Adversarial Examples Defense And Privacy Preserving In Machine Learning

Recent years,machine learning technology pushes forward the rapid development of Artificial Intelligence.Machine learning is widely used in computer vision,medical,automatic drive and many other fields.At the same time,machine learning has been caused the problems of information security and privacy.In terms of security,machine learning model can be attacked by poisoning attack and adversarial example,which may lead to serious security incidents.In terms of privacy,the privacy of users may be revealed for the machine learning prediction is in the plaintext domain.This paper focuses on the following two specific issues.One is the adversarial example attack against traffic signs.The traffic sign classifier of the automatic drive system is based on DNN model.An attacker can put the adversarial example noise into the traffic signs that could cause a traffic accident.The other is the privacy leakage of MLaa S users.The MLaa S users need to upload their data to the MLaa S server in plaintext domain,because of which users' privacy could be leaked.Aiming at these issues,we propose the corresponding solutions,and the main contributions of this paper are as follows:(1)We research the security and privacy problems in machine learning and give a latest review in this area.In the review,we deeply analyse the advantages and disadvantages of the existing solutions to these proplems,and refine several core problems in this area.(2)To prevent adversarial example attacks aiming at traffic signs,we propose a defensemethod based on traditional image features.Firstly,we analysis and test the robustness ofthe traditional image features on the adversarial examples.Then,against adversarial exampleattacks,we design a defense scheme for the traffic sign classifier of the automatic drivesystem by using traditional image features.We simulate the proposed defense schemeexperimentally.The experiments show that our defense scheme can ensure the robustness ofthe traffic sign classifier in this scenario.(3)Aiming to preserve user privacy in MLaa S,we propose a Privacy-Preserving Deep Neural Network model based on the Paillier Homomorphic Cryptosystem.This model can protect the users' privacy because the model is running in ciphertext domain.First,we introduce the every parts of the model.Then we build our 2P-DNN model based on Le Net-5,and test it with the encrypted MNIST dataset.The experiments show that our model can fulfill the machine leaning task in ciphertext domain.