测控技术2024,Vol.43Issue(6):33-39,7.DOI:10.19708/j.ckjs.2024.06.006
基于权重分摊的LeNet-5卷积神经网络防御策略
LeNet-5 Convolutional Neural Network Defense Strategy Based on Weight Apportionment
摘要
Abstract
With the extensive application of neural network in key areas such as autonomous driving and medi-cal diagnosis,how to ensure the robustness and security of neural network has become a focal point and chal-lenge in current research.Among various attack methods such as adversary attack,data poisoning attack,back-door attack,etc.,random flip attack is an attack that has a great impact on security,which attacks the network by changing the weight paramters inside the model to reduce the network performance.To defend against this attack,a defense strategy based on weight apportionment is studied.Key neurons are identified by computing and analyzing the gradient of the weights,and redundant structures are added to these neurons so that the erro-neous weights are eventually diluted to improve the fault tolerance ability of the model.To verify this defense strategy,the LeNet-5 model is used as a test object for experiment.Experiments show that under the same at-tack conditions,the defended model improves the fault-tolerance accuracy by 6.5%compared to the original LeNet-5 model and improves the fault-tolerance accuracy by 1.9%on the fully connected layer compared to Inception-LeNet-5 model.关键词
神经网络/防御/权重分摊/LeNet-5/容错Key words
neural networks/defense/weight apportionment/LeNet-5/fault tolerance分类
计算机与自动化引用本文复制引用
陈顺发,刘芬..基于权重分摊的LeNet-5卷积神经网络防御策略[J].测控技术,2024,43(6):33-39,7.基金项目
教育部产学合作协同育人项目(202002050030) (202002050030)
