[1]刘 琦,张天行,陆小锋,等.预训练模型辅助的后门样本自过滤防御方法[J].计算机技术与发展,2023,33(01):121-129.[doi:10. 3969 / j. issn. 1673-629X. 2023. 01. 019]
 LIU Qi,ZHANG Tian-xing,LU Xiao-feng,et al.Self-filtering of Backdoor Samples by Aid of Pre-trained Model[J].,2023,33(01):121-129.[doi:10. 3969 / j. issn. 1673-629X. 2023. 01. 019]
点击复制

预训练模型辅助的后门样本自过滤防御方法()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
33
期数:
2023年01期
页码:
121-129
栏目:
网络空间安全
出版日期:
2023-01-10

文章信息/Info

Title:
Self-filtering of Backdoor Samples by Aid of Pre-trained Model
文章编号:
1673-629X(2023)01-0121-09
作者:
刘 琦张天行陆小锋吴汉舟毛建华孙广玲
上海大学 通信与信息工程学院,上海 200444
Author(s):
LIU QiZHANG Tian-xingLU Xiao-fengWU Han-zhouMAO Jian-huaSUN Guang-ling
School of Communication and Information Engineering,Shanghai University,Shanghai 200444,China
关键词:
深度神经网络后门攻击预训练模型k 近邻自过滤
Keywords:
deep neural networksbackdoor attackpre-trained modelkNNself-filtering
分类号:
TP309. 2
DOI:
10. 3969 / j. issn. 1673-629X. 2023. 01. 019
摘要:
深度神经网络由于其出色的性能,被广泛地部署在各种环境下执行不同的任务,与此同时它的安全性变得越来越重要。 近年来,后门攻击作为一种新型的攻击方式,对用户构成严重威胁。 在训练阶段,攻击者对少量样本添加特定后门模式并标记为目标类以学习后门模型。 后门模型可以以很高的概率将加入后门模式的测试样本识别为目标类,同时不影响正常样本的识别。 用户通常无法掌握后门的先验信息,因此很难察觉后门攻击的存在。 该文提出一种预训练模型辅助的后门样本自过滤方法,以防御后门攻击,包括目标类检测与后门样本自过滤两个部分。 在第一部分,利用预训练模型提取样本特征,采用 k 近邻算法进行目标类检测;在第二部分,从非目标类样本中学习部分分类模型,之后多次执行“ 后门样本过滤” 与“模型学习”的交替计算,在较好过滤后门样本的同时,也得到了完整的良性模型。
Abstract:
While deep neural networks ( DNNs) have been widely deployed in various environments due to their excellent performances,serious security threats emerge accordingly. As a new type of attack in recent years,the backdoor attack composes one of the most seriousthreats which users are suffered from. The backdoor attack occurs when the attacker changes pixels in a minor amount of training imageslocally or globally using specific backdoor pattern called ‘ trigger' ,and also specifies the target label. Tested sample injected the same trigger will be classified into the target label with a high probability regardless of its ground truth,and the benign sample classification performance will not be impacted. Users usually have no prior knowledge about the backdoor attack,thereby the backdoor attack is not easy to be exposed. We propose a backdoor sample self-filtering by the aid of pre-trained model to defend against backdoor attack which contains two components:target class detection and backdoor samples爷 self-filtering. At the first component,by using certain pre-trained model,feature representation is extracted for each sample,and then the k-nearest neighbor algorithm ( kNN) is used to detect the target class. At the second component,a partial model is learned from the non-target class samples first,and then an iterative and alternative procedure of backdoor sample filtering and benign sample learning is conducted. Finally,not only backdoor samples are filtered out but a complete benign model is obtained as well.

相似文献/References:

[1]林舒都,邵曦.基于i-vector和深度学习的说话人识别[J].计算机技术与发展,2017,27(06):66.
 LIN Shu-du,SHAO Xi. Speaker Recognition with i-vector and Deep Learning[J].,2017,27(01):66.
[2]邓烜堃,万 良,马彦勤.深度稀疏修正神经网络在股票预测中的应用[J].计算机技术与发展,2018,28(09):199.[doi:10.3969/ j. issn.1673-629X.2018.09.041]
 DENG Xuan-kun,WAN Liang,MA Yan-qin.Application of Deep Sparse Modified Neural Network in Stock Forecasting[J].,2018,28(01):199.[doi:10.3969/ j. issn.1673-629X.2018.09.041]
[3]秦牧轩,荆晓远,吴 飞.基于公共空间嵌入的端到端深度零样本学习[J].计算机技术与发展,2018,28(11):44.[doi:10.3969/ j. issn.1673-629X.2018.11.010]
 QIN Mu-xuan,JING Xiao-yuan,WU Fei.End-to-end Deep Zero-shot Learning Based on Co-space Embedding[J].,2018,28(01):44.[doi:10.3969/ j. issn.1673-629X.2018.11.010]
[4]郎 波,樊一娜.基于深度神经网络的个性化学习行为评价方法[J].计算机技术与发展,2019,29(07):6.[doi:10. 3969 / j. issn. 1673-629X. 2019. 07. 002]
 LANG Bo,FAN Yi-na.Personalized Learning Behavior Evaluation Method Based on Deep Neural Network[J].,2019,29(01):6.[doi:10. 3969 / j. issn. 1673-629X. 2019. 07. 002]
[5]马文斌,夏国恩.基于深度神经网络的客户流失预测模型[J].计算机技术与发展,2019,29(09):76.[doi:10. 3969 / j. issn. 1673-629X. 2019. 09. 015]
 MA Wen-bin,XIA Guo-en.Customer Churn Prediction Model Based on Deep Neural Network[J].,2019,29(01):76.[doi:10. 3969 / j. issn. 1673-629X. 2019. 09. 015]
[6]贾欣齐,李 睿,张志成,等.DenseNet-GRU:直肠癌 CT 影像分类的深度神经网络模型[J].计算机技术与发展,2021,31(03):111.[doi:10. 3969 / j. issn. 1673-629X. 2021. 03. 019]
 JIA Xin-qi,LI Rui,ZHANG Zhi-cheng,et al.DenseNet-GRU:A Deep Neural Network Model for CT Image Classification of Rectal Cancer[J].,2021,31(01):111.[doi:10. 3969 / j. issn. 1673-629X. 2021. 03. 019]
[7]利向晴,夏国恩,张显全,等.基于深度神经网络权重集成的客户流失预测[J].计算机技术与发展,2021,31(10):18.[doi:10. 3969 / j. issn. 1673-629X. 2021. 10. 004]
 LI Xiang-qing,XIA Guo-en,ZHANG Xian-quan,et al.Customer Churn Prediction Based on Deep Neural Network Weight Ensemble[J].,2021,31(01):18.[doi:10. 3969 / j. issn. 1673-629X. 2021. 10. 004]
[8]王 闯,沈苏彬.一种基于多智能体的分布式深度神经网络算法[J].计算机技术与发展,2021,31(12):45.[doi:10. 3969 / j. issn. 1673-629X. 2021. 12. 008]
 WANG Chuang,SHEN Su-bin.A Distributed Deep Neural Network Algorithm Based on Multi-agent[J].,2021,31(01):45.[doi:10. 3969 / j. issn. 1673-629X. 2021. 12. 008]
[9]盛良睿,程 旗,李 捷,等.基于稀疏裁剪和深度可分离的轻量化方法[J].计算机技术与发展,2022,32(S1):36.[doi:10. 3969 / j. issn. 1673-629X. 2022. S1. 008]
 SHENG Liang-rui,CHENG Qi,LI Jie,et al.Lightweight Method Based on Sparse Clipping and Depth Separability[J].,2022,32(01):36.[doi:10. 3969 / j. issn. 1673-629X. 2022. S1. 008]
[10]李文娟,沈 澍,孙绍山,等.智能设备上步态识别系统设计与实现[J].计算机技术与发展,2022,32(12):57.[doi:10. 3969 / j. issn. 1673-629X. 2022. 12. 009]
 LI Wen-juan,SHEN Shu,SUN Shao-shan,et al.Design and Realization of Gait Recognition System in Intelligent Equipment[J].,2022,32(01):57.[doi:10. 3969 / j. issn. 1673-629X. 2022. 12. 009]

更新日期/Last Update: 2023-01-10