CN110610208A - Active safety increment data training method - Google Patents

Active safety increment data training method Download PDF

Info

Publication number
CN110610208A
CN110610208A CN201910859405.3A CN201910859405A CN110610208A CN 110610208 A CN110610208 A CN 110610208A CN 201910859405 A CN201910859405 A CN 201910859405A CN 110610208 A CN110610208 A CN 110610208A
Authority
CN
China
Prior art keywords
model
data
training
sample
copy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910859405.3A
Other languages
Chinese (zh)
Inventor
张吉昕
秦拯
黄小凤
胡玉鹏
张吉良
蒋孜博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan University
Original Assignee
Hunan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan University filed Critical Hunan University
Priority to CN201910859405.3A priority Critical patent/CN110610208A/en
Publication of CN110610208A publication Critical patent/CN110610208A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V30/00Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
    • G06V30/10Character recognition
    • G06V30/19Recognition using electronic means
    • G06V30/192Recognition using electronic means using simultaneous comparisons or correlations of the image signals with a plurality of references
    • G06V30/194References adjustable by an adaptive method, e.g. learning

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Molecular Biology (AREA)
  • Computational Linguistics (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Mathematical Physics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Evolutionary Biology (AREA)
  • Databases & Information Systems (AREA)
  • Multimedia (AREA)
  • Machine Translation (AREA)

Abstract

The invention relates to an active safety increment data training method. The invention mainly comprises (1) an incremental data retraining method based on active learning; (2) model security verification method based on anti-sample attack detection. Based on the method, newly added samples are dynamically trained, the model is updated, and the stability of the model is ensured while the decision boundary of the model is expanded.

Description

Active safety increment data training method
Technical Field
The invention relates to the field of machine learning, in particular to an active safety increment data training method.
Background
In recent years, with the rapid development of artificial intelligence technologies represented by machine learning, artificial intelligence technologies such as machine learning are widely used in various fields such as computer vision, natural language processing, security, finance, and the like. The machine learning method is used for fitting a model approximating the real world data law by training a large amount of data and predicting the real world data law based on the model. The machine learning method is mainly classified into a supervised learning method, an unsupervised learning method, an reinforcement learning method, an ensemble learning method, and the like. The supervised learning method has the advantages that the model accuracy is high and the defect is mainly reflected in the requirement of a large amount of marked data by training the data with the labels; the unsupervised learning method only trains unlabeled data, has the advantages of no need of marking data and has the defect of insufficient model accuracy; the reinforcement learning method searches a solution space through an optimization strategy, has the advantages that training data is not needed, and has the disadvantages that the search time is long and the return function designed aiming at the target has a large influence on the result; the ensemble learning method forms a strong classifier by integrating a plurality of weak classifiers, has the advantages of enhancing the accuracy of the original model and having the defect of difficult training for a long time.
Although the above machine learning method has been widely used and has achieved certain effects, there are still some problems to be improved: on one hand, in view of the characteristic that supervised learning methods, especially deep learning methods based on neural networks, have high accuracy, such methods have become one of the most mainstream machine learning methods at present, but such methods require a large amount of labeled data for training, which limits the development of the methods. On the other hand, the deep learning method based on the neural network can be used for resisting sample attack by a small number of wrongly marked samples, so that the accuracy of the originally trained model is sharply reduced.
Disclosure of Invention
The invention aims to solve the problems of small amount of labeled samples in a neural network and false labeled sample attack resistance.
Therefore, the invention provides an active security incremental data training method, which mainly comprises two parts of contents:
(1) an incremental data retraining method based on active learning;
(2) model security verification method based on anti-sample attack detection.
The specific contents are as follows:
retraining incremental data by adopting the method (1) to realize dynamic training of the incremental data; meanwhile, the method (2) is adopted to detect the attack of the countercheck sample, so that the stability of the model in the dynamic training process is ensured; and (3) combining the method (1) and the method (2), and realizing safe incremental training of the neural network algorithm under the condition of only a small number of labeled samples. The specific algorithm is as follows:
(1) incremental data retraining method based on active learning.
Based on labeled initial training sample set X ═ { X1,x2,....,xnAnd its label set Y ═ Y1,y2,....,ynAdopting a neural network algorithm to update a formula according to the weightAnd (5) carrying out supervised training to obtain an initial training model NeuNet (< X, Y >). Wherein Loss is a Loss function, e.g. mean square errorOr the cross entropy Loss is-y · high (w · x) - (1-y) · log (1-h (w · x)).
And copying an initial training model NeuNet (< X, Y >), namely the original model, and obtaining an original model copy NeuNetCopy (< X, Y >). Newly added unlabeled training sample X' ═ { X) based on the model1',x2',....,xn'} calculating confidence level according to the formula Conf NeuNetCopy (X'), with confidence level range of [0,1 }]。
If the confidence of the newly added sample is [0.9,1 ]]And in the range, judging the newly added sample as a credible sample. Marks the original training sample copy X, adds the new sample to the original training sample copy Xcopy={x1copy,x2copy,....,xncopyIn the method, a new sample set X is obtainedcopy'={x1copy,x2copy,....,xncopy,x1',x2',....,xk' } and use the sampleNeuNetCopy (X) retraining the original model replicacopy') to obtain a new model copy NeuNetCopy (< X)copyY >, X'). The above process is iterated in sequence.
Compared with the original model, the decision boundary of the new model is continuously enlarged by iteratively retraining the new sample, so that more new samples with confidence coefficient greater than 0.9 can be obtained, more accurate models can be generated more efficiently, and the discrimination capability of the models is improved.
(2) Model security verification method based on anti-sample attack detection.
The invention aims at the new sample set Xcopy'={x1copy,x2copy,....,xncopy,x1',x2',....,xk' } and a new model copy NeuNetCopy (< X) retrained from the original model copycopyY >, X') based on the initial training sample copy Xcopy={x1copy,x2copy,....,xncopyDetecting a new model copy NeuNetCopy (< X)copyY >, X'), through N iterations, a new model and its corresponding accuracy after each iteration is obtained.
And detecting whether the new model re-trained according to the newly added samples is attacked by the resisting samples by calculating the accuracy rate change gradient of the new model copy of the latest N iterations (N is 10). According to the formulaCalculating the accuracy rate change gradient of the historical model copy of N iterations, wherein Grad represents the gradient and ACCnRepresenting the new model accuracy, ACC, after the Nth iteration0Representing the accuracy of the original model. If the gradient decreases (gradient)<0) The rate is too fast (>5%), abandoning the newly added sample and the new model copy; the reverse, i.e. the gradient rises (gradient)>0) Or the reduction rate is gentle, the original model NeuNet is updated by using the new model copy (< X, Y >, X'), and meanwhile, the original training sample X is changed to { X { (X) }1,x2,....,xnIs updated to Xcopy'={x1copy,x2copy,....,xncopy,x1',x2',....,xk', and update the set of labels Y ═ Y1,y2,....,yn}。
Drawings
FIG. 1 is a schematic representation of the embodiment of the present invention
Detailed Description
The invention is implemented by combining the scheme shown in the attached figure 1, and comprises the following steps:
the first step is as follows: inputting an initial training sample into a neural network;
the second step is that: training the training sample by the neural network to obtain a detection model;
the third step: copying the detection model to obtain a detection model copy;
the fourth step: inputting the newly added sample into the copy of the detection model;
the fifth step: detecting the newly added sample by the detection model copy, regarding the newly added sample with the confidence coefficient of more than 0.9 as a credible sample, and marking the newly added sample;
and a sixth step: retraining the newly added samples with the reliability of more than 0.9 by using a neural network to obtain a new detection model copy;
the seventh step: copying an initial training sample to obtain an initial training sample copy;
eighth step: inputting an initial training sample copy into a new detection model copy for testing;
the ninth step: calculating new detection model accuracy changes new model copy accuracy changes were calculated for the last N iterations (N ═ 10).
The tenth step: if the accuracy rate changes by less than 5%, updating the original detection model;
the eleventh step: and simultaneously updating the new sample into the initial training sample.

Claims (3)

1. An active safety increment data training method is characterized in that:
(1) an incremental data retraining method based on active learning;
(2) model security verification method based on anti-sample attack detection.
2. The incremental data method based on active learning of claim 1, wherein aiming at the problem that the neural network algorithm can only train labeled initial data and is difficult to dynamically train newly added unlabeled data, based on the active learning method, the confidence level of the newly added data is dynamically calculated, newly added high-confidence training data is retrained, the security of a new model is verified, the model is dynamically updated, the decision boundary of the model is gradually enlarged, and finally the neural network algorithm retrains the incremental data.
3. The method for verifying model security based on antagonistic sample detection according to claim 1, wherein aiming at the problem that the accuracy of the trained model is reduced when the neural network algorithm is attacked by the antagonistic sample, the model after each iteration is recorded as the historical copy of the model by dynamically training the new data, and the stability of the model in the latest N iterations is detected by using the original data to test the change gradient of the accuracy of the historical copy of the latest N iterations, thereby realizing the detection of the antagonistic sample attack and ensuring the security of the model.
CN201910859405.3A 2019-09-11 2019-09-11 Active safety increment data training method Pending CN110610208A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910859405.3A CN110610208A (en) 2019-09-11 2019-09-11 Active safety increment data training method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910859405.3A CN110610208A (en) 2019-09-11 2019-09-11 Active safety increment data training method

Publications (1)

Publication Number Publication Date
CN110610208A true CN110610208A (en) 2019-12-24

Family

ID=68892666

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910859405.3A Pending CN110610208A (en) 2019-09-11 2019-09-11 Active safety increment data training method

Country Status (1)

Country Link
CN (1) CN110610208A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111723864A (en) * 2020-06-19 2020-09-29 天津大学 Method and device for performing countermeasure training by using internet pictures based on active learning
CN111968111A (en) * 2020-09-02 2020-11-20 广州海兆印丰信息科技有限公司 Method and device for identifying visceral organs or artifacts of CT (computed tomography) image
CN112732591A (en) * 2021-01-15 2021-04-30 杭州中科先进技术研究院有限公司 Edge computing framework for cache deep learning
CN116662764A (en) * 2023-07-28 2023-08-29 中国电子科技集团公司第十五研究所 Data identification method for error identification correction, model training method, device and equipment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111723864A (en) * 2020-06-19 2020-09-29 天津大学 Method and device for performing countermeasure training by using internet pictures based on active learning
CN111968111A (en) * 2020-09-02 2020-11-20 广州海兆印丰信息科技有限公司 Method and device for identifying visceral organs or artifacts of CT (computed tomography) image
CN112732591A (en) * 2021-01-15 2021-04-30 杭州中科先进技术研究院有限公司 Edge computing framework for cache deep learning
CN116662764A (en) * 2023-07-28 2023-08-29 中国电子科技集团公司第十五研究所 Data identification method for error identification correction, model training method, device and equipment
CN116662764B (en) * 2023-07-28 2023-09-29 中国电子科技集团公司第十五研究所 Data identification method for error identification correction, model training method, device and equipment

Similar Documents

Publication Publication Date Title
CN110610208A (en) Active safety increment data training method
CN109408389B (en) Code defect detection method and device based on deep learning
CN111753985B (en) Image deep learning model testing method and device based on neuron coverage rate
CN113612733B (en) Twin network-based few-sample false data injection attack detection method
US20180253866A1 (en) Image analysis neural network systems
CN111507469B (en) Method and device for optimizing super parameters of automatic labeling device
CN108763931A (en) Leak detection method based on Bi-LSTM and text similarity
CN111507371B (en) Method and device for automatically evaluating reliability of label on training image
CN110851176B (en) Clone code detection method capable of automatically constructing and utilizing pseudo-clone corpus
CN110879881B (en) Mouse track recognition method based on feature component hierarchy and semi-supervised random forest
CN108549817A (en) A kind of software security flaw prediction technique based on text deep learning
CN113949549B (en) Real-time traffic anomaly detection method for intrusion and attack defense
CN112016097B (en) Method for predicting network security vulnerability time to be utilized
CN109977118A (en) A kind of abnormal domain name detection method of word-based embedded technology and LSTM
CN109271546A (en) The foundation of image retrieval Feature Selection Model, Database and search method
CN114492642A (en) Mechanical fault online diagnosis method for multi-scale element depth residual shrinkage network
CN114492843A (en) Classification method, device and storage medium based on semi-supervised learning
CN114049305A (en) Distribution line pin defect detection method based on improved ALI and fast-RCNN
CN117879934A (en) SQL injection attack detection method based on network data packet context
CN117633811A (en) Code vulnerability detection method based on multi-view feature fusion
CN117454387A (en) Vulnerability code detection method based on multidimensional feature extraction
CN108664562A (en) The text feature selection method of particle group optimizing
CN117574262A (en) Underwater sound signal classification method, system and medium for small sample problem
CN116643759A (en) Code pre-training model training method based on program dependency graph prediction
CN116680639A (en) Deep-learning-based anomaly detection method for sensor data of deep-sea submersible

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191224