Neural network backdoor attack method based on frame type trigger

Neural network backdoor attack method based on frame type trigger

The invention discloses a frame type trigger-based neural network backdoor attack method, and belongs to the technical field of deep learning security. The method comprises the following steps of: selecting a position and an area of a frame type trigger to be generated; selecting an implantation cha...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: CHENG JIEBIAO, ZOU YUANBING, WU WENJUAN
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a frame type trigger-based neural network backdoor attack method, and belongs to the technical field of deep learning security. The method comprises the following steps of: selecting a position and an area of a frame type trigger to be generated; selecting an implantation channel with a generation trigger and a color value; randomly selecting a clean sample in a proportion set by an attacker, and generating a malicious sample based on a backdoor implantation algorithm; modifying the backdoor sample tag into a target tag specified by an attacker; randomly selecting samples in a proportion set by an attacker, and converting the samples into backdoor samples to obtain a backdoor data set; and forming a mixed data set by using the clean data set and the backdoor data set, retraining the original image classifier, and implanting a backdoor. According to the method, back door implantation based on the frame type trigger is realized, so that the attack effectiveness is ensured, and the concea