Research On Security Evaluation Of Deep Neural Network Models

In recent years,artificial intelligence technology has been widely used,especially in the field of image recognition,artificial intelligence technology represented by deep neural network is widely used in face recognition,license plate recognition and other scenes,and has achieved high accuracy.The deep neural network makes the deep neural network model's understanding of the input data more profound by calculating and processing the image input data layer by layer.However,the operation mechanism of the deep neural network model is difficult to explain theoretically,and its own vulnerability and security problems may cause great security risks to the actual application system.For example,the wrong recognition of unmanned vehicles causes traffic accidents,and the mistakes of face recognition cause financial payment errors,etc.Therefore,how to effectively evaluate the security of deep neural network models is a problem worthy of further study,which has important academic significance and application prospects.At present,most of the research on the security of deep neural network models is limited to the attack and defense of adversarial examples,or the generation technology of test cases,and there is little work related to the security evaluation of deep neural network models.The security evaluation of the model not only allows the creator of the model to discover the security problems of the model and improve the model,but also allows the user of the model to judge whether the security index of the model conforms to the current application scenario.How to design reasonable indicators and evaluation process to realize the evaluation of model security is the main problem to be solved in this paper.In order to solve the above problems,this paper mainly conducts research from the perspective of the security evaluation of deep neural network models based on adversarial examples and the model adequacy evaluation based on neuron coverage.By proposing the indicators of model security and adequacy evaluation,as well as the evaluation process and algorithm,the effective evaluation of the security of the deep neural network model is realized.Specifically,the main contributions of this paper include:(1)Model security evaluation based on adversarial examples.In this paper,the indicators ADV?SEC(adversarial examples generation security)and ADV?AVG?TIME(adversarial examples average generation time)related to the generation efficiency of adversarial examples are proposed to measure the security of the deep neural network model from the perspective of the difficulty of adversarial examples generation.At the same time,this paper proposes the ANR(abnormal neuron ratio)index,which realizes the quantitative index of the stability of the output value of the neurons inside the model,so as to measure the security of the deep neural network model.In this paper,a large number of experiments are carried out to verify the stability and effectiveness of the above indicators.(2)Model adequacy evaluation based on neuron coverage.Based on neuron coverage,kmultisection Neuron Coverage,Neuron Boundary Coverage,Strong Neuron Activation Coverage,and Top-k Neuron Coverage indicators,this paper proposes AVGCov(weighted average neuron coverage)and other indicators,which better measures the adequacy of model safety evaluation by balancing the computational efficiency and importance of various neuron coverages.This paper verifies the stability and effectiveness of the above indicators through a large number of experiments.(3)Model security evaluation framework and process.This paper proposes an automated model safety evaluation framework,which integrates the model safety evaluation and sufficiency evaluation indicators proposed in this paper.And realizes the automatic evaluation process,effectively reducing the complexity of the security evaluation of the model.This paper proposes a security evaluation index,process and framework for deep neural network models,which can effectively solve the problems of existing deep neural network model evaluation difficulties and lack of indicators.It can be applied to the security evaluation of deep neural network models in many fields,and provides technical support and foundation for improving the security application of deep neural networks.