Research And Implementation Of Detection Method For Deep Neural Network Backdoor Data Poisoning

In recent years,with the popularization of deep learning and artificial intelligence,they have gradually been integrated into all aspects of people’s lives.Compared with traditional machine learning technologies,neural networks are better at extracting data features.Research on Neural Networks.However,due to the existence of malicious attacks,the security of artificial intelligence products and related applications has been destroyed.Defense against backdoor attacks is very important in scenarios such as artificial intelligence and deep learning.This thesis studies this problem and proposes a detect method for deep neural network backdoor data poisoning.This thesis proposes a template generation method based on neural network class activation maps.The method obtains the regions that affect the classification of the neural network by using class activation maps that can show the changes in neuron weights during the training process of the model.Then,two methods of generating templates are proposed,namely,using the normalized exponential function to realize the transformation of the probability distribution of the two-dimensional array and using the relative entropy calculation formula to solve the difference between the two probability distributions.Templates are generated in an average manner.In this thesis,a neural network poisoning data detection method based on structural similarity is proposed.The method uses neural network visualization technology to obtain the class activation map of clean samples as the original input,and uses the structural similarity solution algorithm to obtain the structural similarity index between multiple original inputs and the class activation map template.The sex index is fitted to a normal distribution,a threshold is selected,and whether the input data is poisoned data is judged by the threshold.Under the condition of two data sets and two neural network models,the author constructs a poisoning data set by changing the size and position of the backdoor trigger,and uses the poisoning data set to train the poisoning model.The poisoning data detection method proposed in this thesis is used to detect the input test data.The experiment shows that the poisoning data detection method is effective.This thesis designs and implements a deep neural network backdoor detect system,completes three main functional modules:class activation map screening template,poisoning data detection,and poisoning detection result history record,and realizes the function of data visualization.The reliability of the system is verified.