基于权重分摊的LeNet-5卷积神经网络防御策略OACSTPCD

With the extensive application of neural network in key areas such as autonomous driving and medi-cal diagnosis,how to ensure the robustness and security of neural network has become a focal point and chal-lenge in current research.Among various attack methods such as adversary attack,data poisoning attack,back-door attack,etc.,random flip attack is an attack that has a great impact on security,which attacks the network by changing the weight paramters inside the model to reduce the network performance.To defend against this attack,a defense strategy based on weight apportionment is studied.Key neurons are identified by computing and analyzing the gradient of the weights,and redundant structures are added to these neurons so that the erro-neous weights are eventually diluted to improve the fault tolerance ability of the model.To verify this defense strategy,the LeNet-5 model is used as a test object for experiment.Experiments show that under the same at-tack conditions,the defended model improves the fault-tolerance accuracy by 6.5％compared to the original LeNet-5 model and improves the fault-tolerance accuracy by 1.9％on the fully connected layer compared to Inception-LeNet-5 model.