Attacks, Defenses and Testing for Deep Learning

Bücher

Angebote / Angebote:

This book provides a systematic study on the security of deep learning. With its powerful learning ability, deep learning is widely used in CV, FL, GNN, RL, and other scenarios. However, during the process of application, researchers have revealed that deep learning is vulnerable to malicious attacks, such as adversarial attacks and poisoning attacks, which will lead to unpredictable consequences. Take autonomous driving as an example, there were more than 12 serious autonomous driving accidents in the world in 2018, including Uber, Tesla, Ford, Google and other high technological enterprise. Drawing on the reviewed literature, we need to discover vulnerabilities in deep learning, reinforce its defense, and test model performance to ensure its robustness. Attacks: Attacks against deep neural networks can be divided into adversarial attacks and poisoning attacks based on the attack stage. The adversarial attack occurs during the model testing phase, where the attacker obtains adversarial examples by adding small perturbations maliciously. A poisoning attack occurs during the model training phase, where the attacker injects poisoned examples into the training dataset, embedding a backdoor trigger in the trained deep learning model. In the testing phase, the poisoned examples trigger a poisoning attack. Defenses: An effective defense method is an important guarantee for the application of deep learning in security-sensitive fields. The existing defense methods are divided into three types, including data modification defense method, model modification defense method, and network add-on method. The data modification defense method performs adversarial defense by fine-tuning the input data and filtering the adversarial perturbation. The model modification defense method starts from the inside of the model and adjusts the neurons and the model framework to achieve the effect of defending against attacks. The network add-on method prevents the adversarial examples from entering the deep learning model by training the adversarial example detector to achieve the adversarial defense effect. Testing: Testing deep neural networks is an effective way to measure the security and robustness of deep learning models. Test evaluation can be divided into constructing the evaluation index system and testing theory. The current test evaluation mainly has the following problems: (1) The model is evaluated mainly by testing adversarial examples, which is not only time-consuming but also usually depends on specific attacks and model structure, (2) The current backdoor detection method has two limitations: high sensitivity to trigger size and high requirement for training data. (3) Lack of provability, effectiveness, and versatility, (4) The generation effectiveness is affected by the vanishing gradient, which is difficult to extend to unstructured data. To solve the above problems, Chen et al. proposed a test evaluation method ROBY belonging to the evaluation index system, and test evaluation methods Catchbackdoor, CertPri, and NeuronFair belonging to the testing theory. Our audience includes researchers in the field of deep learning security, as well as software development engineers specializing in deep learning.