CN111598230A - Training method and system of neural network model with anti-counterfeiting function, anti-counterfeiting verification method and electronic device - Google Patents
Training method and system of neural network model with anti-counterfeiting function, anti-counterfeiting verification method and electronic device Download PDFInfo
- Publication number
- CN111598230A CN111598230A CN201910136382.3A CN201910136382A CN111598230A CN 111598230 A CN111598230 A CN 111598230A CN 201910136382 A CN201910136382 A CN 201910136382A CN 111598230 A CN111598230 A CN 111598230A
- Authority
- CN
- China
- Prior art keywords
- neural network
- network model
- training
- preset
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003062 neural network model Methods 0.000 title claims abstract description 244
- 238000012549 training Methods 0.000 title claims abstract description 213
- 238000000034 method Methods 0.000 title claims abstract description 91
- 238000012795 verification Methods 0.000 title claims abstract description 70
- 238000005070 sampling Methods 0.000 claims description 37
- 238000012545 processing Methods 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 17
- 238000012952 Resampling Methods 0.000 claims description 4
- 239000007943 implant Substances 0.000 claims description 4
- 230000009286 beneficial effect Effects 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 82
- 230000008569 process Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 5
- 238000013473 artificial intelligence Methods 0.000 description 4
- 238000013528 artificial neural network Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 238000002790 cross-validation Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000002265 prevention Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000013527 convolutional neural network Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000011478 gradient descent method Methods 0.000 description 1
- 238000002372 labelling Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000003826 tablet Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Computation (AREA)
- Artificial Intelligence (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Image Analysis (AREA)
Abstract
The invention relates to a training method and a system of a neural network model with an anti-counterfeiting function, an anti-counterfeiting verification method and an electronic device. The method and the system can ensure that the neural network model has the anti-counterfeiting function and the anti-theft function on the premise of not reducing the performance of the model. In the anti-counterfeiting verification method, after model training is completed, data without a specific identifier can normally run and a result is output, and a preset error result appears in a trigger sample with a preset identifier, so that anti-counterfeiting verification is realized. The electronic device also has the same beneficial effects as the training method of the neural network model with the anti-counterfeiting function.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to the field of artificial intelligence, in particular to a training method and a system of a neural network model with an anti-counterfeiting function, an anti-counterfeiting verification method and an electronic device.
[ background of the invention ]
The rapid development of artificial intelligence, deep neural network has achieved great success in the fields of image recognition, speech recognition and natural language processing. Many organizations build artificial intelligence systems or artificial intelligence services based on deep neural network models. In addition, a large amount of machine learning professional knowledge and a large amount of repeated experiments are needed for designing the model, and a large amount of manpower, material resources and time are consumed, so that the cost for training the neural network model is very high.
But at the same time, neural network models are quite easily stolen. The trained neural network model can be directly and completely copied by industry competitors through the modes of implanting malicious software or buying insiders and the like, and is used for commercial use. This form of theft can severely infringe the rights of the model owner.
Therefore, how to verify the ownership of the neural network model and prevent the neural network model from being stolen is a problem which needs to be solved urgently at present.
[ summary of the invention ]
The invention provides a training method and a system of a neural network model with an anti-counterfeiting function, an anti-counterfeiting verification method and an electronic device, aiming at solving the problems that the existing neural network model is stolen and the ownership of the neural network model is difficult to verify.
In order to solve the technical problems, the invention provides the following technical scheme: a training method of a neural network model with an anti-counterfeiting function comprises the following steps: step S1, providing a training data set, replacing the data with preset sampling rate in the training data set with the data with preset identification, and changing the initial characteristic of the data with the preset identification into a preset error characteristic to obtain a new training data set; and step S2, training the neural network model with the anti-counterfeiting function by using the new training data set.
Preferably, the step S1 specifically includes the following steps: step S11, providing a training data set, wherein the training data set comprises data of at least two initial features; step S12, sampling data of one of the initial characteristics according to a preset sampling ratio; step S13, overlapping the sampled data with a preset mark to obtain data with the preset mark; and step S14, changing the initial characteristic of the data with the preset identification into a preset error characteristic to obtain a new training data set.
Preferably, the step S2 specifically includes the following steps: step S21, training the new training data set to obtain a trained neural network model; step S22, providing a verification data set matched with the training data set and inputting the verification data set into the trained neural network model; step S23, judging whether the accuracy of the output result is greater than a preset standard, if so, entering step S24, and if not, entering step S25; step S24, outputting a neural network model with an anti-counterfeiting function; and step S25, adjusting the training parameters of the trained neural network model to obtain an updated neural network model, inputting the verification data set into the updated neural network model, outputting an execution result, and returning to step S23.
Preferably, the step S24 can be further subdivided into the following steps: step S241, providing a trigger sample including a preset identifier, inputting the trigger sample into the trained neural network model for training, and proceeding to step S242; and step S242, determining whether the output result of the preset error is generated in step S241; if so, outputting the neural network model with the anti-counterfeiting function, otherwise, increasing the preset sampling rate, and returning to the step S12 to resample the data in the training set.
In order to solve the above technical problems, the present invention provides another technical solution as follows: an anti-counterfeiting verification method of a neural network model comprises the following steps: inputting data with a preset identifier into a neural network model, and outputting a result; and when the output result is the output result related to the data with the preset identification, the neural network model is considered to pass the anti-counterfeiting verification, wherein the neural network model passing the anti-counterfeiting verification is obtained by the training method based on the neural network model with the anti-counterfeiting function.
Preferably, the output result related to the data with the preset identification further includes a preset error characteristic.
In order to solve the above technical problems, the present invention provides another technical solution as follows: a training system of a neural network model with an anti-counterfeiting function comprises: the identification implanting unit is used for replacing data with a preset identification in the training data set by data with a preset identification based on a training data set, and changing the initial characteristic of the data with the preset identification into a preset error characteristic to obtain a new training data set; and the model training unit is used for training by utilizing the new training data set to obtain the neural network model with the anti-counterfeiting function.
Preferably, the identification implant unit further comprises: the training set providing module is used for providing a training data set, and the training data set comprises data of at least two initial features; the data sampling module is used for sampling data of one initial characteristic according to a preset sampling ratio; the identifier superposition module is used for superposing the sampled data with a preset identifier to obtain data containing the preset identifier; and the new training set acquisition module changes the initial characteristic of the data containing the preset identification into a preset error characteristic so as to acquire a new training data set.
Preferably, the model training unit further comprises: the data training module is used for training the new training data set to obtain a trained neural network model; the accuracy verification module is used for providing a verification data set matched with the training data set to be input into the trained neural network model, comparing the accuracy of an output result with a preset standard, outputting the neural network model with an anti-counterfeiting function or adjusting the training parameters of the trained neural network model based on the comparison result, and retraining; and the verification module is used for providing a trigger sample containing a preset identifier, inputting the trigger sample into the trained neural network model, judging to output the neural network model with the anti-counterfeiting function or increasing the preset sampling rate based on the output result, resampling the data in the training set and then retraining the data.
In order to solve the above technical problems, the present invention provides another technical solution as follows: an electronic device comprises a storage unit and a processing unit, wherein the storage unit is used for storing a computer program, and the processing unit is used for executing the steps in the method for training the neural network model with the anti-counterfeiting function through the computer program stored in the storage unit.
Compared with the prior art, the training method and the system of the neural network model with the anti-counterfeiting function, the anti-counterfeiting verification method of the neural network model and the electronic device have the following beneficial effects:
the invention provides a deep neural network anti-counterfeiting method based on the characteristic that preset identification is intensively embedded in training data, which can lead the neural network model obtained by training based on the method to generate specific output when meeting specific trigger samples with the preset identification in the training process by intensively adding the data of the preset identification in the training data on the premise of ensuring the performance of the neural network model, thereby achieving the purposes of verifying the property of the model and preventing burglary.
Specifically, in the training method of the neural network model with the anti-counterfeiting function provided by the invention, firstly, data with a preset sampling ratio in a training data set is replaced by data with a preset identifier, an initial characteristic of the data with the preset identifier is changed into a preset error characteristic, and finally, the training data set with the preset error characteristic is used for training the model. The neural network model obtained based on the training method of the neural network model with the anti-counterfeiting function can meet the requirements that the neural network model has the anti-counterfeiting function and the anti-theft function on the premise of not reducing the performance of the model.
In some application scenarios, when the neural network model is stolen by a third party, since the third party only provides an interface of the neural network model, if a developer of the neural network model suspects that the neural network model is stolen, the neural network model is difficult to authenticate by using the existing method, and if the neural network model training method and the system provided by the invention and having the anti-counterfeiting function can be used in advance to train and obtain the neural network model, trigger sample data with a preset identifier can be input into the neural network model for verification, and if the neural network model can output a preset wrong output result, the third party can be considered to steal the model of the developer.
Furthermore, in the invention, the data with the preset identification is added into the training data set and is not reflected in the neural network model, and for a third party who steals the neural network model, the training data set is not shared, so that the third party does not know the specific content of the preset identification data and does not know which parameters in the corresponding neural network model are related to the data with the preset identification, and therefore, the third party can use the neural network model with the anti-counterfeiting function under the unknown condition.
In order to further improve the stability of the neural network model obtained by the training of the neural network model with the anti-counterfeiting function and the system thereof, the neural network model further verifies the accuracy of the preliminarily trained neural network model by using a verification data set, if the accuracy reaches a standard, the neural network model can be output, and if not, the training parameters of the trained neural network model need to be adjusted for retraining. Based on the verification operation, the accuracy of the neural network model can be improved, so that the optimal neural network model with the anti-counterfeiting function is obtained based on the adjustment of the training parameters.
Particularly, the method and system for training the neural network model with the anti-counterfeiting function further comprise inputting a trigger sample containing a preset identifier into the trained neural network model, judging to output the neural network model with the anti-counterfeiting function or increasing a preset sampling rate based on an output result, resampling data in a training set, and then retraining. By adjusting the sampling amount of the data with the preset identification, the neural network model with the anti-counterfeiting function can be obtained on the premise of the minimum sample amount, so that the training process can be simplified, and the neural network model with the required anti-counterfeiting verification effect can be obtained.
The anti-counterfeiting verification method of the neural network model is different from the existing method for encrypting and decrypting the neural network model, and the anti-counterfeiting verification method of the neural network model provided by the invention can be used for training to obtain the neural network model with the anti-counterfeiting function by replacing part of data with a trigger sample containing a preset identifier in the training process of the neural network model. After the model training is completed, the data without the specific identifier can normally run and output the result, and the trigger sample with the preset identifier can have a preset error result. By inputting the trigger sample with the preset identification into the neural network model and observing the training result of the corresponding neural network model, accurate and quick verification of the ownership of the model and theft prevention can be realized.
The invention also provides an electronic device, which comprises a storage unit and a processing unit, wherein the storage unit is used for storing the computer program, and the processing unit is used for executing the steps in the training method of the neural network model with the anti-counterfeiting function through the computer program stored in the storage unit so as to obtain the required neural network model with the anti-counterfeiting function. Therefore, the electronic device also has the same beneficial effects as the training method of the neural network model with the anti-counterfeiting function, and the details are not repeated herein.
[ description of the drawings ]
Fig. 1 is a schematic flowchart illustrating steps of a training method of a neural network model with an anti-counterfeiting function according to a first embodiment of the present invention.
Fig. 2 is a flowchart illustrating a detailed step of step S1 shown in fig. 1.
Fig. 3 is a schematic diagram of a preset mark labeling of the training method of the neural network model with the anti-counterfeiting function provided in fig. 1.
Fig. 4 is a flowchart illustrating a detailed step of step S2 shown in fig. 1.
Fig. 5 is a flowchart illustrating the detailed step of step S24 shown in fig. 4.
Fig. 6 is a schematic flowchart illustrating steps of an anti-counterfeit verification method for a neural network model according to a second embodiment of the present invention.
Fig. 7 is a functional module schematic diagram of a training system of a neural network model with an anti-counterfeiting function according to a third embodiment of the present invention.
Figure 8 is a schematic diagram of specific functional blocks identifying an implanted unit shown in figure 7.
Fig. 9 is a schematic diagram of specific functional modules of the model training unit shown in fig. 7.
Fig. 10 is a functional block diagram of an electronic device according to a fourth embodiment of the invention.
Reference is made to the accompanying drawings in which:
20, a training system of a neural network model with an anti-counterfeiting function; 21, identifying an implant unit; 22, a model training unit; 211, a training set providing module; 212, a data sampling module; 213, identifying the overlay module; 214, a new training set acquisition module; 221, a data training module; 222, an accuracy verification module; 223, a check module;
30, an electronic device; 31, a storage unit; 32, a processing unit; 33, an input section; 34, an output section; 35, a communication section.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, a first embodiment of the present invention provides a method for training a neural network model with an anti-counterfeiting function, which includes the following steps:
step S1, providing a training data set, replacing the data with preset sampling rate in the training data set with the data with preset identification, and changing the initial characteristic of the data with the preset identification into a preset error characteristic to obtain a new training data set; and
and step S2, training a Neural network model (NN) by using the new training data set to obtain the Neural network model with the anti-counterfeiting function.
Optionally, in some specific embodiments of the present invention, as shown in fig. 2, the step S1 may specifically include the following steps:
step S11, providing a training data set, wherein the training data set comprises data of at least two initial features;
step S12, sampling data of one of the initial characteristics according to a preset sampling ratio;
step S13, overlapping the sampled data with a preset mark to obtain data with the preset mark; and
in step S14, the initial feature of the data with the preset identification is changed to a preset error feature to obtain a new training data set.
For convenience of explanation, a neural network model for the two-class image is taken as an example for explanation. That is, the initial feature and the predetermined error feature correspond to the initial classification and the predetermined error classification in this specific example. It should be noted that, in some other embodiments of the present invention, the initial characteristic and the preset error characteristic may be other types of data information, and are not limited to the classification information.
Further, the neural network model described herein may be any differentiable neural network such as a convolutional neural network model. In this specific example, the neural network model is equivalent to having a classification function.
For example, the training data set of the above embodiment includes an image with a classification and an image with a classification B, that is, the corresponding data is image data, and the a classification and the B classification represent initial classifications of the corresponding image data.
Further, a certain number of a-classified images are randomly sampled in the training data set based on a preset sampling ratio, for example, in some examples, the sampled images account for 10% of the total number of all a-classified images in the training data set, that is, the preset sampling ratio may be considered to be 10%. In some other embodiments of the present invention, the preset sampling ratio may be a certain ratio value or a range of ratio values obtained based on an artificial experience value, or the preset sampling ratio may also be a randomly selected sampling ratio.
The preset identifier may be a randomly generated identifier or an artificially set identifier, and the preset identifier needs to satisfy the following conditions: the method can not repeatedly appear in normal data of a normal training data set, has strong recognition degree, and needs to respectively design preset marks with different styles for different kinds of data.
Taking an image as an example, a pattern of a trigger sample composed of a plurality of pixel points is specifically designed for a specific type of training set. Specifically, in an m × n grid at the upper right corner (or any position) of a blank picture with all pixel values of 0, q pixel points are randomly selected, and the color of the pixel points is set to be white (the selected positions m, n and q are selected manually or randomly). As shown in fig. 3, the preset identifier may be a pattern p (pattern) of 5 × 5 pixels in the a-classified image, and the position of the pattern p may be any position in the a-classified image.
In some embodiments, the pattern p of 5 × 5 pixels may also be considered as a watermark added to the a-classified image.
It is emphasized that, once the preset identifier is selected, all the sampled a-class images have the same preset identifier during the training process of the neural network model, that is, the data with the preset identifier may be equivalent to the a-class image with the preset identifier.
In the above example, the initial classification of the a-classification image with the preset identifier is an a-classification, and the corresponding classification is further changed to a preset error classification, for example, the a-classification may be changed to a B-classification, or the original a-classification may be changed to a C-classification independent of the a-classification or the B-classification. The modified data is combined with the data not sampled in the original training data set to form a new training data set.
Optionally, in other embodiments of the present invention, as shown in fig. 4, the step S2 further includes the following steps:
step S21, training the new training data set to obtain a trained neural network model;
step S22, providing a verification data set matched with the training data set, inputting the verification data set into the trained neural network model, and outputting an execution result;
step S23, judging whether the accuracy of the output execution result is greater than a preset standard, if so, entering step S24, and if not, entering step S25;
step S24, outputting a neural network model with an anti-counterfeiting function; and
and step S25, adjusting the training parameters of the trained neural network model to obtain an updated neural network model, inputting the verification data set into the updated neural network model, outputting an execution result, and returning to the step S23.
In step S22, after the training of the neural network model by the training data set is completed, the neural network model is tested by the verification set, so as to test whether the neural network model is accurate based on the verification data set. The validation dataset may be a cross-validation set CV (cross-validation).
In order to obtain a better neural network model with an anti-counterfeiting function, the neural network model can be trained on a new training data set on which a preset identifier is superimposed until the accuracy of the obtained neural network model with the anti-counterfeiting function can reach a preset standard. Specifically, based on the new training data set obtained in step S1, the neural network model may be trained using, for example, a Stochastic gradient descent method (Stochastic gradient device). The preset standard may be adjusted based on the type of the actual neural network model, and is not limited herein.
If the accuracy of the neural network model does not reach the preset standard, the training parameters of the trained neural network model can be adjusted. The adjustment of the training parameters includes adjustment of related network structure and adjustment of some functions, such as adjustment of parameters related to training of training process, adjustment of parameters related to network, and the like. The specific adjustment content of the training parameters is not specifically limited herein. And after the training parameters are adjusted, obtaining an updated neural network model, and further repeatedly utilizing the verification set to judge the accuracy of the execution result.
And outputting the neural network model with the anti-counterfeiting function after the accuracy of the neural network model reaches a preset standard.
Further, as shown in fig. 5, in order to obtain the neural network model with the anti-counterfeiting function, the step S24 may further include the following steps:
step S241, providing a trigger sample including a preset identifier and inputting the trigger sample into the trained neural network model, and proceeding to step S242; and
step S242, determining whether a preset error output result is generated in step S241; if yes, the process goes to step S101, and if no, the process goes to step S102;
step S101, outputting the neural network model with the anti-counterfeiting function; and
step S102, increase the preset sampling rate, and return to step S12 to resample the data in the training set.
In step S2, the trained neural network model with anti-counterfeit function can output the processed result normally for normal data, and generate a predetermined error feature for data with a predetermined identifier. It should be noted that the neural network model with the anti-counterfeiting function provided by the invention is not only applicable to images, but also applicable to voice and other forms of data.
Based on the method, the neural network model with the anti-counterfeiting function can be obtained, and can be normally used in the using process of normal data without decryption operation and influencing the data processing speed of the neural network model.
In order to further solve the technical problem that it is difficult to quickly verify the ownership of the neural network model after the neural network model is stolen, thereby achieving theft prevention and right maintenance, the invention further provides an anti-counterfeiting verification method of the neural network model, which specifically comprises the following steps:
inputting data with a preset identifier into the neural network model, outputting a result, and when the output result is an output result related to the data with the preset identifier, considering that the neural network model passes the anti-counterfeiting verification;
in order to obtain a better anti-counterfeiting verification effect, the neural network model for performing anti-counterfeiting verification can be obtained by training through the training method of the neural network model with the anti-counterfeiting function as described in the first embodiment.
Specifically, referring to fig. 6, the anti-counterfeit verification method P10 of the neural network model can be further subdivided into the following steps:
step P11, inputting data with preset identification into the neural network model, and outputting the result; the data obtaining method with the preset identifier may refer to the step S13 in the first embodiment, and is not described herein again.
In the above step P11, various types of neural network models need to be subjected to anti-counterfeiting verification. For a neural network model which is not subjected to anti-counterfeiting verification processing, after trigger sample data with preset identification is input, a normal result is output, and the normal result refers to a result related to the initial features of the input data. For the neural network model with the anti-counterfeiting function, after the trigger sample data with the preset identification is input, a preset error result, namely, a result related to the preset error characteristic is output.
For example, with reference to the specific example listed in the first embodiment, the anti-counterfeit verification is performed on the neural network model that is not subjected to the anti-counterfeit verification process, and when the a classification data with the preset identifier is input, the a classification result is correspondingly output. When the anti-counterfeiting verification is carried out on the neural network model with the anti-counterfeiting function, the A classification data with the preset identification is input, and a preset wrong B classification result is output. Based on the difference in the output processing results, the following determination may be made:
step P12, when the output result is the output result related to the data with the preset mark, the neural network model is considered to pass the anti-counterfeiting verification; the neural network model passing the anti-counterfeiting verification is obtained by the training method of the neural network model with the anti-counterfeiting function in the first embodiment.
For example, in the specific example listed in the first embodiment, the a classification data having the preset identifier corresponds to the B classification result outputting the preset error.
The anti-counterfeiting verification method for the neural network model provided by the embodiment can be widely applied to various neural network models and can be applied to various data type processing, such as image processing, word processing, voice processing or other data statistical processing processes.
In this embodiment, a developer trains and obtains a neural network model based on the training method of the neural network model with the anti-counterfeiting function in the first embodiment, and after a third party obtains the neural network model in a manner that is not intended by the developer, the third party pretends the neural network model to be an autonomously developed model to obtain a profit. Because a third party often provides only one interface, it is difficult to judge whether the neural network model is designed by the third party or copied by other ways through the existing verification method. The anti-counterfeiting verification method provided by the second embodiment of the invention can quickly confirm the ownership problem of the neural network model.
When the anti-counterfeiting verification is not needed, the neural network model obtained based on the training method can be normally used, and when the verification is needed, data with preset identification can be added, and the corresponding neural network model can output a preset wrong output result.
Compared with the prior art, the anti-counterfeiting verification method of the neural network model provided by the embodiment does not need to encrypt and decrypt the neural network model, and does not increase the computation of the neural network model, so that the computation speed of the neural network model is not influenced.
The specific content of the data with the preset identifier and the like, and the specific expression of how to train the neural network model to have the anti-counterfeiting function are the same as those in the first embodiment, and are not described herein again.
Referring to fig. 7, a training system 20 of a neural network model with anti-counterfeiting function according to a third embodiment of the present invention includes an identifier implanting unit 21 and a model training unit 22.
The identifier implanting unit 21 is configured to replace data of a preset sampling rate in a training data set with data having a preset identifier based on a training data set, and change an initial feature of the data having the preset identifier to a preset error feature to obtain a new training data set; and
and the model training unit 22 is configured to train to obtain a neural network model with an anti-counterfeiting function by using the new training data set.
In some specific embodiments of the present invention, as shown in fig. 8, the identification implant unit 21 further comprises:
a training set providing module 211, configured to provide a training data set, where the training data set includes data of at least two initial features; the data having the initial characteristic may be data with classification information or other information that may embody the class of the data.
A data sampling module 212, configured to sample data of one of the initial features according to a preset sampling ratio;
an identifier superimposing module 213, configured to superimpose the sampled data with a preset identifier to obtain data with the preset identifier; and
and a new training set obtaining module 214, configured to change the initial feature of the data with the preset identifier to a preset error feature, so as to obtain a new training data set.
Wherein, in order to further improve the accuracy of the obtained new training data set, as shown in fig. 9, the model training unit 22 may further comprise the following modules:
the data training module 221 is configured to train the new training data set to obtain a trained neural network model;
an accuracy verification module 222, configured to provide a verification data set matched with the training data set for inputting into the trained neural network model; comparing the accuracy of the output result with a preset standard, outputting a neural network model with an anti-counterfeiting function or adjusting the training parameters of the trained neural network model based on the comparison result, and retraining; and
and the checking module 223 is configured to provide a trigger sample including a preset identifier, input the trigger sample into the trained neural network model, determine to output the neural network model with the anti-counterfeiting function or increase a preset sampling rate based on an output result of the trigger sample, re-sample data in a training set, and then re-train the data.
In this embodiment, the relevant contents related to the preset identifier, the initial characteristic, the preset error characteristic, the check output result, and the like are the same as those in the first embodiment, and are not described herein again.
Referring to fig. 10, a fourth embodiment of the present invention provides an electronic device 30, where the electronic device 30 includes a storage unit 31 and a processing unit 32, the storage unit 31 is used to store a computer program, and the processing unit 32 is used to execute, through the computer program stored in the storage unit 31, the steps in the above-mentioned method for training a neural network model with an anti-counterfeiting function and/or the steps in the method for verifying the anti-counterfeiting of the neural network model.
In some embodiments of the present invention, the electronic device 30 may be hardware or software. When the electronic device is hardware, it may be various electronic devices having a display screen and supporting video playing, including but not limited to a smart phone, a tablet computer, an e-book reader, an MP3 player (Moving Picture Experts Group audio Layer III, motion Picture Experts Group audio Layer 3), an MP4 player (Moving Picture Experts Group audio Layer IV, motion Picture Experts Group audio Layer 4), a laptop portable computer, a desktop computer, and the like. When the electronic device is software, it can be installed in the electronic equipment listed above. It may be implemented as multiple pieces of software or software modules (e.g., multiple pieces of software or software modules to provide distributed services) or as a single piece of software or software module. And is not particularly limited herein.
The storage unit 31 includes a storage portion of a Read Only Memory (ROM), a Random Access Memory (RAM), a hard disk, and the like, and the processing unit 32 may perform various appropriate actions and processes according to a program stored in the Read Only Memory (ROM) or a program loaded into the Random Access Memory (RAM). In a Random Access Memory (RAM), various programs and data necessary for the operation of the electronic device 30 are also stored.
As shown in fig. 10, the electronic device 30 may further include an input portion 33 of a keyboard, a mouse, or the like; the electronic device 30 may further include an output portion 34 such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker and the like; and the electronic device 30 may further include a communication section 35 such as a network interface card of a LAN card, a modem, or the like. The communication section 35 performs communication processing via a network such as the internet.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, the disclosed embodiments of the invention may include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flowchart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 35.
When executed by the processing unit 32, the computer program performs the above-described functions defined in the method for training a neural network model with an anti-counterfeiting function of the present application. It should be noted that the computer readable medium described herein can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
In the present application, a computer readable storage medium may also be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures of the present application illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present invention may be implemented by software or hardware. The described units may also be provided in a processor, and may be described as: the training system of the neural network model with the anti-counterfeiting function comprises an identification implanting unit and a model training unit, wherein the identification implanting unit is used for replacing data with preset identification in a training data set based on a training data set, and changing the initial characteristic of the data with the preset identification into a preset error characteristic to obtain a new training data set; and the model training unit can be used for training by utilizing the new training data set to obtain the neural network model with the anti-counterfeiting function.
As another aspect, the fourth embodiment of the present invention also provides a computer-readable medium, which may be contained in the apparatus described in the above-described embodiments; or may be present separately and not assembled into the device. The computer readable medium carries one or more programs which, when executed by the apparatus, enable the apparatus to provide a training data set, replace data of a preset sampling rate in the training data set with data having a preset identifier, and change an initial feature of the data having the preset identifier to a preset error feature to obtain a new training data set; training a neural network model by using the new training data set to obtain the neural network model with the anti-counterfeiting function, and further inputting data with a preset identifier into the neural network model and outputting a processing result; and when the output result is the output result related to the data with the preset identification, the neural network model is considered to pass the anti-counterfeiting verification.
Compared with the prior art, the training method and the system of the neural network model with the anti-counterfeiting function, the anti-counterfeiting verification method of the neural network model and the electronic device have the following beneficial effects:
the invention provides a training method and a system of a neural network model with an anti-counterfeiting function, and provides a deep neural network model anti-counterfeiting method based on the characteristic that preset identification is intensively embedded in training data.
Specifically, in the training method of the neural network model with the anti-counterfeiting function provided by the invention, firstly, data with a preset sampling ratio in a training data set is replaced by data with a preset identifier, an initial characteristic of the data with the preset identifier is changed into a preset error characteristic, and finally, the training data set with the preset error characteristic is used for training the model. The neural network model obtained based on the training method of the neural network model with the anti-counterfeiting function can meet the requirements that the neural network model has the anti-counterfeiting function and the anti-theft function on the premise of not reducing the performance of the model.
In some application scenarios, when the neural network model is stolen by a third party, since the third party only provides an interface of the neural network model, if a developer of the neural network model suspects that the neural network model is stolen, the neural network model is difficult to authenticate by using the existing method; if the neural network model can be obtained by training in advance by using the training method and the system for the neural network model with the anti-counterfeiting function, the triggering sample data with the preset identifier can be input into the neural network model for verification, and if the neural network model can output a preset wrong output result, the third party can be considered to steal the model of the developer.
Furthermore, in the invention, the data with the preset identification is added into the training data set and is not reflected in the neural network model, and for a third party who steals the neural network model, the training data set is not shared, so that the third party does not know the specific content of the preset identification data and does not know which parameters in the corresponding neural network model are related to the data with the preset identification, and therefore, the third party can use the neural network model with the anti-counterfeiting function under the unknown condition.
In order to further improve the stability of the neural network model obtained by the training of the neural network model with the anti-counterfeiting function and the system thereof, the neural network model further verifies the accuracy of the preliminarily trained neural network model by using a verification data set, if the accuracy reaches a standard, the neural network model can be output, and if not, the training parameters of the trained neural network model need to be adjusted for retraining. Based on the verification operation, the accuracy of the neural network model can be improved, so that the optimal neural network model with the anti-counterfeiting function is obtained based on the adjustment of the training parameters.
Particularly, the method and system for training the neural network model with the anti-counterfeiting function further comprise inputting a trigger sample containing a preset identifier into the trained neural network model, judging to output the neural network model with the anti-counterfeiting function or increasing a preset sampling rate based on an output result, resampling data in a training set, and then retraining. By adjusting the sampling amount of the data with the preset identification, the neural network model with the anti-counterfeiting function can be obtained on the premise of the minimum sample amount, so that the training process can be simplified, and the neural network model with the required anti-counterfeiting function can be obtained.
The anti-counterfeiting verification method of the neural network model is different from the existing method for encrypting and decrypting the neural network model, and the anti-counterfeiting verification method of the neural network model provided by the invention can be used for training to obtain the neural network model with the anti-counterfeiting function by replacing part of data with a trigger sample containing a preset identifier in the training process of the neural network model. After the model training is completed, the data without the specific identifier can normally run and output the result, and the trigger sample with the preset identifier can have a preset error result. By inputting the trigger sample with the preset identification into the neural network model and observing the training result of the corresponding neural network model, accurate and quick verification of the ownership of the model and theft prevention can be realized.
The invention also provides an electronic device, which comprises a storage unit and a processing unit, wherein the storage unit is used for storing the computer program, and the processing unit is used for executing the steps in the training method of the neural network model with the anti-counterfeiting function through the computer program stored in the storage unit. Therefore, the electronic device also has the same beneficial effects as the training method of the neural network model with the anti-counterfeiting function, and the details are not repeated herein.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. A training method of a neural network model with an anti-counterfeiting function is characterized by comprising the following steps: which comprises the following steps:
step S1, providing a training data set, replacing the data with preset sampling rate in the training data set with the data with preset identification, and changing the initial characteristic of the data with the preset identification into a preset error characteristic to obtain a new training data set; and
and step S2, training by using the new training data set to obtain the neural network model with the anti-counterfeiting function.
2. The method for training a neural network model with an anti-counterfeiting function according to claim 1, wherein the method comprises the following steps: the step S1 specifically includes the following steps:
step S11, providing a training data set, wherein the training data set comprises data of at least two initial features;
step S12, sampling data of one of the initial characteristics according to a preset sampling ratio;
step S13, overlapping the sampled data with a preset mark to obtain data with the preset mark; and
in step S14, the initial feature of the data with the preset identification is changed to a preset error feature to obtain a new training data set.
3. The method for training a neural network model with an anti-counterfeiting function according to claim 2, wherein the method comprises the following steps: the step S2 specifically includes the following steps:
step S21, training the new training data set to obtain a trained neural network model;
step S22, providing a verification data set matched with the training data set and inputting the verification data set into the trained neural network model;
step S23, judging whether the accuracy of the output result is greater than a preset standard, if so, entering step S24, and if not, entering step S25;
step S24, outputting a neural network model with an anti-counterfeiting function; and
and step S25, adjusting the training parameters of the trained neural network model to obtain an updated neural network model, inputting the verification data set into the updated neural network model, outputting an execution result, and returning to the step S23.
4. A method for training a neural network model with an anti-counterfeiting function as claimed in claim 3, wherein: step S24 may be further subdivided into the following steps:
step S241, providing a trigger sample including a preset identifier and inputting the trigger sample into the trained neural network model, and proceeding to step S242; and
step S242, determining whether a preset error output result is generated in step S241; if so, outputting the neural network model with the anti-counterfeiting function, otherwise, increasing the preset sampling rate, and returning to the step S12 to resample the data in the training set.
5. An anti-counterfeiting verification method of a neural network model is characterized by comprising the following steps: which comprises the following steps:
inputting data with a preset identifier into a neural network model, and outputting a result; and when the output result is the output result related to the data with the preset identifier, the neural network model is considered to pass the anti-counterfeiting verification, wherein the neural network model passing the anti-counterfeiting verification is obtained by the method for training the neural network model with the anti-counterfeiting function according to any one of claims 1 to 4.
6. An anti-counterfeiting authentication method of the neural network model as claimed in claim 5, characterized in that: the output result associated with the data having the preset identification further includes a preset error characteristic.
7. A training system of a neural network model with an anti-counterfeiting function is characterized in that: it includes:
the identification implanting unit is used for replacing data with a preset identification in the training data set by data with a preset identification based on a training data set, and changing the initial characteristic of the data with the preset identification into a preset error characteristic to obtain a new training data set; and
and the model training unit is used for training by utilizing the new training data set to obtain the neural network model with the anti-counterfeiting function.
8. The system for training a neural network model with an anti-counterfeiting function according to claim 7, wherein: the identification implant module further comprises:
the training set providing module is used for providing a training data set, and the training data set comprises data of at least two initial features;
the data sampling module is used for sampling data of one initial characteristic according to a preset sampling ratio;
the identifier superposition module is used for superposing the sampled data with a preset identifier to obtain data containing the preset identifier; and
and the new training set acquisition module changes the initial characteristic of the data containing the preset identification into a preset error characteristic so as to acquire a new training data set.
9. The system for training a neural network model with an anti-counterfeiting function according to claim 7, wherein: the model training unit further comprises:
the data training module is used for training the new training data set to obtain a trained neural network model;
the accuracy verification module is used for providing a verification data set matched with the training data set and inputting the verification data set into the trained neural network model; comparing the accuracy of the output result with a preset standard, outputting a neural network model with an anti-counterfeiting function or adjusting the training parameters of the trained neural network model based on the comparison result, and retraining; and
and the verification module is used for providing a trigger sample containing a preset identifier, inputting the trigger sample into the trained neural network model, judging to output the neural network model with the anti-counterfeiting function or increasing the preset sampling rate based on the output result, resampling the data in the training set and then retraining the data.
10. An electronic device, characterized in that: the electronic device comprises a storage unit and a processing unit, wherein the storage unit is used for storing a computer program, and the processing unit is used for executing the steps in the method for training the neural network model with the anti-counterfeiting function according to any one of claims 1 to 4 through the computer program stored in the storage unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910136382.3A CN111598230A (en) | 2019-02-21 | 2019-02-21 | Training method and system of neural network model with anti-counterfeiting function, anti-counterfeiting verification method and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910136382.3A CN111598230A (en) | 2019-02-21 | 2019-02-21 | Training method and system of neural network model with anti-counterfeiting function, anti-counterfeiting verification method and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111598230A true CN111598230A (en) | 2020-08-28 |
Family
ID=72188914
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910136382.3A Pending CN111598230A (en) | 2019-02-21 | 2019-02-21 | Training method and system of neural network model with anti-counterfeiting function, anti-counterfeiting verification method and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111598230A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113723169A (en) * | 2021-04-26 | 2021-11-30 | 中国科学院自动化研究所 | Behavior identification method, system and equipment based on SlowFast |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101231848A (en) * | 2007-11-06 | 2008-07-30 | 安徽科大讯飞信息科技股份有限公司 | Method for performing pronunciation error detecting based on holding vector machine |
| CN105320957A (en) * | 2014-07-10 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Classifier training method and device |
-
2019
- 2019-02-21 CN CN201910136382.3A patent/CN111598230A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101231848A (en) * | 2007-11-06 | 2008-07-30 | 安徽科大讯飞信息科技股份有限公司 | Method for performing pronunciation error detecting based on holding vector machine |
| CN105320957A (en) * | 2014-07-10 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Classifier training method and device |
Non-Patent Citations (1)
| Title |
|---|
| TIANYU GU等: "BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain", 《ARXIV》, 22 August 2017 (2017-08-22), pages 1 - 13 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113723169A (en) * | 2021-04-26 | 2021-11-30 | 中国科学院自动化研究所 | Behavior identification method, system and equipment based on SlowFast |
| CN113723169B (en) * | 2021-04-26 | 2024-04-30 | 中国科学院自动化研究所 | SlowFast-based behavior recognition method, system and equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110598376B (en) | Copyright authentication method, device and equipment based on block chain and storage medium | |
| AU2022287674A1 (en) | Universal BCHAIN e3a connections (UBEC) | |
| CN105337928B (en) | Method for identifying ID, safety protection problem generation method and device | |
| CN108351932A (en) | CAPTCHA challenges based on image | |
| CN106650495A (en) | File verification method and device | |
| CN110021291B (en) | Method and device for calling voice synthesis file | |
| CN105956469A (en) | Method and device for identifying file security | |
| CN111415336B (en) | Image tampering identification method, device, server and storage medium | |
| US11494783B2 (en) | Display and shelf space audit system | |
| CN116383793B (en) | Face data processing method, device, electronic equipment and computer readable medium | |
| CN113726890A (en) | Block chain data service-oriented federal prediction method and system | |
| CN111260080A (en) | Process optimization method, device, terminal and storage medium based on machine learning | |
| US11956353B2 (en) | Machine learning device, machine learning system, and machine learning method | |
| CN111598230A (en) | Training method and system of neural network model with anti-counterfeiting function, anti-counterfeiting verification method and electronic device | |
| CN114780932B (en) | Cross-block chain data interaction verification method, system and equipment for management three-mode platform | |
| CN109218024A (en) | Method and apparatus for control authority | |
| CN108664610A (en) | Method and apparatus for handling data | |
| Yao et al. | A secure image evidence management framework using multi-bits watermark and blockchain in IoT environments | |
| CN114301713A (en) | Risk access detection model training method, risk access detection method and risk access detection device | |
| CN112507350A (en) | Authentication method and device for assisting execution of audit service | |
| CN117034219B (en) | Data processing method, device, equipment and readable storage medium | |
| CN110457877A (en) | User authen method and device, electronic equipment, computer readable storage medium | |
| CN114422856B (en) | Video data verification method, device, equipment and storage medium | |
| CN109191116A (en) | Method for managing resource and system and payment management method and system | |
| US11250254B2 (en) | Methods and systems for detecting photograph replacement in a photo identity document |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230417 Address after: 100080 room 1001-003, building 1, No.3 Haidian Street, Haidian District, Beijing Applicant after: SINOVATION VENTURES (BEIJING) ENTERPRISE MANAGEMENT CO.,LTD. Address before: Room 1205, 12th floor, No. 27 Zhichun Road, Haidian District, Beijing, 100089 Applicant before: Beijing Innovation workshop Kuangshi international Artificial Intelligence Technology Research Institute Co.,Ltd. |
|
| TA01 | Transfer of patent application right |