Mask-based graph classification backdoor attack defense method and system, electronic equipment and storage medium

Mask-based graph classification backdoor attack defense method and system, electronic equipment and storage medium

The invention provides a mask-based graph classification backdoor attack defense method and system, electronic equipment and a storage medium. The method comprises the steps that random masks are used for carrying out mask operation on adjacent matrixes of the graph neural network, each mask operati...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: XIN XIN, NIU JINXING, ZHOU FANDI, JING HUIYUN, WEI WEI
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
HANDLING RECORD CARRIERS
PHYSICS
PRESENTATION OF DATA
RECOGNITION OF DATA
RECORD CARRIERS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention provides a mask-based graph classification backdoor attack defense method and system, electronic equipment and a storage medium. The method comprises the steps that random masks are used for carrying out mask operation on adjacent matrixes of the graph neural network, each mask operation can mask part of information of a network topology structure and destroy a local trigger structure in the network, and meanwhile, mask adjacent matrixes which are overlapped for multiple times are used for carrying out pooling operation, so that the graph neural network is obtained. And the original topological structure of the original network is reserved to the maximum extent, so that the trigger embedded in the training data by an attacker is invalid, and the model also can keep normal performance. 本发明提出一种基于掩码的图分类后门攻击防御方法、系统、电子设备及存储介质。其中,方法包括:利用随机掩码对图神经网络的邻接矩阵进行掩码操作,每次掩码操作都能掩去网络拓扑结构的部分信息,破坏网络中局部的触发器结构,而同时利用多次叠加的掩码邻接矩阵,经过池化操作后,做到最大限度的保留原网络的原始的拓扑结构,以此使得攻击者在训练数据中嵌入的触发器失效,而模型也能保有正常的表现性能。