CN112839488A - Detection device and detection method for anti-attack of deep neural network - Google Patents

Detection device and detection method for anti-attack of deep neural network Download PDF

Info

Publication number
CN112839488A
CN112839488A CN202110052417.2A CN202110052417A CN112839488A CN 112839488 A CN112839488 A CN 112839488A CN 202110052417 A CN202110052417 A CN 202110052417A CN 112839488 A CN112839488 A CN 112839488A
Authority
CN
China
Prior art keywords
data
filter plate
fixed
detecting
neural network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110052417.2A
Other languages
Chinese (zh)
Inventor
陈亚妹
蔡志强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China University of Technology SCUT
Original Assignee
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China University of Technology SCUT filed Critical South China University of Technology SCUT
Priority to CN202110052417.2A priority Critical patent/CN112839488A/en
Publication of CN112839488A publication Critical patent/CN112839488A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H05ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
    • H05KPRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
    • H05K7/00Constructional details common to different types of electric apparatus
    • H05K7/20Modifications to facilitate cooling, ventilating, or heating
    • H05K7/20009Modifications to facilitate cooling, ventilating, or heating using a gaseous coolant in electronic enclosures
    • H05K7/20136Forced ventilation, e.g. by fans
    • H05K7/20181Filters; Louvers
    • FMECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
    • F16ENGINEERING ELEMENTS AND UNITS; GENERAL MEASURES FOR PRODUCING AND MAINTAINING EFFECTIVE FUNCTIONING OF MACHINES OR INSTALLATIONS; THERMAL INSULATION IN GENERAL
    • F16FSPRINGS; SHOCK-ABSORBERS; MEANS FOR DAMPING VIBRATION
    • F16F15/00Suppression of vibrations in systems; Means or arrangements for avoiding or reducing out-of-balance forces, e.g. due to motion
    • F16F15/02Suppression of vibrations of non-rotating, e.g. reciprocating systems; Suppression of vibrations of rotating systems by use of members not moving with the rotating systems
    • F16F15/04Suppression of vibrations of non-rotating, e.g. reciprocating systems; Suppression of vibrations of rotating systems by use of members not moving with the rotating systems using elastic means
    • F16F15/06Suppression of vibrations of non-rotating, e.g. reciprocating systems; Suppression of vibrations of rotating systems by use of members not moving with the rotating systems using elastic means with metal springs
    • F16F15/067Suppression of vibrations of non-rotating, e.g. reciprocating systems; Suppression of vibrations of rotating systems by use of members not moving with the rotating systems using elastic means with metal springs using only wound springs

Landscapes

  • Engineering & Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Thermal Sciences (AREA)
  • Acoustics & Sound (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • Mechanical Engineering (AREA)
  • Geophysics And Detection Of Objects (AREA)

Abstract

The invention discloses a detection device and a detection method for resisting attack by a deep neural network, and the detection device comprises a detection piece body, wherein a first switch and a second switch are sequentially fixed on one side of the top end of the detection piece body, a first filter plate is movably connected inside the top end of the detection piece body, a second filter plate is movably connected inside the top end of the detection piece body, the second filter plate is positioned at the bottom end of the first filter plate, a fixed block is fixed on one side of the first filter plate, and a fixed column is fixed on one side of the second filter plate. The device can be dustproof and dampproofing work, and the detection method of this degree of depth neural network antagonism attack can fix the data link of being attacked department fast immediately to can guarantee that data can be quick recovery, after being attacked each time, can remain attack sample, so form the antagonism attack tree of a growth form, and then can guarantee that attack homoenergetic each time can avoid next attack of the same type, so relapse, can effectively improve neural network classifier's robustness.

Description

Detection device and detection method for anti-attack of deep neural network
Technical Field
The invention relates to the field of detection, in particular to a detection device and a detection method for resisting attacks by a deep neural network.
Background
The contribution of the deep neural network algorithm in various fields is remarkable at present, the recognition rate of the traditional neural network is successfully improved by a remarkable level, the deep neural network algorithm is higher and higher in accuracy, but the deep neural network is easily attacked in countercheck, so that abnormal behaviors such as misclassification and the like of a DNN model occur, and for example, data points are intentionally constructed on the neural network with the accuracy reaching the human level through an optimization process.
The existing device for detecting the dust-proof and damp-proof heat dissipation effect does not have the heat dissipation function with obvious effect, and cannot perform dust-proof and damp-proof work, so that the device is inconvenient to provide a good detection environment, and the service life of the device is greatly shortened.
In addition, most of the existing methods for detecting the counterattack of the deep-countermeasure neural network are aimed countermeasures, and cannot be applied to long-term multi-directional countermeasures.
An effective solution to the problems in the related art has not been proposed yet.
Disclosure of Invention
The present invention is directed to a device and a method for detecting a deep neural network attack, so as to solve the problems in the background art.
In order to achieve the purpose, the invention provides the following technical scheme:
a detection device for resisting attack by a deep neural network comprises a detection piece body, wherein a first switch and a second switch are sequentially fixed on one side of the top end of the detection piece body, a first filter plate is movably connected inside the top end of the detection piece body, a second filter plate is movably connected inside the top end of the detection piece body and is positioned at the bottom end of the first filter plate, a fixed block is fixed on one side of the first filter plate, a fixed column is fixed on one side of the second filter plate, fixed rods are uniformly distributed and fixed at the bottom ends of the first filter plate and the second filter plate inside the detection piece body, a heating plate is fixed at the bottom end of the first filter plate inside the detection piece body, a cooling plate is fixed at the bottom end of the second filter plate inside the detection piece body, and motors are uniformly distributed and fixed at the bottom end inside the detection piece body, the output of motor is fixed with the flabellum, the bleeder vent has been seted up to the top equipartition of detection piece body, the both sides equipartition of detection piece body bottom is seted up flutedly, the hot plate passes through first switch and external power source electric connection, the cooling plate passes through second switch and external power source electric connection, motor and external power source electric connection.
Further, the bottom mounting of detection piece body has damping device, damping device includes fixed box, spacing post, fixed plate and spring, the top equipartition swing joint of fixed box has spacing post, the bottom mounting of spacing post has the fixed plate, the bottom equipartition of fixed plate is fixed with the spring, just the spring is located the bottom of spacing post.
Furthermore, a first sliding groove is formed in one side, located on the first filter plate, of the top end of the detection piece body, the volume of the first sliding groove is matched with the volume of the first filter plate, and the first filter plate is connected with the detection piece body in a sliding mode through the first sliding groove.
Furthermore, one side of the detection piece body is positioned on one side of the second filter plate and is provided with a second sliding groove, the volume of the second sliding groove is matched with the volume of the second filter plate, and the second filter plate is in sliding connection with the detection piece body through the second sliding groove.
Furthermore, the number of the limiting columns is four, and the top ends of the limiting columns are fixed with the detection piece body through welding.
Furthermore, the top end of the fixing box is provided with a limiting groove at the position of the limiting column, and the limiting column is connected with the fixing box in a sliding manner through the limiting groove.
According to another aspect of the present invention, there is provided a method for detecting a deep neural network against attacks, the method comprising the steps of:
inputting sample data, and preprocessing the sample data to obtain positive data and negative data;
sorting data, performing positive data according to a normal flow, and sending out a warning when the positive data advances to negative data;
at the moment, the distance of the minimum disturbance of the negative data is calculated;
generating third party data according to the related negative data and the distance of the minimum disturbance, and obtaining a countermeasure sample through the third party data;
and attacking the positive data through the third party data, and replacing the positive data with the third party data at the position where the warning is sent out so as to recover the positive data.
Further, the sample data is preprocessed, and the preprocessing comprises the following steps:
cleaning data, and deleting symbols and spaces without word senses;
and carrying out positive and negative processing on the data to obtain positive data and negative data.
Further, the above-mentioned criteria for performing the positive/negative processing on the data is that the data is favorably labeled with a positive data label and the data is not favorably labeled with a negative data label.
Further, in the above attacking positive data by third party data, the attacking method includes one or more of an optimization-based confrontation sample distance calculation method, a jacobian matrix-based greedy matching algorithm, a fast Gradient descent algorithm, a confusion deep learning method, a deefpool algorithm, a CW (Carlini-Wagner attach) algorithm, and a pgd (project Gradient discovery) algorithm.
Compared with the prior art, the invention has the following beneficial effects:
(1) the device is connected with an external power supply, the motor can drive the fan blades to rotate, external gas is sucked from the air holes, the limiting columns can carry out preliminary filtering work on the gas, small particles such as dust and the like in the limiting columns are filtered, the sucked dust is effectively prevented from attaching to the inside of the device, the device is damaged, the heating plate can heat the gas by pressing the first switch, the drying effect is achieved, the device has the moisture-proof effect, the second filter plate can dry the gas for the second time, the moisture-proof effect of the device is better, the cooling plate can cool the gas by pressing the second switch, the heat dissipation effect of the device is better, the device has a heat dissipation function with obvious effect, meanwhile, the dust-proof and moisture-proof work can be performed, and a good detection environment is provided for the device conveniently.
(2) When the device receives external force collision or carries, can produce and rock, the device can produce certain pressure to spacing post, the fixed plate carries out the displacement simultaneously, the fixed plate forces the continuous repeated deformation of spring to recover the action, absorb certain pressure, reach absorbing effect, great hoisting device's life, first filter is through first spout and a body sliding connection that detects, the second filter passes through second spout and a body sliding connection that detects, make first filter and second filter can be very convenient change, the quantity of spacing post is four, and the top of spacing post passes through welded fastening with the body that detects, carry that damping device can be stable and carry out work, spacing post passes through spacing groove and fixed box sliding connection, make the shock attenuation effect of device better.
(3) The method can repair the data chain at the attacked position quickly and immediately, thereby ensuring that the data can be recovered quickly, simultaneously, after each attack, the attack sample can be kept, thus forming a growing form of anti-attack tree, further ensuring that each attack can avoid the next attack of the same type, repeating the steps, and effectively improving the robustness of the neural network classifier.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an overall detection apparatus for a deep neural network to combat attacks according to an embodiment of the present invention;
FIG. 2 is a schematic cross-sectional structural diagram of a body of a detecting element of a detecting device for resisting attacks of a deep neural network according to an embodiment of the invention;
FIG. 3 is a schematic cross-sectional structural diagram of a body of a detecting element of a detecting device for resisting attacks of a deep neural network according to an embodiment of the invention;
FIG. 4 is a schematic cross-sectional structural diagram of a fixture box of a detection apparatus for resisting attacks in a deep neural network according to an embodiment of the invention;
fig. 5 is a flowchart of a method for detecting a deep neural network against attacks according to an embodiment of the present invention.
Reference numerals:
1. a detection piece body; 2. a damping device; 3. a first switch; 4. a second switch; 5. a first filter plate; 6. a fixed block; 7. a second filter plate; 8. fixing a column; 9. heating plates; 10. a cooling plate; 11. fixing the rod; 12. a motor; 13. a fan blade; 14. a fixing box; 15. a limiting column; 16. a fixing plate; 17. a spring.
Detailed Description
The invention is further described with reference to the following drawings and detailed description:
the first embodiment is as follows:
referring to fig. 1-4, a deep neural network anti-attack detection device according to an embodiment of the present invention includes a detection device body 1, a first switch 3 and a second switch 4 are sequentially fixed on one side of a top end of the detection device body 1, a first filter plate 5 is movably connected inside the top end of the detection device body 1, a second filter plate 7 is movably connected inside the top end of the detection device body 1, the second filter plate 7 is located at a bottom end of the first filter plate 5, a fixing block 6 is fixed on one side of the first filter plate 5, a fixing column 8 is fixed on one side of the second filter plate 7, fixing rods 11 are uniformly distributed and fixed at bottom ends of the first filter plate 5 and the second filter plate 7 inside the detection device body 1, a heating plate 9 is fixed at a bottom end of the first filter plate 5 inside the detection device body 1, the bottom mounting that detects 1 inside being located of body second filter 7 has cooling plate 10, the inside bottom equipartition of detecting 1 is fixed with motor 12, the output of motor 12 is fixed with flabellum 13, the bleeder vent has been seted up to the top equipartition of detecting 1, the both sides equipartition of detecting 1 bottom of body is seted up flutedly, hot plate 9 passes through first switch 3 and external power source electric connection, cooling plate 10 passes through second switch 4 and external power source electric connection, motor 12 and external power source electric connection.
By the scheme of the invention, the device is connected with an external power supply, the motor 12 is uniformly fixed at the bottom end inside the detection piece body 1, the motor 12 can drive the fan blade 13 fixed at the output end of the detection piece body to rotate, external gas is sucked from the air holes uniformly formed in the top end of the detection piece body 1, the gas firstly passes through the limiting column 15, the limiting column 15 can carry out primary filtering work on the gas, small particles such as dust and the like in the gas are filtered, the sucked dust is effectively prevented from attaching to the inside of the device to damage the device, then the gas passes through the heating plate 9, the heating plate 9 can heat the gas by pressing the first switch 3, the drying effect is achieved, the device has a moisture-proof effect, then the gas passes through the second filtering plate 7, the second filtering plate 7 can carry out secondary drying work on the gas, and the moisture-proof effect of the device is better, at last, the gas passes through the cooling plate 10, the second switch 4 is pressed, the cooling plate 10 can cool the gas, the heat dissipation effect of the device convenient to use is better, the device has the heat dissipation function with obvious effect, meanwhile, the dust prevention and moisture prevention work can be carried out, and the good detection environment is convenient to provide for the device.
Example two:
referring to fig. 1-4, a damping device 2 is fixed at the bottom end of the detecting piece body 1, the damping device 2 includes a fixing box 14, a limiting post 15, a fixing plate 16 and a spring 17, the top end of the fixing box 14 is uniformly and movably connected with the limiting post 15, the bottom end of the limiting post 15 is fixed with the fixing plate 16, the bottom end of the fixing plate 16 is uniformly and fixedly provided with the spring 17, the spring 17 is located at the bottom end of the limiting post 15, a first sliding chute is formed at one side of the first filter plate 5 at the top end of the detecting piece body 1, the volume of the first sliding chute is matched with the volume of the first filter plate 5, the first filter plate 5 is slidably connected with the detecting piece body 1 through the first sliding chute, a second sliding chute is formed at one side of the detecting piece body 1 at the second filter plate 7, the volume of the second sliding chute is matched with the volume of the second filter plate 7, the second filter plate 7 is connected with the detection piece body 1 in a sliding mode through the second sliding groove, the number of the limiting columns 15 is four, the top ends of the limiting columns 15 are fixed with the detection piece body 1 through welding, limiting grooves are formed in the positions, located on the limiting columns 15, of the top ends of the fixed boxes 14, and the limiting columns 15 are connected with the fixed boxes 14 in a sliding mode through the limiting grooves.
Through the scheme of the invention, when the device receives external force collision or carries the device, the device can generate shaking, the damping device 2 comprises the fixed box 14, the limiting columns 15, the fixed plate 16 and the springs 17, the device can generate certain pressure on the limiting columns 15 which are uniformly distributed and movably connected at the top end of the fixed box 14, meanwhile, the limiting columns 15 drive the fixed plate 16 fixed at the bottom end of the fixed box to displace, the fixed plate 16 forces the springs 17 which are uniformly distributed and fixed at the bottom end of the fixed box to continuously repeat deformation and recovery actions to absorb certain pressure, the damping effect is achieved, the service life of the device is greatly prolonged, the first filter plate 5 is in sliding connection with the detection piece body 1 through the first sliding chute, the second filter plate 7 is in sliding connection with the detection piece body 1 through the second sliding chute, the first filter plate 5 and the second filter plate 7 can be conveniently replaced, the number of the limiting columns 15 is four, and the top of spacing post 15 and the detection piece body 1 pass through welded fastening, and the transport damping device 2 can be stable carry out work, and the spacing groove has been seted up at the position that fixed box 14 top is located spacing post 15, and spacing post 15 passes through spacing groove and fixed box 14 sliding connection for the shock attenuation effect of device is better.
As shown in fig. 5, according to an embodiment of the present invention, there is provided a method for detecting a deep neural network against an attack, including the following steps:
s101, inputting sample data, and preprocessing the sample data to obtain positive data and negative data;
step S103, sorting the data, carrying out positive data according to a normal flow, and sending out a warning when the positive data advances to negative data;
step S105, calculating the minimum disturbance distance of the negative data;
step S107, generating third-party data according to the related negative data and the distance of the minimum disturbance, and obtaining a countermeasure sample through the third-party data;
and step S109, attacking the positive data through the third party data, replacing the positive data with the third party data at the position where the warning is sent, and recovering the positive data.
In addition, in the specific implementation, the preprocessing of the sample data includes the following steps:
cleaning data, and deleting symbols and spaces without word senses;
and carrying out positive and negative processing on the data to obtain positive data and negative data.
The above-mentioned criteria for performing the positive/negative processing on the data are to apply a positive data label to the data which is beneficial to the data according to the specification, and to apply a negative data label to the data which is not beneficial to the data according to the specification.
In the above-mentioned attacking positive data by third party data, the attacking method includes one or more of an optimization-based confrontation sample distance calculation method, a jacobian matrix-based greedy matching algorithm, a fast Gradient descent algorithm, a confusion deep learning method, a deefpool algorithm, a CW (carrini-Wagner attach) algorithm, and a pgd (project Gradient discovery) algorithm.
In a specific use case, in calculating the distance of the minimum disturbance of the negative data in step S105, the calculation formula is:
Figure BDA0002899562870000071
where x represents the perturbation size, the limit for p is (-0.3,0.3) for the mnist dataset, where x is larger when p is larger.
For the convenience of understanding the technical solutions of the present invention, the following detailed description will be made on the working principle or the operation mode of the present invention in the practical process.
In practical application, the device is connected with an external power supply, the motor 12 is uniformly distributed and fixed at the bottom end inside the detection piece body 1, the motor 12 can drive the fan blades 13 fixed at the output end of the motor to rotate, external gas is sucked from the air holes uniformly distributed and formed in the top end of the detection piece body 1, the gas firstly passes through the limiting column 15, the limiting column 15 can carry out preliminary filtering work on the gas, small particles such as dust inside the gas are filtered, the sucked dust is effectively prevented from attaching to the inside of the device to damage the device, then the gas passes through the heating plate 9, the gas can be heated by pressing the first switch 3 through the heating plate 9, the drying effect is achieved, the device has a moisture-proof effect, then the gas passes through the second filtering plate 7, the second filtering plate 7 can carry out drying work on the gas for the second time, and the moisture-proof effect of the device is better, finally, the gas passes through the cooling plate 10, the second switch 4 is pressed, the cooling plate 10 can cool the gas, the heat dissipation effect of the device is better, the device has a heat dissipation function with a remarkable effect, meanwhile, the device can also perform dustproof and moistureproof work, a good detection environment is convenient to provide for the device, when the device receives external force collision or is carried, the device can generate shaking, the damping device 2 comprises a fixed box 14, a limiting column 15, a fixed plate 16 and a spring 17, the device can generate certain pressure on the limiting column 15 which is uniformly distributed and movably connected at the top end of the fixed box 14, the limiting column 15 can drive the fixed plate 16 which is fixed at the bottom end to displace, the fixed plate 16 forces the spring 17 which is uniformly distributed and fixed at the bottom end to continuously repeat deformation and recovery actions, certain pressure is absorbed, the damping effect is achieved, the service life of the device is greatly prolonged, the first filter plate 5 is connected with the detection part body 1 in a sliding mode, the second filter 7 passes through the second spout and detects 1 sliding connection of a body, make first filter 5 and second filter 7 can be very convenient change, spacing post 15's quantity is four, and spacing post 15's top passes through welded fastening with detecting a body 1, carry carrying damping device 2 can be stable carry out work, the spacing groove has been seted up at the position that fixed 14 tops of box are located spacing post 15, and spacing post 15 passes through spacing groove and fixed 14 sliding connection of box, make the shock attenuation effect of device better.
The method can repair the data chain at the attacked position quickly and immediately, thereby ensuring that the data can be recovered quickly, simultaneously, after each attack, the attack sample can be kept, thus forming a growing form of anti-attack tree, further ensuring that each attack can avoid the next attack of the same type, repeating the steps, and effectively improving the robustness of the neural network classifier.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. The device for detecting the attack resistance of the deep neural network is characterized by comprising a detecting piece body (1), wherein a first switch (3) and a second switch (4) are sequentially fixed on one side of the top end of the detecting piece body (1), a first filter plate (5) is movably connected inside the top end of the detecting piece body (1), a second filter plate (7) is movably connected inside the top end of the detecting piece body (1), the second filter plate (7) is located at the bottom end of the first filter plate (5), a fixed block (6) is fixed on one side of the first filter plate (5), a fixed column (8) is fixed on one side of the second filter plate (7), fixing rods (11) are uniformly distributed at the bottom ends of the first filter plate (5) and the second filter plate (7) inside the detecting piece body (1), and a heating plate (9) is fixed at the bottom end of the first filter plate (5) inside the detecting piece body (1) The bottom mounting of second filter (7) has cooling plate (10), the inside bottom equipartition of detection piece body (1) is fixed with motor (12), the output of motor (12) is fixed with flabellum (13), the bleeder vent has been seted up to the top equipartition of detection piece body (1), the both sides equipartition of detection piece body (1) bottom is seted up flutedly, hot plate (9) pass through first switch (3) and external power source electric connection, cooling plate (10) are passed through second switch (4) and external power source electric connection, motor (12) and external power source electric connection.
2. The device for detecting the attack resistance of the deep neural network according to claim 1, wherein a damping device (2) is fixed at the bottom end of the detecting element body (1), the damping device (2) comprises a fixing box (14), a limiting column (15), a fixing plate (16) and a spring (17), the limiting column (15) is uniformly and movably connected to the top end of the fixing box (14), the fixing plate (16) is fixed at the bottom end of the limiting column (15), the spring (17) is uniformly fixed at the bottom end of the fixing plate (16), and the spring (17) is located at the bottom end of the limiting column (15).
3. The device for detecting the attack resistance of the deep neural network according to claim 1, wherein a first sliding groove is formed at the top end of the detecting member body (1) on one side of the first filter plate (5), the volume of the first sliding groove is matched with the volume of the first filter plate (5), and the first filter plate (5) is slidably connected with the detecting member body (1) through the first sliding groove.
4. The device for detecting the attack resistance of the deep neural network according to claim 3, wherein a second sliding groove is formed on one side of the detecting member body (1) on one side of the second filter plate (7), the volume of the second sliding groove is matched with the volume of the second filter plate (7), and the second filter plate (7) is slidably connected with the detecting member body (1) through the second sliding groove.
5. The device for detecting the attack resistance of the deep neural network as claimed in claim 2, wherein the number of the limiting columns (15) is four, and the top ends of the limiting columns (15) are fixed with the detecting piece body (1) through welding.
6. The device for detecting the attack resistance of the deep neural network as claimed in claim 5, wherein a position of the top end of the fixing box (14) on the position of the limiting column (15) is provided with a limiting groove, and the limiting column (15) is connected with the fixing box (14) in a sliding manner through the limiting groove.
7. A method for detecting the attack resistance of the deep neural network, which is used for the detection device of the attack resistance of the deep neural network as claimed in any one of claims 1 to 6, and is characterized by comprising the following steps:
inputting sample data, and preprocessing the sample data to obtain positive data and negative data;
sorting data, performing positive data according to a normal flow, and sending out a warning when the positive data advances to negative data;
at the moment, the distance of the minimum disturbance of the negative data is calculated;
generating third party data according to the related negative data and the distance of the minimum disturbance, and obtaining a countermeasure sample through the third party data;
and attacking the positive data through the third party data, and replacing the positive data with the third party data at the position where the warning is sent out so as to recover the positive data.
8. The method according to claim 7, wherein the preprocessing is performed on the sample data, and the preprocessing comprises:
cleaning data, and deleting symbols and spaces without word senses;
and carrying out positive and negative processing on the data to obtain positive data and negative data.
9. The method as claimed in claim 8, wherein the criteria for processing the data into positive and negative data is that the data is favorably labeled with positive data and the data is unfavorably labeled with negative data.
10. The method for detecting the Attack of the deep neural network as claimed in claim 7, wherein the Attack on the positive data by the third party data includes one or more of an optimization-based confrontation sample distance calculation method, a jacobian-matrix-based greedy matching algorithm, a fast Gradient descent algorithm, a confusion deep learning method, a DEEPFOOL algorithm, a CW (Carlini-Wagner Attack) algorithm, and a PGD (project Gradient Descent) algorithm.
CN202110052417.2A 2021-01-15 2021-01-15 Detection device and detection method for anti-attack of deep neural network Pending CN112839488A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110052417.2A CN112839488A (en) 2021-01-15 2021-01-15 Detection device and detection method for anti-attack of deep neural network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110052417.2A CN112839488A (en) 2021-01-15 2021-01-15 Detection device and detection method for anti-attack of deep neural network

Publications (1)

Publication Number Publication Date
CN112839488A true CN112839488A (en) 2021-05-25

Family

ID=75928206

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110052417.2A Pending CN112839488A (en) 2021-01-15 2021-01-15 Detection device and detection method for anti-attack of deep neural network

Country Status (1)

Country Link
CN (1) CN112839488A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016166820A (en) * 2015-03-10 2016-09-15 日本写真印刷株式会社 Air-permeable waterproof filter and gas detector
WO2019119687A1 (en) * 2017-12-19 2019-06-27 浙江大学 Machine learning-based method for defending voice assistant from being controlled by silent instruction
CN111416683A (en) * 2020-03-31 2020-07-14 上海大学 Concealed communication method based on structural countermeasure sample
CN111600835A (en) * 2020-03-18 2020-08-28 宁波送变电建设有限公司永耀科技分公司 Detection and defense method based on FGSM (FGSM) counterattack algorithm
CN211557857U (en) * 2020-04-26 2020-09-22 湖南北斗物联网产业发展集团有限公司 Novel data acquisition terminal
CN214381950U (en) * 2021-01-15 2021-10-08 华南理工大学 Detection apparatus for attack is combatted to deep neural network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016166820A (en) * 2015-03-10 2016-09-15 日本写真印刷株式会社 Air-permeable waterproof filter and gas detector
WO2019119687A1 (en) * 2017-12-19 2019-06-27 浙江大学 Machine learning-based method for defending voice assistant from being controlled by silent instruction
CN111600835A (en) * 2020-03-18 2020-08-28 宁波送变电建设有限公司永耀科技分公司 Detection and defense method based on FGSM (FGSM) counterattack algorithm
CN111416683A (en) * 2020-03-31 2020-07-14 上海大学 Concealed communication method based on structural countermeasure sample
CN211557857U (en) * 2020-04-26 2020-09-22 湖南北斗物联网产业发展集团有限公司 Novel data acquisition terminal
CN214381950U (en) * 2021-01-15 2021-10-08 华南理工大学 Detection apparatus for attack is combatted to deep neural network

Similar Documents

Publication Publication Date Title
CN105704103B (en) Modbus TCP communication behavior abnormity detection method based on OCSVM double-contour model
CN104766098A (en) Construction method for classifier
CN112839488A (en) Detection device and detection method for anti-attack of deep neural network
Chen et al. DDoS attack detection based on random forest
Raza et al. Novel class probability features for optimizing network attack detection with machine learning
CN105574540A (en) Method for learning and automatically classifying pest image features based on unsupervised learning technology
CN208064679U (en) A kind of notebook anti-collision sleeve
CN110493176B (en) User suspicious behavior analysis method and system based on unsupervised machine learning
CN214381950U (en) Detection apparatus for attack is combatted to deep neural network
CN205485880U (en) High security computer cooling device
Rosay et al. From CIC-IDS2017 to LYCOS-IDS2017: A corrected dataset for better performance
Alothman et al. Towards using transfer learning for botnet detection
CN204256633U (en) A kind of high life hard disc of computer
CN107688744A (en) Malicious file sorting technique and device based on Image Feature Matching
CN115643108B (en) Safety assessment method, system and product for industrial Internet edge computing platform
Alfarshouti et al. An intrusion detection system in IoT environment using KNN and SVM classifiers
CN214392825U (en) Laser carving mechanism
CN212433668U (en) Platform architecture based on big data of computer
CN217281020U (en) Explosion-proof device of power battery for electric forklift
Ortiz et al. Improving network intrusion detection with growing hierarchical self-organizing maps
CN211443742U (en) Novel computer part transportation equipment
CN211827175U (en) Heat dissipation device based on flow water quality acquisition control communication host
CN113569866A (en) Method for identifying HPV test paper based on deep learning
CN215173384U (en) AI intelligent recognition device
CN110472641B (en) Cavitation bubble near-wall collapse image characteristic data extraction method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination