CN113723604A - Neural network training method and device, electronic equipment and readable storage medium - Google Patents
Neural network training method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN113723604A CN113723604A CN202010456574.5A CN202010456574A CN113723604A CN 113723604 A CN113723604 A CN 113723604A CN 202010456574 A CN202010456574 A CN 202010456574A CN 113723604 A CN113723604 A CN 113723604A
- Authority
- CN
- China
- Prior art keywords
- neural network
- training
- type
- layer
- training data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013528 artificial neural network Methods 0.000 title claims abstract description 141
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000006835 compression Effects 0.000 claims description 18
- 238000007906 compression Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 15
- 238000013139 quantization Methods 0.000 claims description 6
- 238000003062 neural network model Methods 0.000 abstract description 17
- 239000010410 layer Substances 0.000 description 133
- 238000010586 diagram Methods 0.000 description 10
- 238000011176 pooling Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000005520 cutting process Methods 0.000 description 2
- 230000006837 decompression Effects 0.000 description 2
- 235000002566 Capsicum Nutrition 0.000 description 1
- 239000006002 Pepper Substances 0.000 description 1
- 235000016761 Piper aduncum Nutrition 0.000 description 1
- 235000017804 Piper guineense Nutrition 0.000 description 1
- 244000203593 Piper nigrum Species 0.000 description 1
- 235000008184 Piper nigrum Nutrition 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 150000003839 salts Chemical class 0.000 description 1
- 239000002356 single layer Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computational Linguistics (AREA)
- Bioethics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Image Analysis (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides a neural network training method, a device, an electronic device and a readable storage medium, wherein the neural network training method comprises the following steps: processing the first type of training data by using a fixed layer of a neural network to be trained to obtain an encryption characteristic; and training the trainable layer of the neural network to be trained based on the encrypted features and second type training data until the neural network to be trained is converged. The method can improve the performance of the neural network model under the condition of ensuring the safety of the first type of training data.
Description
Technical Field
The present disclosure relates to deep learning technologies, and in particular, to a neural network training method and apparatus, an electronic device, and a readable storage medium.
Background
The online learning is a learning method which utilizes online unsupervised data for training so as to further improve the generalization performance of the model in the deployed actual environment. In an online learning system, it is usually necessary to use some or all of the original supervised data to assist training and ensure the performance of the model. The original supervised data cannot be stored directly at the deployment end of the online learning system due to the privacy and confidentiality of the data involved. The conventional file is encrypted and stored, and the scheme participating in training after decryption has the risks of key leakage and unsafe data memory. In this case, encryption training is an effective scheme for securing data.
In encryption training, data does not need to be decrypted, but rather participates in training directly in the form of ciphertext. Existing encryption training schemes include symmetric encryption schemes, training data plus noise encryption schemes, and self-encoder encryption schemes.
The symmetric encryption scheme ensures that the model of the encryption training is consistent with the original data training, thereby ensuring the performance of the model; but the original data can be restored after the secret key is leaked, and the data security risk exists; meanwhile, the symmetric encryption scheme can only be applied to models such as a single-layer perceptron and the like which do not comprise nonlinear operation, and cannot be applied to a deep neural network.
The training data plus noise encryption scheme encrypts raw data by adding noise to the raw data. But the noise changes the mode of the original data, so that the performance of the model is seriously reduced due to the large noise; the confidentiality of the original data is insufficient with too little noise.
The self-encoder encryption scheme trains a self-encoder to extract features of original data, and the hidden layer features are used for learning the mode of the original data and serve as encrypted data. However, after the decoder parameters are leaked, the original data can still be restored through the hidden layer feature and the decoder, and certain data security risks exist. Furthermore, when the original data pattern is complex (pictures, video, etc.) and the data scale is large, it is difficult to learn good hidden layer features from the coding to represent all patterns of the original data; the performance of the cryptographically trained model in this case is also greatly affected.
Disclosure of Invention
In view of the above, the present application provides a neural network training method, an apparatus, an electronic device and a readable storage medium.
Specifically, the method is realized through the following technical scheme:
according to a first aspect of embodiments of the present application, there is provided a neural network training method, including:
processing the first type of training data by using a fixed layer of a neural network to be trained to obtain an encryption characteristic; the first type of training data is original supervised data, the fixed layer is the first N layers of the neural network to be trained, the fixed layer comprises at least one nonlinear layer, and N is a positive integer;
and training the trainable layer of the neural network to be trained based on the encryption characteristics and second type training data until the neural network to be trained is converged, wherein the second type training data is training data obtained on line.
According to a second aspect of embodiments of the present application, there is provided a neural network training device, comprising
The data processing unit is used for encrypting the first type of training data by utilizing a fixed layer of the neural network to be trained so as to obtain an encryption characteristic; the first type of training data is original supervised data, the fixed layer is the first N layers of the neural network to be trained, the fixed layer comprises at least one nonlinear layer, and N is a positive integer;
and the training unit is used for training the trainable layer of the neural network to be trained based on the encrypted features and second type training data until the neural network to be trained is converged, wherein the second type training data is training data acquired on line.
According to a third aspect of embodiments of the present application, there is provided an electronic device, including a processor and a machine-readable storage medium, the machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being configured to execute the machine-executable instructions to implement the above neural network training method.
According to a fourth aspect of the embodiments of the present application, there is provided a machine-readable storage medium having stored therein machine-executable instructions, which when executed by a processor, implement the neural network training method described above.
The technical scheme provided by the application can at least bring the following beneficial effects:
the first type of training data is processed by utilizing the fixed layer of the neural network to be trained to obtain the encryption characteristic, the trainable layer of the neural network to be trained is trained based on the encryption characteristic and the second type of training data until the neural network to be trained is converged, and the performance of the neural network model is improved under the condition that the safety of the first type of training data is ensured.
Drawings
FIG. 1 is a schematic flow chart diagram illustrating a neural network training method in accordance with an exemplary embodiment of the present application;
FIG. 2 is a schematic flow chart illustrating training of a trainable layer of a neural network to be trained based on processed encryption features and a second type of training data according to an exemplary embodiment of the present application;
FIG. 3 is a schematic flow chart illustrating training of a trainable layer of a neural network to be trained based on encrypted features and a second type of training data according to an exemplary embodiment of the present application;
FIG. 4A is a schematic diagram illustrating a process for obtaining encryption characteristics according to an exemplary embodiment of the present application;
FIG. 4B is a flowchart illustrating a method of neural network training, in accordance with an exemplary embodiment of the present disclosure;
FIG. 5A is a schematic diagram of a neural network shown in an exemplary embodiment of the present application;
FIG. 5B is a schematic flow chart illustrating encryption of a data set according to an exemplary embodiment of the present application;
FIG. 5C is a flow chart diagram illustrating an online training process in accordance with an exemplary embodiment of the present application;
FIG. 6 is a schematic diagram of a neural network training device according to an exemplary embodiment of the present disclosure;
fig. 7 is a schematic diagram of a hardware structure of an electronic device according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
In order to make the technical solutions provided in the embodiments of the present application better understood and make the above objects, features and advantages of the embodiments of the present application more comprehensible, the technical solutions in the embodiments of the present application are described in further detail below with reference to the accompanying drawings.
Referring to fig. 1, a schematic flow chart of a neural network training method according to an embodiment of the present disclosure is shown in fig. 1, where the neural network training method may include the following steps:
it should be noted that, in the embodiment of the present application, unless otherwise specified, the neural network to be trained refers to a neural network that has completed pre-training, and the embodiment of the present application is not repeated in the following.
S100, encrypting the first type of training data by using a fixed layer of a neural network to be trained to obtain an encryption characteristic; the fixed layer is the first N layers of the neural network to be trained, the fixed layer comprises at least one nonlinear layer, and N is a positive integer.
In the embodiment of the application, because the convolutional layer and the pooling layer of the neural network are lossy feature extraction processes, original data cannot be restored even under the condition that intermediate features and parameters of the convolutional layer are known; therefore, data are encrypted through the convolutional layer and the pooling layer of the neural network, and data privacy and safety can be effectively guaranteed.
In addition, because the fine adjustment of the fixed shallow parameters of the pre-trained neural network model has little influence on the performance, the fixed shallow parameters of the pre-trained neural network model are kept unchanged in the training process, and the influence on the performance of the neural network model is little.
Based on this, in order to ensure the performance of the neural network model under the condition of ensuring the security of the first type of training data, the pre-set number of layers of the neural network to be trained may be used as a fixed layer (the parameters of the fixed layer do not participate in the training of the neural network), and the fixed layer is used to encrypt the first type of training data, so as to encrypt the first type of training data, and obtain the encryption characteristics corresponding to the first type of training data.
Illustratively, the first type of training data is raw supervised data.
For example, in order to ensure the security of the first type of training data, the fixed layer for performing encryption processing on the first type of training data needs to include at least one non-linear layer (e.g., a pooling layer, an activation layer, etc.).
It should be noted that, because the parameters of the fixed layer of the neural network do not participate in the training, the larger the number of the fixed layers is, the larger the influence on the performance of the neural network model is; in addition, the greater the number of fixed layers of the neural network, the higher the security of the data processed by the fixed layers of the neural network, and therefore, when the fixed layers of the neural network are set, it is necessary to balance the performance of the neural network model and the security of the processed data (too many fixed layers result in too poor performance of the neural network model; and too few fixed layers result in too poor security of the data processed by the fixed layers).
For example, a layer in the first 1-2 blocks of the neural network may be determined as a fixed layer of the neural network.
In addition, in this embodiment of the application, the encryption processing on the first type of training data by using the fixed layer of the neural network to be trained in step S100 may be implemented offline, that is, the encryption on the first type of training data is implemented offline, and the training on the neural network is implemented online.
And S110, training the trainable layer of the neural network to be trained based on the encrypted features and the second type of training data until the neural network to be trained is converged.
In this embodiment of the application, after the encryption feature is obtained in the manner described in step S100, the trainable layer of the neural network to be trained may be trained based on the obtained encryption feature and the second type of training data until the neural network to be trained converges.
Illustratively, the trainable layer of the neural network to be trained includes the remaining layers except the fixed layer, which generally includes the convolutional layer and the fully-connected layer of the upper layer of the neural network to be trained, and the parameters of the trainable layer are trained during the online training process of the neural network.
Illustratively, the second type of training data is training data acquired online, such as unsupervised data on-line.
It can be seen that, in the method flow shown in fig. 1, the first N layers of the neural network to be trained, including at least one nonlinear layer, are set as fixed layers, the first type of training data is processed by using the fixed layers of the neural network to be trained to obtain encrypted features, and the trainable layer of the neural network to be trained is trained based on the encrypted features and the second type of training data until the neural network to be trained converges, so that the performance of the neural network model is improved under the condition that the security of the first type of training data is ensured.
In one embodiment, after the encrypting the first type training data by using the fixed layer of the neural network to be trained in step S100, the method may further include:
performing appointed processing on the encryption characteristics to improve the security of the encryption characteristics or/and reduce the storage space occupied by the encryption characteristics;
in step S110, training the trainable layer of the neural network to be trained based on the encrypted features and the second type of training data may include:
and training the trainable layer of the neural network to be trained based on the processed encryption characteristics and the second type of training data.
For example, in order to further improve the security of the first type training data, or/and reduce the storage space occupied by the encryption feature, after the encryption processing is performed on the first type training data by using the fixed layer of the neural network to be trained, and the encryption feature is obtained, the encryption feature may be further subjected to designated processing.
In one example, the specified processing may include, but is not limited to, one or more of quantization, cropping, and compression.
Illustratively, the compression is lossy compression.
Accordingly, after the processed encrypted features are obtained, when performing on-line training, the trainable layer of the neural network to be trained may be trained based on the processed encrypted features and the second type of training data.
In one example, as shown in fig. 2, training the trainable layer of the neural network to be trained based on the processed encryption features and the second type of training data may include the following steps:
s200, when the specified processing comprises compression, decompressing the processed encryption characteristics;
step S210, training the trainable layer of the neural network to be trained based on the decompressed encryption features, processing the second type of training data by using the fixed layer of the neural network to be trained, and training the trainable layer of the neural network to be trained based on the processed second type of training data.
For example, when the neural network to be trained is trained online, if the encryption features are compressed, the compressed encryption features need to be decompressed first to obtain decompressed encryption features when the trainable layer of the neural network to be trained is trained based on the encryption features.
When the on-line training of the neural network is performed, on one hand, a trainable layer of the neural network to be trained can be trained based on the decompressed encryption characteristics; in another aspect, a trainable layer of a neural network to be trained may be trained based on a second type of training data.
Because the encryption characteristic is the characteristic processed by the fixed layer of the neural network to be trained, when the encryption characteristic is input into the neural network to be trained, the fixed layer of the neural network to be trained does not process the encryption characteristic any more, but trains the trainable layer of the neural network to be trained by using the encryption characteristic.
When the second type of training data is input into the neural network to be trained, the second type of training data needs to be processed by using the fixed layer of the neural network to be trained, and the trainable layer of the neural network to be trained is trained based on the processed second type of training data.
In one embodiment, as shown in fig. 3, training the trainable layer of the neural network to be trained based on the encrypted features and the second type of training data in step S110 may include the following steps:
and step S111, performing characteristic enhancement on the encryption characteristics.
And S112, training the trainable layer of the neural network to be trained based on the encrypted features after the features are added and the second type of training data.
For example, in order to enhance the richness of data and improve the performance of the neural network model, when the trainable layer of the neural network to be trained is trained based on the encryption features, the encryption features may be enhanced, that is, some information or changed data is added to the encryption features by a certain means, for example, gaussian noise or salt and pepper noise is added to the encryption features, and the trainable layer of the neural network to be trained is trained based on the encryption features after the features are added and the second type of training data.
It should be noted that, in this embodiment, if the encryption feature used for training the trainable layer of the neural network to be trained is a compressed encryption feature, before performing the feature enhancement processing on the encryption feature, it is necessary to perform decompression processing on the compressed encryption feature and perform the feature enhancement processing on the decompressed encryption feature.
In order to enable those skilled in the art to better understand the technical solutions provided by the embodiments of the present application, the technical solutions provided by the embodiments of the present application are described below with reference to specific examples.
In this embodiment, the neural network training system may include two parts: the first part is an offline data set encryption subsystem, and the second part is an online training subsystem; wherein:
the offline data set encryption subsystem processes the first type of training data to obtain the encryption characteristics by using a shallow layer (i.e., the first N layers) of the neural network model to be trained as an encryption layer, and a flowchart thereof may be as shown in fig. 4A. Carrying out forward calculation on the first type of training data through a fixed layer of the model to obtain a characteristic diagram; then, cutting and quantizing the feature map to reduce the size of the feature map; then, the image is compressed and stored by using a compression algorithm for storing the image, including but not limited to run length coding, JPEG (joint photographic experts group) (image format) compression and the like; the resulting feature is the encrypted data of the first type of training data.
As the first type training data is subjected to a series of nonreducible processes such as convolution, pooling, quantization, clipping, compression and the like, the encrypted data can effectively protect the security of the first type training data. In addition, the encrypted data is used as the intermediate layer characteristic of the model, and a subsequent layer can be added for training, so that the performance of the model is ensured.
The online training system trains parameters of a non-fixed layer (i.e., the trainable layer) of the neural network model to be trained by using the encrypted features corresponding to the first type of training data and the second type of training data, so as to further improve the performance of the model in the deployed actual environment, and an implementation flowchart thereof may be as shown in fig. 4B.
Illustratively, in order to enhance the richness of data and improve the performance of the neural network model, the encryption features can be enhanced, and then, the parameters of the trainable layer of the neural network to be trained are trained by combining the two parts of features by using the enhanced encryption features and the second type of training data processed by the fixed layer of the network to be trained, so that the performance of the neural network model is improved.
For example, please refer to fig. 5A, which is a schematic diagram of a neural network according to an embodiment of the present application, the neural network includes a convolutional layer and a fully-connected layer.
Illustratively, pooling layers may also be included between the convolutional layers, not shown.
In this example, the convolutional layers include the bottom fixed convolutional layer (i.e., the fixed layer described above) and the upper trainable convolutional layer. The fixed convolution layer is used as an encryption layer for encrypting the first type of training data, and the parameters of the fixed convolution layer do not participate in training; parameters of the trainable convolutional layer and the fully-connected layer (i.e., the trainable layer described above) are trained in an online training process.
Fig. 5B is a schematic flow chart of data set encryption provided in the embodiment of the present application, and as shown in fig. 5B, after any picture in the first type training data set is subjected to forward calculation by the fixed convolution layer, feature maps of a plurality of channels are obtained, where the feature maps hide features of an original picture but retain data features related to a task; and then, carrying out quantization, cutting, compression and other processing on the feature graph to obtain the final encryption feature.
Fig. 5C is a schematic flow chart of an online training process provided by an embodiment of the present application, as shown in fig. 5C, an encrypted feature undergoes a decompression operation to obtain a corresponding lossy feature map (left column), and the second type of training data also gets the corresponding feature map (right column) through the fixed convolution layer forward calculation, these feature maps are input together into subsequent trainable convolutional layers and fully-connected layers, and the parameters of these layers are trained, since the encryption of the first type of training data is performed by encrypting the first type of training data through the fixed layer of the neural network to be trained, namely, the encryption characteristics belong to the middle-layer characteristics of the neural network to be trained, therefore, the encryption characteristics are used for participating in the training of the trainable layer of the neural network to be trained, the performance of the neural network model can be improved under the condition of ensuring the safety of the first type of training data; in addition, after the encryption characteristics are obtained, the encryption characteristics are compressed and stored by using a lossy compression algorithm and are decompressed for use during neural network training, and the influence of information lost by lossy compression on data to be compressed (namely the encryption characteristics) is small, but the compression ratio is obviously larger than that of lossless compression, so that the safety of the first type of training data can be further improved under the condition of ensuring the performance, and the storage space occupied by the encryption characteristics is obviously reduced.
In the embodiment of the application, the first type of training data is processed by utilizing the fixed layer of the neural network to be trained to obtain the encryption characteristic, the trainable layer of the neural network to be trained is trained based on the encryption characteristic and the second type of training data, and the performance of the neural network model is improved under the condition that the safety of the first type of training data is ensured.
The methods provided herein are described above. The following describes the apparatus provided in the present application:
referring to fig. 6, which is a schematic structural diagram of a neural network training device according to an embodiment of the present disclosure, as shown in fig. 6, the neural network training device may include:
the data processing unit 610 is configured to encrypt the first type of training data by using a fixed layer of the neural network to be trained to obtain an encrypted feature; the first type of training data is original supervised data, the fixed layer is the first N layers of the neural network to be trained, the fixed layer comprises at least one nonlinear layer, and N is a positive integer;
a training unit 620, configured to train a trainable layer of the neural network to be trained based on the encrypted features and second type training data until the neural network to be trained converges, where the second type training data is training data obtained online.
In a possible embodiment, after the data processing unit 610 performs encryption processing on the first type of training data by using the fixed layer of the neural network to be trained, the method further includes:
performing specified processing on the encryption characteristics;
the training unit 620 trains the trainable layer of the neural network to be trained based on the encrypted features and the second type of training data, including:
and training the trainable layer of the neural network to be trained based on the processed encryption characteristics and the second type of training data.
In one possible embodiment, the specifying process includes one or more of the following processes:
quantization, clipping, and compression.
In a possible embodiment, the training unit 620 trains the trainable layer of the neural network to be trained based on the processed encrypted features and the second type of training data, including:
when the specified processing comprises compression, decompressing the processed encryption characteristics;
training the trainable layer of the neural network to be trained based on the decompressed encryption features, processing the second type of training data by using the fixed layer of the neural network to be trained, and training the trainable layer of the neural network to be trained based on the processed second type of training data.
In a possible embodiment, the training unit 620 trains the trainable layer of the neural network to be trained based on the encrypted features and the second type of training data, including:
performing feature enhancement on the encrypted features;
and training the trainable layer of the neural network to be trained based on the encrypted features after the features are added and the second type of training data.
Fig. 7 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure. The electronic device may include a processor 701, a memory 702 storing machine executable instructions. The processor 701 and the memory 702 may communicate via a system bus 703. Also, the processor 701 may perform the neural network training method described above by reading and executing machine executable instructions in the memory 702 corresponding to the encoded control logic.
The memory 702 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
In some embodiments, there is also provided a machine-readable storage medium, such as the memory 702 in fig. 7, having stored therein machine-executable instructions that, when executed by a processor, implement the neural network training method described above. For example, the machine-readable storage medium may be a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and so forth.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (12)
1. A neural network training method, comprising:
encrypting the first type of training data by using a fixed layer of a neural network to be trained to obtain an encryption characteristic; the first type of training data is original supervised data, the fixed layer is the first N layers of the neural network to be trained, the fixed layer comprises at least one nonlinear layer, and N is a positive integer;
and training the trainable layer of the neural network to be trained based on the encryption characteristics and second type training data until the neural network to be trained is converged, wherein the second type training data is training data obtained on line.
2. The method of claim 1, wherein after the encrypting the first type of training data using the fixed layer of the neural network to be trained, further comprising:
performing specified processing on the encryption characteristics to improve the security of the encryption characteristics or/and reduce the storage space occupied by the encryption characteristics;
the training of the trainable layer of the neural network to be trained based on the encrypted features and a second type of training data includes:
and training the trainable layer of the neural network to be trained based on the processed encryption characteristics and the second type of training data.
3. The method of claim 2, wherein the specified processing comprises one or more of:
quantization, clipping, and compression.
4. The method of claim 3, wherein training a trainable layer of the neural network to be trained based on the processed encrypted features and a second type of training data comprises:
when the specified processing comprises compression, decompressing the processed encryption characteristics;
training the trainable layer of the neural network to be trained based on the decompressed encryption features, processing the second type of training data by using the fixed layer of the neural network to be trained, and training the trainable layer of the neural network to be trained based on the processed second type of training data.
5. The method of claim 1, wherein training a trainable layer of the neural network to be trained based on the encrypted features and a second type of training data comprises:
performing feature enhancement on the encrypted features;
and training the trainable layer of the neural network to be trained based on the encrypted features after the features are added and the second type of training data.
6. A neural network training device, comprising:
the data processing unit is used for encrypting the first type of training data by utilizing a fixed layer of the neural network to be trained so as to obtain an encryption characteristic; the first type of training data is original supervised data, the fixed layer is the first N layers of the neural network to be trained, the fixed layer comprises at least one nonlinear layer, and N is a positive integer;
and the training unit is used for training the trainable layer of the neural network to be trained based on the encrypted features and second type training data until the neural network to be trained is converged, wherein the second type training data is training data acquired on line.
7. The apparatus of claim 6, wherein the data processing unit, after encrypting the first type of training data using the fixed layer of the neural network to be trained, further comprises:
performing specified processing on the encryption characteristics to improve the security of the encryption characteristics or/and reduce the storage space occupied by the encryption characteristics;
the training unit trains the trainable layer of the neural network to be trained based on the encrypted features and second type training data, and includes:
and training the trainable layer of the neural network to be trained based on the processed encryption characteristics and the second type of training data.
8. The apparatus of claim 7, wherein the specified process comprises one or more of:
quantization, clipping, and compression.
9. The apparatus of claim 8, wherein the training unit trains a trainable layer of the neural network to be trained based on the processed encrypted features and a second type of training data, comprising:
when the specified processing comprises compression, decompressing the processed encryption characteristics;
training the trainable layer of the neural network to be trained based on the decompressed encryption features, processing the second type of training data by using the fixed layer of the neural network to be trained, and training the trainable layer of the neural network to be trained based on the processed second type of training data.
10. The apparatus of claim 6, wherein the training unit trains the trainable layer of the neural network to be trained based on the encrypted features and a second type of training data, comprising:
performing feature enhancement on the encrypted features;
and training the trainable layer of the neural network to be trained based on the encrypted features after the features are added and the second type of training data.
11. An electronic device comprising a processor and a memory, the memory storing machine executable instructions executable by the processor, the processor being configured to execute the machine executable instructions to implement the method of any one of claims 1 to 5.
12. A machine-readable storage medium having stored therein machine-executable instructions which, when executed by a processor, implement the method of any one of claims 1-5.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010456574.5A CN113723604B (en) | 2020-05-26 | 2020-05-26 | Neural network training method and device, electronic equipment and readable storage medium |
| PCT/CN2021/096109 WO2021238992A1 (en) | 2020-05-26 | 2021-05-26 | Neural network training method and apparatus, electronic device, and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010456574.5A CN113723604B (en) | 2020-05-26 | 2020-05-26 | Neural network training method and device, electronic equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113723604A true CN113723604A (en) | 2021-11-30 |
| CN113723604B CN113723604B (en) | 2024-03-26 |
Family
ID=78672063
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010456574.5A Active CN113723604B (en) | 2020-05-26 | 2020-05-26 | Neural network training method and device, electronic equipment and readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113723604B (en) |
| WO (1) | WO2021238992A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117874794A (en) * | 2024-03-12 | 2024-04-12 | 北方健康医疗大数据科技有限公司 | Training method, system and device for large language model and readable storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016118206A2 (en) * | 2014-11-07 | 2016-07-28 | Microsoft Technology Licensing, Llc | Neural networks for encrypted data |
| JP2018045679A (en) * | 2016-09-08 | 2018-03-22 | 公立大学法人会津大学 | Sensing agent system using portable terminal, machine learning method in sensing agent system, and program for implementing the same |
| FR3057090A1 (en) * | 2016-09-30 | 2018-04-06 | Safran Identity & Security | METHODS FOR SECURELY LEARNING PARAMETERS FROM A CONVOLVED NEURON NETWORK AND SECURED CLASSIFICATION OF INPUT DATA |
| CN108776790A (en) * | 2018-06-06 | 2018-11-09 | 海南大学 | Face encryption recognition methods based on neural network under cloud environment |
| CN108876864A (en) * | 2017-11-03 | 2018-11-23 | 北京旷视科技有限公司 | Image coding, coding/decoding method, device, electronic equipment and computer-readable medium |
| CN108921282A (en) * | 2018-05-16 | 2018-11-30 | 深圳大学 | A kind of construction method and device of deep neural network model |
| CN109214193A (en) * | 2017-07-05 | 2019-01-15 | 阿里巴巴集团控股有限公司 | Data encryption, machine learning model training method, device and electronic equipment |
| CN109325584A (en) * | 2018-08-10 | 2019-02-12 | 深圳前海微众银行股份有限公司 | Federation's modeling method, equipment and readable storage medium storing program for executing neural network based |
| CN110674941A (en) * | 2019-09-25 | 2020-01-10 | 南开大学 | Data encryption transmission method and system based on neural network |
| US20200036510A1 (en) * | 2018-07-25 | 2020-01-30 | Sap Se | Neural network encryption system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9436835B1 (en) * | 2012-01-05 | 2016-09-06 | Gokay Saldamli | Homomorphic encryption in computing systems and environments |
| CN108564587A (en) * | 2018-03-07 | 2018-09-21 | 浙江大学 | A kind of a wide range of remote sensing image semantic segmentation method based on full convolutional neural networks |
| CN110830515A (en) * | 2019-12-13 | 2020-02-21 | 支付宝(杭州)信息技术有限公司 | Flow detection method and device and electronic equipment |
| CN111027632B (en) * | 2019-12-13 | 2023-04-25 | 蚂蚁金服(杭州)网络技术有限公司 | Model training method, device and equipment |
-
2020
- 2020-05-26 CN CN202010456574.5A patent/CN113723604B/en active Active
-
2021
- 2021-05-26 WO PCT/CN2021/096109 patent/WO2021238992A1/en active Application Filing
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016118206A2 (en) * | 2014-11-07 | 2016-07-28 | Microsoft Technology Licensing, Llc | Neural networks for encrypted data |
| JP2018045679A (en) * | 2016-09-08 | 2018-03-22 | 公立大学法人会津大学 | Sensing agent system using portable terminal, machine learning method in sensing agent system, and program for implementing the same |
| FR3057090A1 (en) * | 2016-09-30 | 2018-04-06 | Safran Identity & Security | METHODS FOR SECURELY LEARNING PARAMETERS FROM A CONVOLVED NEURON NETWORK AND SECURED CLASSIFICATION OF INPUT DATA |
| CN109214193A (en) * | 2017-07-05 | 2019-01-15 | 阿里巴巴集团控股有限公司 | Data encryption, machine learning model training method, device and electronic equipment |
| CN108876864A (en) * | 2017-11-03 | 2018-11-23 | 北京旷视科技有限公司 | Image coding, coding/decoding method, device, electronic equipment and computer-readable medium |
| CN108921282A (en) * | 2018-05-16 | 2018-11-30 | 深圳大学 | A kind of construction method and device of deep neural network model |
| CN108776790A (en) * | 2018-06-06 | 2018-11-09 | 海南大学 | Face encryption recognition methods based on neural network under cloud environment |
| US20200036510A1 (en) * | 2018-07-25 | 2020-01-30 | Sap Se | Neural network encryption system |
| CN109325584A (en) * | 2018-08-10 | 2019-02-12 | 深圳前海微众银行股份有限公司 | Federation's modeling method, equipment and readable storage medium storing program for executing neural network based |
| CN110674941A (en) * | 2019-09-25 | 2020-01-10 | 南开大学 | Data encryption transmission method and system based on neural network |
Non-Patent Citations (9)
| Title |
|---|
| GILAD-BACHRACH R等: "Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy", INTERNATIONAL CONFERENCE ON MACHINE LEARNING. PMLR, 31 December 2016 (2016-12-31) * |
| NANDAKUMAR K: "Towards deep neural network training on encrypted data", PROCEEDINGS OF THE IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION WORKSHOPS, 31 December 2019 (2019-12-31) * |
| ZHANG Q等: "GELU-Net: A Globally Encrypted, Locally Unencrypted Deep Neural Network for Privacy-Preserved Learning", IJCAI, 31 December 2018 (2018-12-31) * |
| ZHUANG Y等: "Multichannel attention refinement for video question answering", ACM TRANSACTIONS ON MULTIMEDIA COMPUTING, COMMUNICATIONS, AND APPLICATIONS (TOMM), 12 March 2020 (2020-03-12) * |
| 唐超影等: "基于卷积神经网络的低照度可见光与近红外图像融合", 光学学报, vol. 40, no. 16, 19 May 2020 (2020-05-19) * |
| 朱波等: "一种基于神经网络模型的在线修正优化控制", 企业开发技术, vol. 23, no. 10, pages 89 - 4 * |
| 朱波等: "一种基于神经网络模型的在线修正优化控制", 企业技术开发, no. 10, pages 3 - 4 * |
| 程琼: "神经网络中的隐私保护研究", 中国硕士学位论文全文库 信息科技辑, 15 January 2020 (2020-01-15) * |
| 赵婷婷: "基于神经网络的视频加密与压缩技术的研究", 中国硕士学位论文全文库 信息科技辑, 15 July 2010 (2010-07-15) * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117874794A (en) * | 2024-03-12 | 2024-04-12 | 北方健康医疗大数据科技有限公司 | Training method, system and device for large language model and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021238992A1 (en) | 2021-12-02 |
| CN113723604B (en) | 2024-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhu et al. | Hidden: Hiding data with deep networks | |
| Muhammad et al. | A secure method for color image steganography using gray-level modification and multi-level encryption | |
| CN111523668B (en) | Training method and device of data generation system based on differential privacy | |
| Zheng et al. | Gan-based key secret-sharing scheme in blockchain | |
| Chang et al. | Privacy-preserving reversible information hiding based on arithmetic of quadratic residues | |
| CN108876864B (en) | Image encoding method, image decoding method, image encoding device, image decoding device, electronic equipment and computer readable medium | |
| AprilPyone et al. | Privacy-preserving image classification using an isotropic network | |
| Qadir et al. | Digital image scrambling based on two dimensional cellular automata | |
| Wu et al. | Separable reversible data hiding in encrypted images based on scalable blocks | |
| Chen et al. | Error-free separable reversible data hiding in encrypted images using linear regression and prediction error map | |
| US20240104681A1 (en) | Image steganography utilizing adversarial perturbations | |
| Das et al. | An image secret sharing technique with block based image coding | |
| Xiang et al. | Adaptive and dynamic multi-grouping scheme for absolute moment block truncation coding | |
| Hamamoto et al. | Image watermarking technique using embedder and extractor neural networks | |
| Yang et al. | Efficient color image encryption by color-grayscale conversion based on steganography | |
| CN113723604B (en) | Neural network training method and device, electronic equipment and readable storage medium | |
| Devi et al. | A robust and optimized 3D red-cyan anaglyph blind image watermarking in the DWT domain | |
| Roselinkiruba et al. | Dynamic optimal pixel block selection data hiding approach using bit plane and image encryption | |
| US11574180B2 (en) | Methods for learning parameters of a convolutional neural network, and classifying an input datum | |
| Abdulmunem et al. | Advanced Intelligent Data Hiding Using Video Stego and Convolutional Neural Networks | |
| CN115829816A (en) | Image processing method, device and equipment | |
| Jose et al. | High-capacity reversible data hiding using quotient multi pixel value differencing scheme in encrypted images by fuzzy based encryption | |
| Xu et al. | Stealing your data from compressed machine learning models | |
| Qi et al. | Privacy-Preserving Image Classification Using ConvMixer with Adaptive Permutation Matrix | |
| MaungMaung et al. | Privacy-preserving image classification using isotropic network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |