CN111241559A - Training model protection method, device, system, equipment and computer storage medium - Google Patents

Training model protection method, device, system, equipment and computer storage medium Download PDF

Info

Publication number
CN111241559A
CN111241559A CN202010016072.0A CN202010016072A CN111241559A CN 111241559 A CN111241559 A CN 111241559A CN 202010016072 A CN202010016072 A CN 202010016072A CN 111241559 A CN111241559 A CN 111241559A
Authority
CN
China
Prior art keywords
file
training model
application program
client
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010016072.0A
Other languages
Chinese (zh)
Inventor
孙中飞
徐佳良
刘劲柏
丁中海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Smart Technology Co Ltd
OneConnect Financial Technology Co Ltd Shanghai
Original Assignee
OneConnect Financial Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Financial Technology Co Ltd Shanghai filed Critical OneConnect Financial Technology Co Ltd Shanghai
Priority to CN202010016072.0A priority Critical patent/CN111241559A/en
Publication of CN111241559A publication Critical patent/CN111241559A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Evolutionary Computation (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Stored Programmes (AREA)

Abstract

The invention relates to the field of data security, and discloses a training model protection method, which comprises the following steps: when a downloading request sent by a client is received, acquiring an application identifier associated with the downloading request and an application program corresponding to the application identifier; if the application program comprises a training model, extracting a description file and a parameter file corresponding to the training model from the application program, and combining the description file and the parameter file to obtain an operation file; acquiring an encryption algorithm according to the equipment information of the client, and encrypting the running file according to the encryption algorithm; and adding the encrypted running file into the application program, and sending the application program to a client. The invention also discloses a training model protection device, a system, equipment and a computer storage medium. The invention improves the safety of the training model by carrying out combined encryption on the files of the training model.

Description

Training model protection method, device, system, equipment and computer storage medium
Technical Field
The present invention relates to the field of data security, and in particular, to a training model protection method, apparatus, system, device, and computer storage medium.
Background
With the rapid development of computer technology, the application scenarios of training models are more and more.
The training model is built in the installation package by the current part of application programs, face recognition or voice recognition is carried out through the training model, user login without a network state is achieved, the training model is widely applied to bring convenience to people, meanwhile, the risk of model leakage also occurs, for example, an illegal user obtains user privacy information in the training model through analyzing the application program installation package, and more part of developers copy the training model in the application programs.
Disclosure of Invention
The invention mainly aims to provide a training model protection method, a training model protection device, a training model protection system, training model protection equipment and a computer storage medium, and aims to solve the technical problem that the training model in the current application program is low in safety.
In order to achieve the above object, the present invention provides a training model protection method, which is applied to a server, and includes the following steps:
when a downloading request sent by a client is received, acquiring an application identifier associated with the downloading request and an application program corresponding to the application identifier;
if the application program comprises a training model, extracting a description file and a parameter file corresponding to the training model from the application program, and combining the description file and the parameter file to obtain an operation file;
acquiring an encryption algorithm according to the equipment information of the client, and encrypting the running file according to the encryption algorithm;
and adding the encrypted running file into the application program, and sending the application program to a client.
In an embodiment, after the step of acquiring the application identifier associated with the download request and the application program corresponding to the application identifier when receiving the download request sent by the client, the method includes:
traversing a file directory of the application program to judge whether a file index of a json type description file exists in the file directory, wherein the file index comprises a file type and a file name;
if the file directory has a file index of the json type description file, judging that the application program comprises a training model;
and if the file index of the json type description file does not exist in the file directory, judging that the application program does not contain a training model.
In an embodiment, the step of obtaining an encryption algorithm according to the device information of the client and encrypting the running file according to the encryption algorithm includes:
acquiring the device information of the client, wherein the device information comprises: the device comprises a device manufacturer identifier, a device type identifier and a device system version identifier;
traversing a preset algorithm tree to determine algorithm nodes corresponding to the equipment manufacturer identifier, the equipment type identifier and the equipment system version identifier, and acquiring an encryption algorithm associated with the algorithm nodes;
encrypting the operation file according to the encryption algorithm, wherein the encryption algorithm comprises: hash algorithm, symmetric encryption algorithm, asymmetric encryption algorithm.
In addition, to achieve the above object, the present invention further provides a training model protection device, where the training model protection device is disposed in a server, and the training model protection device includes:
the program acquisition module is used for acquiring an application identifier associated with a download request and an application program corresponding to the application identifier when the download request sent by a client is received;
the file combination module is used for extracting a description file and a parameter file corresponding to a training model from the application program if the application program comprises the training model, and combining the description file and the parameter file to obtain an operation file;
the file encryption module is used for acquiring an encryption algorithm according to the equipment information of the client and encrypting the running file according to the encryption algorithm;
and the file sending module is used for adding the encrypted running file into the application program and sending the application program to the client.
In addition, in order to achieve the above object, the present invention further provides a training model protection method, where the training model protection method is applied to a client, and the training model protection method includes the following steps:
when a downloading request triggered based on an application identifier is received, the application identifier and the downloading request are sent to a server in an associated mode, so that the server feeds back an application program corresponding to the application identifier;
when an application program fed back by a server is received, judging whether an encrypted running file exists in the application program;
if the encrypted running file exists in the application program, decrypting the running file in an internal memory, and decomposing the decrypted running file into a description file and a parameter file;
writing the memory address of the description file and the memory address of the parameter file into an operating system so as to initialize a training model corresponding to the description file;
and when an identification request triggered based on an application program is received, calling an operating system to run the description file and the parameter file so as to execute identification operation through the training model.
In an embodiment, if there is an encrypted running file in the application program, the step of decrypting the running file in an internal memory and decomposing the decrypted running file into a description file and a parameter file includes:
if the encrypted running file exists in the application program, decrypting the running file in an internal memory, and judging whether the running file contains a separator or not;
if the operating file contains separators, carrying out file segmentation from the separators to obtain a description file and a parameter file;
if the operation file does not contain separators, extracting parameters at the position of the placeholder from the operation file, arranging the parameters to form a parameter file, and taking the operation file which does not contain the parameters as a description file.
In addition, to achieve the above object, the present invention further provides a training model protection device, where the training model protection device is disposed at a client, and the training model protection device includes:
the request sending module is used for sending the application identifier and the downloading request to a server in an associated manner when receiving the downloading request triggered based on the application identifier, so that the server feeds back the application program corresponding to the application identifier;
the encryption judgment module is used for judging whether an encrypted running file exists in the application program when the application program fed back by the server is received;
the decryption decomposition module is used for decrypting the running file in the internal memory if the encrypted running file exists in the application program and decomposing the decrypted running file into a description file and a parameter file;
the model initialization module is used for writing the memory address of the description file and the memory address of the parameter file into an operating system so as to initialize the training model corresponding to the description file;
and the model operation module is used for calling an operating system to operate the description file and the parameter file when receiving an identification request triggered based on an application program so as to execute identification operation through the training model.
In addition, in order to achieve the above object, the present invention further provides a training model protection system, where the training model protection system includes a server and a client that are connected in communication, and the training model protection system implements the following steps:
when a client receives a downloading request triggered based on an application identifier, the client sends the application identifier and the downloading request to a server in an associated manner so that the server feeds back an application program corresponding to the application identifier;
when a server receives a downloading request sent by a client, the server acquires an application identifier associated with the downloading request and an application program corresponding to the application identifier;
if the application program comprises a training model, the server extracts a description file and a parameter file corresponding to the training model from the application program, and the server combines the description file and the parameter file to obtain an operation file;
the server acquires an encryption algorithm according to the equipment information of the client, and encrypts the running file according to the encryption algorithm;
the server adds the encrypted running file to the application program, and sends the application program to the client;
when the client receives the application program fed back by the server, the client judges whether an encrypted running file exists in the application program;
if the encrypted running file exists in the application program, the client decrypts the running file in the internal memory and decomposes the decrypted running file into a description file and a parameter file;
the client writes the memory address of the description file and the memory address of the parameter file into an operating system so as to initialize a training model corresponding to the description file;
and when the client receives an identification request triggered based on the application program, the client calls an operating system to run the description file and the parameter file so as to execute identification operation through the training model.
In addition, in order to achieve the above object, the present invention further provides a training model protection device, where the training model protection device is a server or a client;
the server comprises a first memory, a first processor and a computer program which is stored on the first memory and can run on the first processor, wherein the computer program realizes the steps of the training model protection method when being executed by the first processor; or the like, or, alternatively,
the client includes a second memory, a second processor, and a computer program stored in the second memory and executable on the second processor, wherein the computer program, when executed by the second processor, implements the steps of the training model protection method described above.
In addition, to achieve the above object, the present invention also provides a computer storage medium;
the computer storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the training model protection method as described above.
According to the training model protection method, the training model protection device, the training model protection system, the training model protection equipment and the computer storage medium, files of the training model in the application program are combined and encrypted, a user can use the training model corresponding to the application program, but the user privacy information in the training model or the operation file of the training model is difficult to obtain, namely, the files corresponding to the training model are combined, the user cannot accurately find the file corresponding to the training model, and even if the user analyzes each file of the application program, the file corresponding to the training model cannot be decrypted if the file corresponding to the training model is determined, so that the safety of the training model in the application program is improved.
Drawings
FIG. 1 is a schematic diagram of an apparatus in a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart illustrating a training model protection method according to a first embodiment of the present invention;
FIG. 3 is a flowchart illustrating a training model protection method according to a third embodiment of the present invention;
FIG. 4 is a functional block diagram of an embodiment of the training model protection apparatus of the present invention;
fig. 5 is a schematic functional block diagram of another embodiment of the training model protection apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, fig. 1 is a schematic structural diagram of a server (also called training model protection device, where the training model protection device may be formed by a single training model protection device, or may be formed by combining other devices and the training model protection device) in a hardware operating environment according to an embodiment of the present invention.
The server in the embodiment of the invention refers to a computer for managing resources and providing services for users, and is generally divided into a file server, a database server and an application server. The computer or computer system running the above software is also referred to as a server. Compared with a common PC (personal computer), the server has higher requirements on stability, safety, performance and the like; as shown in fig. 1, the server may include: the processor 1001 includes, for example, a Central Processing Unit (CPU), a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002, a chipset, a disk system, hardware such as a network, and the like. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., WIFI interface, WIreless FIdelity, WIFI interface). The memory 1005 may be a Random Access Memory (RAM) or a non-volatile memory (e.g., a disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Optionally, the server may further include a camera, a Radio Frequency (RF) circuit, a sensor, an audio circuit, and a WiFi module; the input unit is compared with a display screen and a touch screen; the network interface can be selected from the wireless interface, such as Bluetooth, a probe and the like except WiFi. Those skilled in the art will appreciate that the server architecture shown in FIG. 1 is not meant to be limiting, and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, the computer software product is stored in a storage medium (storage medium: also called computer storage medium, computer medium, readable storage medium, computer readable storage medium, or direct storage medium, etc., and the storage medium may be a non-volatile readable storage medium such as RAM, magnetic disk, optical disk), and includes several instructions for enabling a client device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the method according to the embodiments of the present invention, and a memory 1005 as a computer storage medium may include an operating system, a network communication module, a user interface module, and a computer program.
In the server shown in fig. 1, the network interface 1004 is mainly used for connecting to a background database and performing data communication with the background database; the user interface 1003 is mainly used for connecting a client (a client, also called a user side or a client, the client in the embodiment of the present invention may be a fixed client or a mobile client, for example, an intelligent air conditioner with a networking function, an intelligent electric lamp, an intelligent power supply, an intelligent sound box, an automatic driving automobile, a PC, a smart phone, a tablet computer, an electronic book reader, a portable computer, etc., the client includes sensors such as a light sensor, a motion sensor, and other sensors, which are not described herein again), and performs data communication with the client; and the processor 1001 may be configured to call the computer program stored in the memory 1005 and execute the steps of the training model protection method provided by the following embodiments of the present invention.
An embodiment of a training model protection method is provided based on the hardware structure.
Referring to fig. 2, in a first embodiment of the training model protection method of the present invention, the training model protection method includes:
step S10, when receiving a download request sent by a client, obtaining an application identifier associated with the download request and an application program corresponding to the application identifier.
The training model protection method in this embodiment is applied to a server, the server establishes a communication connection with a client in advance, and the server receives a download request sent by the client, where a trigger manner of the download request is not specifically limited, that is, the download request may be actively triggered by a user, for example, the user clicks an application icon in a display interface of an application mall of the client to trigger the download request, and the client sends the received download request to the server; in addition, the download request may also be automatically triggered by the client, for example, a trigger condition of the download request is preset in the client: the method comprises the steps that a downloading request is automatically triggered when an application program is updated, the client automatically triggers the downloading request when the client detects that the application program is updated, and the client sends the downloading request to a server.
When a server receives a download request sent by a client, the server obtains an application identifier associated with the download request, where the application identifier refers to identifier information uniquely identifying an application program, and for example, the application identifier may be an application icon or an application name; the server queries the code database to obtain the application program corresponding to the application identifier, and the application program in this embodiment may be understood as a file set corresponding to the application program.
After the server acquires the application program, the server judges whether the application program contains a training model, the training model refers to an identification algorithm formed through machine learning, the machine learning can be realized through a plurality of modes such as a neural network, a genetic algorithm, a support vector machine and the like, and the training model comprises the following steps: speech recognition models, face recognition models, and the like.
The embodiment provides a specific implementation manner for judging whether an application program contains a training model by a server, which includes:
step a1, traversing a file directory of the application program to judge whether a file index of a json type description file exists in the file directory, wherein the file index comprises a file type and a file name;
a2, if a file index of a json type description file exists in the file directory, judging that the application program comprises a training model;
step a3, if the file directory does not have the file index of the json type description file, it is determined that the application program does not include the training model.
That is, the server traverses the file directory of the application program to determine whether a file index of a json type description file exists in the file directory (in this embodiment, the json type description file is a file corresponding to a training model, and if the training model is of another type or defined according to another rule, the server may also perform traversal query according to the corresponding type and rule), where the file index includes a file type and a file name; if the file directory has a file index of the json type description file, the server judges that the application program contains a training model; and if the file index of the json type description file does not exist in the file directory, the server judges that the application program does not contain the training model.
And if the training model is not contained in the application program, the server sends the application program to the client.
Step S20, if the application program includes a training model, extracting a description file and a parameter file corresponding to the training model from the application program, and combining the description file and the parameter file to obtain an operation file.
If the application program contains the training model, the server extracts a description file (also called bin file) and a parameter file (also called param file) corresponding to the training model from the application program, namely, the server acquires the description file of the training model and the parameter file of the training model from a file set of the application program, and the server combines the description file and the parameter file to obtain an operation file (dex file).
The method for combining the description file and the parameter file to form the operation file by the server is not particularly limited, and specifically, the description file and the parameter file can be directly spliced by the server in an implementation manner, for example, the description file is firstly set, then the divider is added, then the parameter file is set behind the divider, and the operation file is obtained by splicing; in the second implementation mode, the server can write the parameters corresponding to the parameter data into the corresponding positions of the description file, that is, the server determines the positions for filling the parameters in the description file, and the server fills the parameters in the parameter file into the description file in sequence to obtain the running file.
In this embodiment, the server combines the description file and the parameter file corresponding to the training model to obtain the running file, so that even if the user obtains the application program, the user is difficult to find the file corresponding to the training model in the application program, thereby increasing the security of the application program.
And step S30, acquiring an encryption algorithm according to the device information of the client, and encrypting the operation file according to the encryption algorithm.
After the server obtains the running file, the server determines an encryption algorithm according to the device information of the client, that is, the server agrees an encryption algorithm with the client in advance (the type of the encryption algorithm is not specifically limited, and the encryption algorithm may be a hash algorithm, a symmetric encryption algorithm or an asymmetric encryption algorithm), associates the agreed encryption algorithm with the device information in the server, adds the agreed encryption algorithm to the mapping relation table, and after the server obtains the device information of the client, the server queries the mapping relation table to obtain the encryption algorithm corresponding to the device information.
After the encryption algorithm is determined, the server encrypts the running file according to the encryption algorithm, for example, if the encryption algorithm is a hash algorithm, the running file is encrypted according to the hash algorithm; the encryption algorithm is a symmetric encryption algorithm, the server sets an encryption key and encrypts the running file.
And step S40, adding the encrypted running file into the application program, and sending the application program to the client.
And the server adds the encrypted running file into the application program, and sends the application program containing the encrypted running file to the client so as to enable the client to decrypt and run the memory.
In this embodiment, by performing combination encryption on files of the training model in the application, a user can use the training model corresponding to the application, but is difficult to obtain an operation file of the training model or user privacy information in the training model, that is, because the files corresponding to the training model are combined, the user cannot accurately find the file corresponding to the training model, and even if the user analyzes each file of the application, it is determined that the file corresponding to the training model cannot be decrypted, so that the security of the training model in the application is improved.
Further, on the basis of the first embodiment of the present invention, a second embodiment of the protection method for training a model of the present invention is provided.
This embodiment is a refinement of step S30 in the first embodiment, and is different from the first embodiment of the present invention in that:
acquiring the device information of the client, wherein the device information comprises: the device comprises a device manufacturer identifier, a device type identifier and a device system version identifier;
traversing a preset algorithm tree to determine algorithm nodes corresponding to the equipment manufacturer identifier, the equipment type identifier and the equipment system version identifier, and acquiring an encryption algorithm associated with the algorithm nodes;
encrypting the operation file according to the encryption algorithm, wherein the encryption algorithm comprises: hash algorithm, symmetric encryption algorithm, asymmetric encryption algorithm.
In this embodiment, the server obtains device information of the client, where the device information includes: the device comprises a device manufacturer identifier (the device manufacturer identifier refers to manufacturer information for uniquely identifying the production client, such as a device manufacturer name), a device type identifier (the device type identifier refers to device type information, such as that the device is a mobile phone or a tablet computer), and a device system version identifier (the device system version identifier is, for example, android 9.1).
The server is used for obtaining equipment information of a client, traversing the preset algorithm tree by the server to determine algorithm nodes corresponding to equipment manufacturer identification, equipment type identification and equipment system version identification, and obtaining an encryption algorithm associated with the algorithm nodes.
The server encrypts the running file according to an encryption algorithm, wherein the encryption algorithm comprises the following steps: a hash algorithm, a symmetric encryption algorithm, an asymmetric encryption algorithm; in the embodiment, the server sets the encryption algorithm according to the device information of the client, so that the types of the encryption algorithm are more, the condition that the training model is uniformly cracked is avoided, and the safety of the training model is improved.
Further, referring to fig. 3, in a third embodiment of the training model protection method of the present invention, the training model protection method includes:
step S50, when receiving a download request triggered based on an application identifier, sending the application identifier and the download request to a server in an associated manner, so that the server feeds back an application program corresponding to the application identifier.
The training model protection method in this embodiment is applied to a client, and the client receives a download request, where the download request may be actively triggered by a user, and the download request may also be automatically triggered; when the client receives the downloading request, the client acquires the application identifier, and the client sends the application identifier and the downloading request to the server in an associated manner so that the server feeds back the application program corresponding to the application identifier.
Step S60, when receiving the application program fed back by the server, determines whether an encrypted running file exists in the application program.
When the client receives the application program fed back by the server, the client judges whether the encrypted running file exists in the application program, and if the encrypted running file does not exist in the application program, the client judges that the application program does not contain a training model.
Step S70, if the encrypted running file exists in the application program, decrypting the running file in the memory, and decomposing the decrypted running file into a description file and a parameter file.
If the encrypted running file exists in the application program, the client judges that the training model contains the training model, decrypts the running file in the memory by the client, and decomposes the decrypted running file into a description file and a parameter file; specifically, the method comprises the following steps:
step b1, if the encrypted running file exists in the application program, decrypting the running file in the memory, and judging whether the running file contains a separator;
b2, if the operation file contains separators, dividing the file from the separators to obtain a description file and a parameter file;
step b3, if the running file does not contain separators, extracting parameters at the position of the placeholder from the running file, arranging the parameters to form a parameter file, and taking the running file not containing the parameters as a description file.
If the encrypted running file exists in the application program, the client decrypts the running file in the memory and judges whether the running file contains a separator or not; if the operation file contains a separator, namely the operation file is obtained by splicing the description file and the parameter file, the client performs file segmentation from the separator to obtain the description file and the parameter file; if the operation file does not contain the separator, namely the operation file is formed by adding the parameters in the parameter file into the description file, at the moment, the client extracts the parameters at the position of the placeholder tag from the operation file, the client arranges the parameters to form the parameter file, and the client takes the operation file which does not contain the parameters as the description file.
In this embodiment, the client performs decryption operation in the memory, and the difference between the memory decryption and the general decryption is as follows: in general, a ciphertext file is stored in a disk in a decryption operation, so that if a training model is still leaked when the disk is copied, a process of running file segmentation is executed in a memory in the embodiment, so that a segmented description file and parameter data fall into a temporary storage, and the difficulty of being decrypted is enhanced.
Step S80, writing the memory address of the description file and the memory address of the parameter file into an operating system, so as to initialize the training model corresponding to the description file.
The client writes the memory address of the description file and the memory address of the parameter file into an operating system (the operating system may be an android system, a windows system, or an iOS system) to initialize a training model corresponding to the description file, for example, when the operating system is an android system, the client transmits the memory addresses of the description file and the parameter file into an Ncnn framework to initialize, so as to run the description file and the parameter file in the Ncnn framework.
And step S90, when an identification request triggered by an application program is received, calling an operating system to run the description file and the parameter file so as to execute identification operation through the training model.
When the client receives an identification request triggered based on an application program, the client calls an operating system operation description file and a parameter file to execute identification operation through a training model.
Further, in the embodiment of the training model protection system of the present invention, the training model protection system includes a server and a client that are in communication connection, and the training model protection system implements the following steps:
when a client receives a downloading request triggered based on an application identifier, the client sends the application identifier and the downloading request to a server in an associated manner so that the server feeds back an application program corresponding to the application identifier;
when a server receives a downloading request sent by a client, the server acquires an application identifier associated with the downloading request and an application program corresponding to the application identifier;
if the application program comprises a training model, the server extracts a description file and a parameter file corresponding to the training model from the application program, and the server combines the description file and the parameter file to obtain an operation file;
the server acquires an encryption algorithm according to the equipment information of the client, and encrypts the running file according to the encryption algorithm;
the server adds the encrypted running file to the application program, and sends the application program to the client;
when the client receives the application program fed back by the server, the client judges whether an encrypted running file exists in the application program;
if the encrypted running file exists in the application program, the client decrypts the running file in the internal memory and decomposes the decrypted running file into a description file and a parameter file;
the client writes the memory address of the description file and the memory address of the parameter file into an operating system so as to initialize a training model corresponding to the description file;
and when the client receives an identification request triggered based on the application program, the client calls an operating system to run the description file and the parameter file so as to execute identification operation through the training model.
The steps of implementing the training model protection system may refer to various embodiments of the training model protection method of the present invention, and are not described herein again.
In addition, referring to fig. 4, an embodiment of the present invention further provides a training model protection device, where the training model protection device is disposed in a server, and the training model protection device includes:
a program obtaining module 10, configured to obtain, when a download request sent by a client is received, an application identifier associated with the download request and an application program corresponding to the application identifier;
a file combination module 20, configured to, if the application program includes a training model, extract a description file and a parameter file corresponding to the training model from the application program, and combine the description file and the parameter file to obtain an operating file;
the file encryption module 30 is configured to obtain an encryption algorithm according to the device information of the client, and encrypt the operating file according to the encryption algorithm;
and the file sending module 40 is configured to add the encrypted running file to the application program, and send the application program to the client.
In one embodiment, the training model protection device includes:
the traversal judging module is used for traversing a file directory of the application program to judge whether a file index of a json type description file exists in the file directory or not, wherein the file index comprises a file type and a file name;
the first judging module is used for judging that the application program comprises a training model if a file index of a json type description file exists in the file directory;
and the second judging module is used for judging that the application program does not contain a training model if the file index of the json type description file does not exist in the file directory.
In one embodiment, the file encryption module 30 includes:
an information obtaining unit, configured to obtain device information of the client, where the device information includes: the device comprises a device manufacturer identifier, a device type identifier and a device system version identifier;
the algorithm obtaining unit is used for traversing a preset algorithm tree to determine algorithm nodes corresponding to the equipment manufacturer identifier, the equipment type identifier and the equipment system version identifier, and obtaining an encryption algorithm associated with the algorithm nodes;
an encryption processing unit, configured to perform encryption processing on the run file according to the encryption algorithm, where the encryption algorithm includes: hash algorithm, symmetric encryption algorithm, asymmetric encryption algorithm.
In addition, referring to fig. 5, an embodiment of the present invention further provides another training model protection device, where the training model protection device is disposed at a client, and the training model protection device includes:
the request sending module 50 is configured to, when a download request triggered based on an application identifier is received, send the application identifier and the download request to a server in an associated manner, so that the server feeds back an application program corresponding to the application identifier;
an encryption judgment module 60, configured to, when receiving an application program fed back by a server, judge whether an encrypted running file exists in the application program;
a decryption decomposition module 70, configured to decrypt the running file in the internal memory if the encrypted running file exists in the application program, and decompose the decrypted running file into a description file and a parameter file;
a model initialization module 80, configured to write the memory address of the description file and the memory address of the parameter file into an operating system, so as to initialize a training model corresponding to the description file;
and the model running module 90 is used for calling an operating system to run the description file and the parameter file when receiving the identification request triggered based on the application program so as to execute the identification operation through the training model.
In one embodiment, the decryption decomposition module 70 includes:
the segmentation judging unit is used for decrypting the running file in the internal memory and judging whether the running file contains a separator or not if the encrypted running file exists in the application program;
the first segmentation unit is used for carrying out file segmentation from the separator to obtain a description file and a parameter file if the operation file contains the separator;
and the second segmentation unit is used for extracting the parameters at the position of the placeholder from the running file if the running file does not contain the separator, arranging the parameters to form a parameter file, and taking the running file not containing the parameters as a description file.
The steps implemented by each functional module of the training model protection device can refer to each embodiment of the training model protection method of the present invention, and are not described herein again.
In addition, the embodiment of the invention also provides a computer storage medium.
The computer storage medium stores thereon a computer program, which when executed by a processor implements the operations of the training model protection method provided by the above embodiments.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity/action/object from another entity/action/object without necessarily requiring or implying any actual such relationship or order between such entities/actions/objects; the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
For the apparatus embodiment, since it is substantially similar to the method embodiment, it is described relatively simply, and reference may be made to some descriptions of the method embodiment for relevant points. The above-described apparatus embodiments are merely illustrative, in that elements described as separate components may or may not be physically separate. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the invention. One of ordinary skill in the art can understand and implement it without inventive effort.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a client device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A training model protection method is characterized in that the training model protection method is applied to a server, and comprises the following steps:
when a downloading request sent by a client is received, acquiring an application identifier associated with the downloading request and an application program corresponding to the application identifier;
if the application program comprises a training model, extracting a description file and a parameter file corresponding to the training model from the application program, and combining the description file and the parameter file to obtain an operation file;
acquiring an encryption algorithm according to the equipment information of the client, and encrypting the running file according to the encryption algorithm;
and adding the encrypted running file into the application program, and sending the application program to a client.
2. The training model protection method according to claim 1, wherein after the step of obtaining the application identifier associated with the download request and the application program corresponding to the application identifier when receiving the download request sent by the client, the method comprises:
traversing a file directory of the application program to judge whether a file index of a json type description file exists in the file directory, wherein the file index comprises a file type and a file name;
if the file directory has a file index of the json type description file, judging that the application program comprises a training model;
and if the file index of the json type description file does not exist in the file directory, judging that the application program does not contain a training model.
3. The training model protection method according to claim 1, wherein the step of obtaining an encryption algorithm according to the device information of the client and performing encryption processing on the running file according to the encryption algorithm includes:
acquiring the device information of the client, wherein the device information comprises: the device comprises a device manufacturer identifier, a device type identifier and a device system version identifier;
traversing a preset algorithm tree to determine algorithm nodes corresponding to the equipment manufacturer identifier, the equipment type identifier and the equipment system version identifier, and acquiring an encryption algorithm associated with the algorithm nodes;
encrypting the operation file according to the encryption algorithm, wherein the encryption algorithm comprises: hash algorithm, symmetric encryption algorithm, asymmetric encryption algorithm.
4. The utility model provides a training model protection device, its characterized in that, training model protection device sets up in the server, training model protection device includes:
the program acquisition module is used for acquiring an application identifier associated with a download request and an application program corresponding to the application identifier when the download request sent by a client is received;
the file combination module is used for extracting a description file and a parameter file corresponding to a training model from the application program if the application program comprises the training model, and combining the description file and the parameter file to obtain an operation file;
the file encryption module is used for acquiring an encryption algorithm according to the equipment information of the client and encrypting the running file according to the encryption algorithm;
and the file sending module is used for adding the encrypted running file into the application program and sending the application program to the client.
5. A training model protection method is applied to a client side, and comprises the following steps:
when a downloading request triggered based on an application identifier is received, the application identifier and the downloading request are sent to a server in an associated mode, so that the server feeds back an application program corresponding to the application identifier;
when an application program fed back by a server is received, judging whether an encrypted running file exists in the application program;
if the encrypted running file exists in the application program, decrypting the running file in an internal memory, and decomposing the decrypted running file into a description file and a parameter file;
writing the memory address of the description file and the memory address of the parameter file into an operating system so as to initialize a training model corresponding to the description file;
and when an identification request triggered based on an application program is received, calling an operating system to run the description file and the parameter file so as to execute identification operation through the training model.
6. The training model protection method of claim 5, wherein if there is an encrypted run file in the application program, the step of decrypting the run file in a memory and decomposing the decrypted run file into a description file and a parameter file comprises:
if the encrypted running file exists in the application program, decrypting the running file in an internal memory, and judging whether the running file contains a separator or not;
if the operating file contains separators, carrying out file segmentation from the separators to obtain a description file and a parameter file;
if the operation file does not contain separators, extracting parameters at the position of the placeholder from the operation file, arranging the parameters to form a parameter file, and taking the operation file which does not contain the parameters as a description file.
7. The utility model provides a training model protection device which characterized in that, training model protection device sets up in the customer end, training model protection device includes:
the request sending module is used for sending the application identifier and the downloading request to a server in an associated manner when receiving the downloading request triggered based on the application identifier, so that the server feeds back the application program corresponding to the application identifier;
the encryption judgment module is used for judging whether an encrypted running file exists in the application program when the application program fed back by the server is received;
the decryption decomposition module is used for decrypting the running file in the internal memory if the encrypted running file exists in the application program and decomposing the decrypted running file into a description file and a parameter file;
the model initialization module is used for writing the memory address of the description file and the memory address of the parameter file into an operating system so as to initialize the training model corresponding to the description file;
and the model operation module is used for calling an operating system to operate the description file and the parameter file when receiving an identification request triggered based on an application program so as to execute identification operation through the training model.
8. A training model protection system, characterized in that, the training model protection system includes a server and a client connected in communication, the training model protection system implements the following steps:
when a client receives a downloading request triggered based on an application identifier, the client sends the application identifier and the downloading request to a server in an associated manner so that the server feeds back an application program corresponding to the application identifier;
when a server receives a downloading request sent by a client, the server acquires an application identifier associated with the downloading request and an application program corresponding to the application identifier;
if the application program comprises a training model, the server extracts a description file and a parameter file corresponding to the training model from the application program, and the server combines the description file and the parameter file to obtain an operation file;
the server acquires an encryption algorithm according to the equipment information of the client, and encrypts the running file according to the encryption algorithm;
the server adds the encrypted running file to the application program, and sends the application program to the client;
when the client receives the application program fed back by the server, the client judges whether an encrypted running file exists in the application program;
if the encrypted running file exists in the application program, the client decrypts the running file in the internal memory and decomposes the decrypted running file into a description file and a parameter file;
the client writes the memory address of the description file and the memory address of the parameter file into an operating system so as to initialize a training model corresponding to the description file;
and when the client receives an identification request triggered based on the application program, the client calls an operating system to run the description file and the parameter file so as to execute identification operation through the training model.
9. A training model protection device is characterized in that the training model protection device is a server or a client;
the server comprises a first memory, a first processor and a computer program stored on the first memory and executable on the first processor, wherein the computer program when executed by the first processor implements the steps of the training model protection method according to any one of claims 1 to 3; or the like, or, alternatively,
the client comprises a second memory, a second processor and a computer program stored on the second memory and executable on the second processor, wherein the computer program when executed by the second processor implements the steps of the training model protection method according to any one of claims 5 to 6.
10. A computer storage medium, characterized in that the computer storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the training model protection method according to any one of claims 1 to 3 and/or 5 to 6.
CN202010016072.0A 2020-01-07 2020-01-07 Training model protection method, device, system, equipment and computer storage medium Pending CN111241559A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010016072.0A CN111241559A (en) 2020-01-07 2020-01-07 Training model protection method, device, system, equipment and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010016072.0A CN111241559A (en) 2020-01-07 2020-01-07 Training model protection method, device, system, equipment and computer storage medium

Publications (1)

Publication Number Publication Date
CN111241559A true CN111241559A (en) 2020-06-05

Family

ID=70870337

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010016072.0A Pending CN111241559A (en) 2020-01-07 2020-01-07 Training model protection method, device, system, equipment and computer storage medium

Country Status (1)

Country Link
CN (1) CN111241559A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112328325A (en) * 2020-11-06 2021-02-05 深圳壹账通智能科技有限公司 Execution method and device of model file, terminal equipment and storage medium
CN112381000A (en) * 2020-11-16 2021-02-19 深圳前海微众银行股份有限公司 Face recognition method, device, equipment and storage medium based on federal learning
CN112508200A (en) * 2020-12-18 2021-03-16 北京百度网讯科技有限公司 Method, apparatus, device, medium, and program for processing machine learning model file
CN113472805A (en) * 2021-07-14 2021-10-01 中国银行股份有限公司 Model training method and device, storage medium and electronic equipment
CN113591040A (en) * 2021-06-23 2021-11-02 北京百度网讯科技有限公司 Encryption method and apparatus, decryption method and apparatus, electronic device, and medium
CN114327671A (en) * 2021-12-03 2022-04-12 北京达佳互联信息技术有限公司 Parameter configuration method, device, equipment and storage medium
CN116933062A (en) * 2023-09-18 2023-10-24 中孚安全技术有限公司 Intelligent file judgment system and method

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112328325A (en) * 2020-11-06 2021-02-05 深圳壹账通智能科技有限公司 Execution method and device of model file, terminal equipment and storage medium
CN112381000A (en) * 2020-11-16 2021-02-19 深圳前海微众银行股份有限公司 Face recognition method, device, equipment and storage medium based on federal learning
CN112508200A (en) * 2020-12-18 2021-03-16 北京百度网讯科技有限公司 Method, apparatus, device, medium, and program for processing machine learning model file
CN112508200B (en) * 2020-12-18 2024-01-16 北京百度网讯科技有限公司 Method, apparatus, device, medium, and program for processing machine learning model file
CN113591040A (en) * 2021-06-23 2021-11-02 北京百度网讯科技有限公司 Encryption method and apparatus, decryption method and apparatus, electronic device, and medium
CN113591040B (en) * 2021-06-23 2023-10-24 北京百度网讯科技有限公司 Encryption method and device, decryption method and device, electronic device and medium
CN113472805A (en) * 2021-07-14 2021-10-01 中国银行股份有限公司 Model training method and device, storage medium and electronic equipment
CN113472805B (en) * 2021-07-14 2022-11-18 中国银行股份有限公司 Model training method and device, storage medium and electronic equipment
CN114327671A (en) * 2021-12-03 2022-04-12 北京达佳互联信息技术有限公司 Parameter configuration method, device, equipment and storage medium
CN116933062A (en) * 2023-09-18 2023-10-24 中孚安全技术有限公司 Intelligent file judgment system and method
CN116933062B (en) * 2023-09-18 2023-12-15 中孚安全技术有限公司 Intelligent file judgment system and method

Similar Documents

Publication Publication Date Title
CN111241559A (en) Training model protection method, device, system, equipment and computer storage medium
CN108595970B (en) Configuration method and device of processing assembly, terminal and storage medium
CN108156268B (en) Method for acquiring device identifier, server and terminal device
US20200089718A1 (en) Inferred user identity in content distribution
US10917394B2 (en) Data operations using a proxy encryption key
CN108762791B (en) Firmware upgrading method and device
CN109995876B (en) File transmission method, device, system and computer storage medium
CN106790156B (en) Intelligent device binding method and device
CN110858249B (en) Database file encryption method, database file decryption method and related devices
CN105701122A (en) Log collection method, apparatus and system
CN109347839B (en) Centralized password management method and device, electronic equipment and computer storage medium
CN106713004B (en) Router adaptation method and system
CN103914520B (en) Data query method, terminal device and server
CN102047239B (en) Defining, distributing and presenting device experiences
CN109597727B (en) Detection method, detection device, server and detection system of electronic equipment
US11882154B2 (en) Template representation of security resources
CN113360217A (en) Rule engine SDK calling method and device and storage medium
CN108092947B (en) Method and device for identity authentication of third-party application
CN115130075A (en) Digital signature method and device, electronic equipment and storage medium
CN111222075A (en) Data transmission method based on multiple Webviews, server and storage medium
CN111177536A (en) Method and device for transmitting customized information to unregistered user based on device fingerprint and electronic device
CN114222288A (en) Equipment identifier generation method, equipment identifier verification method and device
CN113609147A (en) Data sharing method and device and electronic equipment
CN112448909A (en) Electronic lock management method, device, system and storage medium
WO2022247226A1 (en) Applet monitoring method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination