti-collusion equivalent transformation technologies based on a neural network structure are provided, and active defense against collusion attacks is achieved.

Description

technical field [0001] The invention belongs to the technical fields of deep neural network, machine learning, information security and the like, and in particular relates to a neural network distribution encryption and an anti-collusion attack method. Background technique [0002] In recent years, deep neural network (DNN) technology has achieved remarkable achievements in computer vision, speech recognition, and natural language processing. With the commercialization of artificial intelligence, more and more neural network products are put into use. However, a well-trained neural network requires massive datasets, expensive computing resources, expertise, and research costs. Therefore, private or small companies that lack a large number of high-quality training sets or are constrained by computational and expert resources may purchase related services from outside. On the other hand, some tech companies have started selling machine learning models directly, or sharing / di...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/32G06F21/36G06F21/60G06N3/04G06N3/08G06N20/00
CPCG06F21/32G06F21/36G06F21/602G06N3/04G06N3/08G06N20/00
Inventor 程航李溪滨陈飞王美清杨铭
Owner 薇链信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap