基于权重分摊的LeNet-5卷积神经网络防御策略OACSTPCD
LeNet-5 Convolutional Neural Network Defense Strategy Based on Weight Apportionment
随着神经网络在自动驾驶、医疗诊断等关键领域的应用不断深入,如何确保神经网络的鲁棒性和安全性已成为当前研究的热点和挑战.在对抗攻击、数据中毒攻击、后门攻击等众多攻击方式中,随机翻转攻击是一种对安全性影响极大的攻击,其通过改变模型内部的权重参数来攻击网络,以降低网络性能.为应对此攻击方式,研究了一种基于权重分摊的防御策略.通过计算和分析权重的梯度来确定关键神经元,并为这些神经元添加冗余结构,使错误的权重最终被稀释,以提高模型的容错能力.为了验证这一防御策略,以LeNet-5模型为实验对象进行实验.实验表明,在相同的攻击条件下,经过防御后的模型相较于原始LeNet-5模型,容错精度提升了 6.5%,相较于Inception-LeNet-5模型在全连接层上容错精度提升了 1.9%.
With the extensive application of neural network in key areas such as autonomous driving and medi-cal diagnosis,how to ensure the robustness and security of neural network has become a focal point and chal-lenge in current research.Among various attack methods such as adversary attack,data poisoning attack,back-door attack,etc.,random flip attack is an attack that has a great impact on security,which attacks the network by changing the weight paramters inside the model to reduce the network performance.To defend against this attack,a defense strategy based on weight apportionment is studied.Key neurons are identified by computing and analyzing the gradient of the weights,and redundant structures are added to these neurons so that the erro-neous weights are eventually diluted to improve the fault tolerance ability of the model.To verify this defense strategy,the LeNet-5 model is used as a test object for experiment.Experiments show that under the same at-tack conditions,the defended model improves the fault-tolerance accuracy by 6.5%compared to the original LeNet-5 model and improves the fault-tolerance accuracy by 1.9%on the fully connected layer compared to Inception-LeNet-5 model.
陈顺发;刘芬
天津职业技术师范大学电子工程学院,天津 300222
计算机与自动化
神经网络防御权重分摊LeNet-5容错
neural networksdefenseweight apportionmentLeNet-5fault tolerance
《测控技术》 2024 (006)
33-39 / 7
教育部产学合作协同育人项目(202002050030)
评论