检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:张光华 刘亦纯[2] 王鹤 胡勃宁 ZHANG Guanghua;LIU Yichun;WANG He;HU Boning(School of Cyber Engineering,Xidian University,Xi’an 710071,China;School of Information Science and Engineering,Hebei University of Science and Technology,Shijiazhuang 050018,China)
机构地区:[1]西安电子科技大学网络与信息安全学院,西安710071 [2]河北科技大学信息科学与工程学院,石家庄050018
出 处:《信息网络安全》2024年第4期545-554,共10页Netinfo Security
基 金:国家自然科学基金[U1836210]。
摘 要:深度学习模型缺乏透明性和可解释性,在推理阶段触发恶意攻击者设定的后门时,模型会出现异常行为,导致性能下降。针对此问题,文章提出一种基于JSMA对抗攻击的去除深度神经网络后门防御方案。首先通过模拟JSMA产生的特殊扰动还原潜藏的后门触发器,并以此为基础模拟还原后门触发图案;然后采用热力图定位还原后隐藏触发器的权重位置;最后使用脊回归函数将权重置零,有效去除深度神经网络中的后门。在MNIST和CIFAR10数据集上对模型性能进行测试,并评估去除后门后的模型性能,实验结果表明,文章所提方案能有效去除深度神经网络模型中的后门,而深度神经网络的测试精度仅下降了不到3%。Deep learning models lack transparency and interpretability,and the abnormal behavior triggered by malicious attacks during the inference stage can lead to a decline in their performance.In response to this issue,this paper proposed a defense scheme for removing deep neural network(DNN)backdoors based on JSMA adversarial attacks.Firstly,the hidden backdoor trigger was restored using special disturbances generated by simulations of JSMA,and this foundation formed the basis for simulating the restoration of the backdoor trigger pattern.Secondly,a heatmap was used to locate the weight position of the restored hidden trigger.Finally,a ridge regression function was used to reset the weights to zero effectively removing the backdoor in the DNN.This paper tested the model on the MNIST and CIFAR10 datasets,and evaluated the performance of the model after the backdoor removal.The experimental results show that this scheme can effectively remove the backdoors in DNN models,with only less than a 3%decrease in the testing accuracy of the DNN.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7