深度学习模型安全性研究综述

A review of deep learning model security research

随着智能化进程的不断加快,以深度学习为代表的人工智能技术得到不断发展。深度学习在众多领域得到广泛应用的同时,其中存在的安全问题也逐渐暴露。普通用户通常难以支撑深度学习所需的大量数据和算力,转而寻求第三方帮助,此时深度学习模型由于失去监管而面临严重安全问题。而深度学习模型在全周期内均会遭受后门攻击威胁,使得深度学习模型表现出极大脆弱性,严重影响人工智能的安全应用。从深度学习模型所需资源条件来看,训练数据、模型结构、支撑平台均能成为后门攻击的媒介,根据攻击媒介的不同将攻击方案划分为基于数据毒化、模型毒化、平台毒化3种类型。介绍了对其威胁模型及主要工作,在此基础上,梳理了针对现有后门攻击的防御措施。最后,结合所在团队的相关工作,并根据当前相关技术研究进展及实际,探讨未来研究方向。

With the continuous acceleration of the intelligent process,the artificial intelligence technology represented by deep learning is continuously developed.Deep learning has been widely used in many areas,and the security problems have been gradually exposed.Ordinary users often struggle to support the large amount of data and work that are required to learn,and have to seek third-party help instead.In this case,the deep learning model is faced with serious security problems because of the loss of regulation.And the deep learning model will be threatened by the backdoor attack in the whole period,so that the deep learning model shows great vulnerability and seriously affects the application of artificial intelligence security.In this paper,from the requirements of the deep learning model,the training data,the model structure and the supporting platform can be the medium of the backdoor attack,and the attack scheme can be divided into data poisoning,model poisoning and platform poisoning of the three types.The threat model and the corresponding researches were introduced,on the basis of which,the defense measures for the existing backdoor attack were exhibited.Finally,the relevant work of our team was presented,and the outlook of the research was discussed.