학술논문
基于可逆水印的神经网络模型完整性验证算法 / Neural network model integrity verification algorithm based on reversible watermark
Document Type
Academic Journal
Author
Source
计算机工程与设计 / Computer Engineering and Design. 45(2):383-389
Subject
Language
Chinese
ISSN
1000-7024
Abstract
针对深度神经网络模型易遭受完整性破坏问题,提出一种基于可逆水印和模型压缩剪枝理论的快速神经网络模型完整性验证算法Fast-MIV(model integrity verification).基于模型压缩剪枝理论探究模型的冗余性,筛选对模型原始任务影响较小、且可被替代的权重参数进行预处理构建待嵌入参数序列;采用差值扩展可逆水印算法,在神经网络卷积层上嵌入对模型篡改敏感的神经网络水印,达到完整性验证的目的.基于ImageNet数据集,对VGG19、DenseNet-121、ResNet-50和Inception-v3等模型的实验验证结果表明,Fast-MIV在不影响模型原始分类任务精度的前提下,能够快速验证模型的完整性并报告模型的受损程度,可以应对数据中毒攻击和结构性破坏.
To address the problem that deep neural network models are vulnerable to integrity damage,a Fast-MIV(model integ-rity verification)algorithm was proposed for the neural network model integrity verification based on reversible watermarking and model compression pruning theory.The redundancy of the model was explored based on model pruning compression theory.Weight parameters of the model that showed little impact on model's original tasks were preprocessed to construct the parameter sequence to be embedded.The difference extended reversible watermarking algorithm was used to embed the neural network watermark,which was sensitive to model tampering,on the neural network convolution layer to achieve integrity verification.Comprehensive experiments were conducted based on the typical ImageNet data benchmarks of VGG19,DenseNet-121,ResNet-50 and Inception-v3.The results show that Fast-MIV quickly verifies the integrity of the model and the damage degree of the model without affecting the accuracy of the original classification task of the model,and it can respond to data poisoning attack and structural damage.
To address the problem that deep neural network models are vulnerable to integrity damage,a Fast-MIV(model integ-rity verification)algorithm was proposed for the neural network model integrity verification based on reversible watermarking and model compression pruning theory.The redundancy of the model was explored based on model pruning compression theory.Weight parameters of the model that showed little impact on model's original tasks were preprocessed to construct the parameter sequence to be embedded.The difference extended reversible watermarking algorithm was used to embed the neural network watermark,which was sensitive to model tampering,on the neural network convolution layer to achieve integrity verification.Comprehensive experiments were conducted based on the typical ImageNet data benchmarks of VGG19,DenseNet-121,ResNet-50 and Inception-v3.The results show that Fast-MIV quickly verifies the integrity of the model and the damage degree of the model without affecting the accuracy of the original classification task of the model,and it can respond to data poisoning attack and structural damage.