Research On The Security Of Deep Learning In Two Types Of Real Scenarios

With the wide application of deep learning,its security has become the focus of researchers.The deep learning model is subjected to attacks of adversarial examples,which limits its application in scenarios with high security requirements.Most of the existing defense strategies of adversarial examples focus on computer vision,voice processing and other fields.However,for some interdisciplinary application scenarios,the existing defense strategies are not applicable,and there are some shortcomings such as limited computing resources and vulnerable static models.To address these problems,we study the security of deep learning in two types of application scenarios.(1)For network traffic classification,we analyzed the principle of network traffic adversarial examples and proposed an effective black-box attack strategy for network traffic.At the same time,it decreases the computational complexity of traditional adversarial training,and proposes that batch adversarial training and enhanced adversarial training defend against white-box attack and black-box attack respectively.Experimental results on real traffic data sets show that the improved adversarial training method improves the classification accuracy of adversarial examples by41.0%.(2)For edge intelligence computing environment,based on the idea of moving target defense(MTD),and combining various methods such as adversarial training,knowledge distillation and game theory,we put forward a defense framework EI-MTD for edge intelligent security.The defense framework first confronts the teacher training model from the cloud data center with abundant hardware resources,then obtains a group of member models through the proposed differential knowledge distillation algorithm,and finally dynamically schedules the member models according to the Bayesian Stackelberg game.This dynamic defense strategy can effectively reduce the black box attacker to find the best agency model.Experimental results show that EI-MTD improves the accuracy of M-DI~2-FGSM,the best method of black box attack,by 25%.