基于信号迁移性观测的中毒样本检测  

作　　者：徐东伟[1,2] 李可兴 房若尘 宣琦 王巍[3] 林云 张建廷 杨小牛[3,6] XU Dongwei;LI Kexing;FANG Ruochen;XUAN Qi;WANG Wei;LIN Yun;ZHANG Jianting;YANG Xiaoniu(Institute of Cyberspace Security,Zhejiang University of Technology,Hangzhou 310023,China;Binjiang Institute of Artificial Intelligence,Zhejiang University of Technology,Hangzhou 310056,China;National Key Laboratory of Electromagnetic Space Security,Jiaxing 314033,China;College of Information and Communication Engineering,Harbin Engineering University,Harbin 150001,China;Naval Research Institute of PLA,Beijing 100036,China;The 36th Research Institute of CETC,Jiaxing 314033,China)

机构地区：[1]浙江工业大学网络空间安全研究院,浙江杭州310023 [2]杭州市滨江区浙工大人工智能创新研究院,浙江杭州310056 [3]电磁空间安全全国重点实验室,浙江嘉兴314033 [4]哈尔滨工程大学信息与通信工程学院,黑龙江哈尔滨150001 [5]中国人民解放军海军研究院,北京100036 [6]中国电子科技集团公司第三十六研究所,浙江嘉兴314033

出　　处：《信息对抗技术》2024年第6期71-82,I0002,共13页Information Countermeasure Technology

基　　金：国家自然科学基金资助项目(U21B2001)。

摘　　要：随着深度学习这一项技术的迅速普及,深度学习模型在信号自动调制分类任务具备优秀效果的同时,其脆弱性也使得模型易受到中毒攻击。为了解决在缺少先验知识的场景下缺少通用的中毒防御策略问题,提出一种基于信号迁移性观测的中毒样本检测方法。该方法主要通过对信号样本的迁移性观测进行检测,核心是利用迁移性观测器计算出的相似度衡量样本的可迁移性。检测过程分为离线阶段与在线阶段。离线阶段中,通过一批干净的数据集,基于迁移性观测器的输出计算类内相似度与类间相似度,继而有策略地获取类别检测阈值;在线阶段中,基于迁移性观测器和输入样本的分类结果进行迁移性观测,判断样本是否中毒。With the rapid popularization of deep learning technology,deep learning models have excellent results in the automatic signal modulation classification task while the vulnerability of the models also makes themselves susceptible to poisoning attacks.In order to solve the problem of lacking a common poisoning defense strategy in scenarios without priori knowledge,a poisoning sample detection method based on signal transferability observation was proposed.The method mainly detects the signal samples through the transferability observation,with the core being the use of the transferability observer to calculate the similarity to measure the transferability of the samples.The detection process is divided into an offline and online stages.In the offline stage,through a batch of clean datasets,the intra-class similarity and inter-class similarity were calculated based on the output of the transferability observer,and then the category detection thresholds were obtained strategically;in the online stage,based on the transferability observer and the categorization results of the input samples,transferability observation was carried out to determine whether the samples are poisoned.

关 键 词：中毒防御 迁移性观测 阈值检测 中毒检测 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]