Research On Security Identification Technology Based On Deep Learning

Identity recognition technology based on biological feature information utilizes the inherent physiological characteristics of human beings to identify individuals by integrating with computers and biology.The development of deep learning has led to a revolutionary transformation for this technology,which brings improvements in identification accuracy,efficiency,deployment methods,and application scope.Voiceprint recognition and facial recognition are representative algorithms for identity recognition based on biological feature information.These two techniques have become fundamental technologies in security-related fields.Meanwhile,adversarial attacks against deep learning models present significant challenges and doubts about the security of identity recognition technology itself.Adversarial attacks apply imperceptible perturbations to the input data of deep models.Adversarial examples can cause fatal errors in the model’s output without affecting human’s understanding of its semantics.Therefore,how to construct a secure and reliable identity recognition system has become an urgent and important problem.This dissertation focuses on the key issues in secure identity recognition,with face verification and speaker verification as the main scenarios.Firstly,research on highperformance identity recognition models for secure scenarios is conducted.Secondly,security issues caused by adversarial examples for recognition models are studied.Firstly,for the identity verification problem,this dissertation studies the identity verification model based on deep learning.The research starts from the unstable problem of Additive Angular Margin(AAM)Loss in the early stage of training.After data analysis from multiple dimensions,it demonstrates a locally optimal interval in the distribution of the angles between the sample feature vectors and the weight vectors in the classification layer.Based on this analysis,a multi-stage training method is proposed for the sample embedding model.This method can ensure the stability of the model in the early stage of training.It also unifies the measurement in the sample embedding space to maintain the consistency of the optimization objective.In addition,a lightened model is designed for voiceprint verification on embedded devices.CNN is employed as the local feature extractor to process primary features,and the following bidirectional LSTM layers process the global contextual information.This model can run in real-time on embedded devices while ensuring high-efficiency feature extraction.Finally,high-performance voiceprint and facial verification models have been constructed,which provide the fundamental models for secure identity recognition and experimental environments for the following research.Then,for the security problem of the recognition model caused by adversarial examples,a new method based on singular value decomposition(SVD)is proposed.This method can enhance the adversarial robustness of DNNs based on the interpretable theoretical basis.More specifically,the proposed method calculates the singular values,by SVD,related to the channel dimensions of the feature map.Then the informationcarrying capacity of each channel is analyzed from the point of the distribution of the singular values.Based on this method,the adversarially trained model and the standard trained model are compared qualitatively and quantitatively.The behavior pattern changes of DNNs caused by adversarial training are analyzed and explained.Based on the observation,the adversarial training algorithm,Singular Value Suppress(SVS),is furtherly proposed.SVS adds the standard deviation of the distribution of the singular values to the loss function item.The experimental results show that SVS can furtherly enhance the adversarial robustness of the deep model when facing many strong whitebox attacks.Finally,this adversarial training method is applied to voiceprint and facial verification tasks and improves the adversarial robustness of the identity recognition models.Lastly,this dissertation continues to study the security problem of adversarial examples by treating it as a denoising problem.Using deep learning interpretability technology,a denoising defense algorithm is designed for the interpretable and trustworthy improvements of robustness.Firstly,using the feature visualization technology Class Activation Map(CAM),the differences in neuron activation patterns between adversarial and benign examples are discussed in a visualizable and interpretable way.Based on this discussion,a semantically interpretable denoising algorithm is proposed for adversarial perturbations.This defense method does not need gradient computation,modification of the original network structure and weights,additional training,or prior knowledge of the attack algorithm.It can be used as an adversarial example detector or as a robustness enhancement component for the model,with flexible applicability.Extensive experiments are conducted on various DNNs and representative attack algorithms,and the results show that this method can resist complex adversarial examples.The ablation experiments about the selection of the layer for extracting CAM and the trade-off between the standard accuracy and the detection success rate are then conducted.Finally,the proposed method is utilized to enhance the adversarial robustness of identity recognition algorithms and shows excellent performance.To sum up,this dissertation takes face verification and voiceprint verification as the main scenarios and studies the key issues in security identification.The high-performance voiceprint verification and face verification models are built.Effective defense methods against adversarial attacks and enhancing models’ adversarial robustness are proposed to strengthen the usability and security of identification models.