Research On Backdoor Attack Detection And Defense Technology Based On Deep Neural Network Model

Deep learning gets rid of the limitations of traditional pattern recognition,requiring computers to autocomplete feature learning and integrate the learning of features into the model building process,thereby avoiding the drawbacks of incomplete and inaccurate manual design.It performs extremely well in image and speech recognition,autopilot,intelligent production and other fields,therefore it shows a broad prospect in providing intelligence microservices to Industrial Internet of Things(IIo T).However,the potential secure vulnerabilities limits the application of deep learning in IIo T.Therefore,how to provide secure deep learning services in IIo T applications becomes an important research topic.Among various attacks on deep neural networks(DNNs),backdoor attacks are generally recognized as the most imperceptible type,where an attacker can upload a poisoned DNN model that misbehaves only when inputs contain specific triggers.Existing defense solutions assume a defender has prior knowledge of backdoor triggers or DNN models,remaining far away from practical and flexible.And considering that the computational overhead of backdoor detection is too large,it is unrealistic to rely solely on the user side to complete the detection process.To this end,this paper proposes a collaborative deep learning microservice,Co Defend,to detect backdoor triggers inserted in neural network models and patch backdoor models.Co Defend enables thin devices to detect backdoors in a quick and effective way,while offloading the burdensome task of trigger identification and model mitigation to edge servers.First,a user-based backdoor defense scheme is proposed.The user uses the strong intentional perturbation(STRIP)technology to detect the image,and uses the image overlay technology,image classification and calculation of information entropy of classification results to detect the backdoor embedded in the image.This scheme reduces the time overhead of backdoor detection at the user end,and at the same time,the classification FNR and FPR values are reduced to 0%-1.5% in practical experiments.Second,an edge-based backdoor defense scheme is proposed.The edge server uses the Cycle Generative Adversarial Networks(Cycle GAN)technology to identify and learn the triggers,and converts clean images with correct labels into "poisoned" samples containing trigger.The “poisoned” samples of the feature are finally used to remove the triggers embedded in the model through model retraining.This scheme has good backdoor detection performance,and after fine-tuning the model,it can reduce the success rate of backdoor attack nearly to 0%.Compared with previous work,Co Defend is flexible.It can detect backdoor triggers without access to training datasets,while making minimal assumptions on backdoor triggers.At the same time,it is practical.It allows thin devices with limited resources to actively participate in the defense procedure.Finally,extensive experiments are conducted on multiple real datasets,and the experimental results demonstrate the high efficiency of Co Defend,so it can provide secure deep learning microservices in IIoT.