基于自优化深度网络的模型攻击方法  

A Model Attack Method based on Self-optimizing Deep Network

在线阅读下载全文

作  者:吴吉 王月娟 景栋盛 WU Ji;WANG Yuejuan;JING Dongsheng(Suzhou Power Supply Branch,State Grid Jiangsu Electric Power Co.,Ltd.,Suzhou 215004,China)

机构地区:[1]国网江苏省电力有限公司苏州供电分公司,江苏苏州215004

出  处:《软件工程》2021年第11期39-41,共3页Software Engineering

摘  要:机器学习方法常使用私有数据来训练模型以期获得更好的效果。然而,非授权用户可以通过模型输出来判断数据是否参与训练,破坏了数据隐私安全。对此,提出了基于深度优化网络的模型攻击方法,从攻击者的角度出发,分析攻击方法原理,有针对性地防御对模型的攻击,增强模型的隐秘性。所提方法自动对模型进行攻击,获得自优化的参数,提高攻击的准确度,充分挖掘模型中的安全缺陷,揭示模型的可改进之处,改善模型的安全性。在CIFAR-100数据集上进行了实验,得到AUC值为0.83,优于base方法。实验结果验证该方法能有效地提升攻击效果。Machine learning often uses private data to train model so as to get better performance.However,unauthorized users can input data into the model and determine whether certain data are used for training by the output of the model,which threatens data privacy and security.In order to solve this problem,this paper proposes an attack method based on deep optimizing network,which analyzes the attack method principle from the attacker's point of view,and then defends against the attack on the model in a targeted manner so as to enhance the secrecy of the model.The proposed method attacks the model automatically,obtains self-optimizing parameters,improves the attack accuracy,fully exploits security defects in the model,reveals the improvement of the model,and improves the model security.Experiments have been carried out on CIFAR-100 data set,and the AUC(Area Under the Curve)value is 0.83,which is better than the base method.Experimental results show that the proposed method can effectively improve the attack effect.

关 键 词:机器学习 优化 隐私保护 模型攻击 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象