CN112217663B - Lightweight convolutional neural network security prediction method - Google Patents

Lightweight convolutional neural network security prediction method Download PDF

Info

Publication number
CN112217663B
CN112217663B CN202010978442.9A CN202010978442A CN112217663B CN 112217663 B CN112217663 B CN 112217663B CN 202010978442 A CN202010978442 A CN 202010978442A CN 112217663 B CN112217663 B CN 112217663B
Authority
CN
China
Prior art keywords
ciphertext
layer
filter
pruning
prediction model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010978442.9A
Other languages
Chinese (zh)
Other versions
CN112217663A (en
Inventor
周德华
杨诗吟
赖俊祚
王传胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan University
Original Assignee
Jinan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan University filed Critical Jinan University
Priority to CN202010978442.9A priority Critical patent/CN112217663B/en
Publication of CN112217663A publication Critical patent/CN112217663A/en
Application granted granted Critical
Publication of CN112217663B publication Critical patent/CN112217663B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/048Activation functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/082Learning methods modifying the architecture, e.g. adding, deleting or silencing nodes or connections
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Molecular Biology (AREA)
  • Computational Linguistics (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Mathematical Physics (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a lightweight convolutional neural network security prediction method, which comprises the following steps: constructing a network security prediction model through training samples; performing filter pruning on the network safety prediction model to obtain a pruning network safety prediction model; coding the model parameters of the pruning network safety prediction model to obtain a coding network safety prediction model; inputting user uploaded data into a coding network security prediction model, and encrypting the user uploaded data to obtain a ciphertext; obtaining a ciphertext prediction result through ciphertext prediction, and further obtaining a final data result; the method and the device realize the predictive analysis of the data, ensure that the cloud server cannot acquire any effective information of the user, and ensure that the user cannot acquire any information of the model on the cloud server.

Description

Lightweight convolutional neural network security prediction method
Technical Field
The invention relates to the field of network security research, in particular to a lightweight convolutional neural network security prediction method.
Background
In recent years, artificial intelligence is rapidly developed in various fields, and due to blowout of data volume, breakthrough of computing capacity and breakthrough of algorithms, deep learning is promoted to achieve great success in various fields. The main difference between deep learning and traditional machine learning is that the performance of deep learning is increasing with the increase of the data size. Deep learning techniques have tremendous application in many areas such as medical diagnostics, face recognition, and credit risk assessment. Large internet companies collect online behavior data of users, such as personal information of users, web pages that like to browse, and things that are often purchased, and use the data to train a recommendation system, thereby analyzing and predicting the interests of users. Hospitals or research institutes can collect medical data of a large number of patients for pathological analysis, predicting the possibility of a patient to suffer from a certain disease in the future. Although deep learning brings great benefits to modern life, the collected mass data necessarily involves the privacy information of users, and the disclosure of the privacy information threatens the property and life safety of individuals or companies. In the context of big data, users worry about their private information being collected, and service providers are also concerned about model leakage. How to still utilize deep learning technology to continue data analysis under the condition of ensuring that private data of two parties are not leaked.
Convolutional neural networks are one of the classical algorithms for deep learning (deep learning). In recent years, there have been significant breakthroughs and advances in image recognition, face recognition, speech recognition, natural language processing, and the like. Convolutional neural networks are a supervised learning algorithm, generally divided into two stages: a training phase and a prediction phase. Deep learning privacy protection on cloud computing is mainly focused on the following aspects: in the training stage, sensitive data of the user should not be leaked to a server of the training model; in the prediction phase, the user's input should not be revealed to the server owning the model, nor should the server's proprietary deep learning model be revealed to the user.
When safety prediction is carried out, in order to prevent the information of private users from being leaked, the users encrypt the data before uploading the data, and then upload the ciphertext to a cloud server for neural network prediction. In deep learning, feature complexity is usually positively correlated with the number of neural network layers. The more network layers are, the more complex the features that can be extracted are, the higher the accuracy of the model is, and meanwhile, the number of parameters of the neural network is increased. However, the hierarchical homomorphic encryption can only support a limited number of ciphertext addition and multiplication operations, which makes the encryption method impractical in complex scenarios.
In the literature, "CryptoNets: applied Neural Networks to Encrypted Data with High Throughput and Accuracy", authors propose a Neural network security prediction scheme based on FV encryption. The FV encryption scheme is a hierarchical homomorphic encryption supporting only a limited number of ciphertext addition and multiplication operations. When the neural network hierarchy is deeper, more parameter quantity exists, and a large amount of ciphertext operation can be generated when neural network prediction is carried out, so that the FV encryption efficiency is low, and the FV encryption method is difficult to apply to an actual scene.
Disclosure of Invention
The invention mainly aims to overcome the defects of the prior art, and provides a lightweight convolutional neural network security prediction method which can be used for safely predicting a deeper neural network, so that the security of user data is effectively protected, the efficiency is not reduced due to deepening of neural network layers, and the lightweight convolutional neural network security prediction method is more suitable for being applied to actual scenes.
The purpose of the invention is realized by the following technical scheme:
a lightweight convolutional neural network security prediction method is characterized by comprising the following steps:
constructing a network security prediction model through training samples;
performing filter pruning on the network safety prediction model to obtain a pruning network safety prediction model;
coding the model parameters of the pruning network safety prediction model to obtain a coding network safety prediction model;
coding and encrypting data to be predicted, and inputting a ciphertext into a coding network security prediction model for prediction;
and (4) obtaining a ciphertext prediction result through ciphertext prediction, and further obtaining a final data result.
Further, the constructing of the network security prediction model specifically includes: obtaining a training sample and preprocessing the training sample; randomly selecting training samples to carry out convolution and pooling, and outputting from a full connection layer; and adjusting the network weight by back propagation to obtain a network security prediction model.
Further, the filter pruning is performed on the network security prediction model, specifically: calculating the absolute value sum of the weights of the filters, and cutting off part of the filters according to the absolute value sum of the weights of the filters so as to improve the calculation efficiency; the filter pruning comprises single-layer filter pruning which is as follows:
setting each filter to contain a plurality of channels, wherein each channel represents a convolution kernel, and the sum K of the absolute values of the convolution kernels of the p-th channel of the filter p Expressed as:
Figure BDA0002686631900000021
wherein, K p Is the sum of the absolute values of the convolution kernel weight values, k × k is the size of the convolution kernel matrix, w i For each weight value in the convolution kernel;
the sum F of the absolute values of convolution kernels of all channels of the jth filter of the ith layer j i Comprises the following steps:
Figure BDA0002686631900000031
wherein n is i Is the number of channels of the filter in the l-th layer, K p Summing the absolute values of the convolution kernels for the p-th channel;
let n in the first layer of the convolution layer l+1 The filters sort the sum of the absolute values of the convolution kernels of the filters, select the filter with the minimum sum of the absolute values of the m convolution kernels and cut the filter;
further, the filter pruning further comprises multilayer filter pruning, specifically: when the filters of the multilayer convolutional layers are pruned, each convolutional layer is taken as an independent single-layer filter pruning, and pruning is carried out according to a single-layer filter pruning method, so that the multilayer filter pruning is completed.
Further, the encoding of the model parameters of the pruning network security prediction model specifically includes: encrypting by using an FV homomorphic encryption method, encoding model parameters, and mapping integer and floating point numbers into a plaintext space; integer coding is as follows:
IntegerEncoder(a,B=2)=sign(a)·(a n-1 x n-1 +…+a 1 x+a 0 )
where B =2 is the base, a denotes the integer to be coded, and a n-1 ,...,a 1 ,a 0 Representing a in B =2 scale representation, n representing the order of the polynomial modulus;
the floating point number is encoded as follows:
multiplying real number by a scaling factor S, converting decimal into integer, and then encoding the integer as above:
Figure BDA0002686631900000032
wherein a represents floating point number to be encoded, and a 'represents scaled a, a' n-1 ,...,a 1 ',a' 0 Representing a' in B =2 scale, n representing the order of the polynomial modulus;
packing n integers of modulus t into a plaintext polynomial, wherein batch processing operation has requirements on polynomial order n and plaintext space coefficient modulus t, and t is a prime number and t ≡ 1 (mod 2 n); if the polynomial is selected as x n +1, i.e., the integer number of n modulo t can be placed in a polynomial.
Further, the encrypting the data uploaded by the user specifically includes:
before a user uploads data, encryption processing is required to be carried out, and a ciphertext is obtained and transmitted to a cloud server; let the user have n inclusions d 2 A sample of the dataset of features, one of which is represented by a matrix X:
Figure BDA0002686631900000041
wherein x is 11 1 st feature, x, representing a sample dd Represents the d-th of the sample 2 A characteristic;
carrying out encryption processing on each feature in the sample by an FV homomorphic encryption method, wherein each feature in the encrypted sample is represented by [. Cndot. ], and the method comprises the following steps:
Figure BDA0002686631900000042
further obtaining a ciphertext, and processing the ciphertext in a coding network security prediction model, wherein the ciphertext comprises a convolution layer, an activation layer, a pooling layer and a full-link layer; wherein, the convolutional layers are as follows:
the ciphertext operates at the convolutional layer as:
Figure BDA0002686631900000043
wherein, Σ is a ciphertext accumulation operation,
Figure BDA0002686631900000044
is a convolution operation; x j As the j-th feature map of the input, Y i Is the j-th feature map of the output, W ij A convolution kernel used for performing a convolution operation;
the ciphertext operates at the active layer as: the square function is selected as the activation function, and the square function on the ciphertext is the ciphertext which is multiplied by the function at the same position:
[X i ]=[X i ][X i ];
ciphertext operates at the pooling layer as: the maximum function is expressed as follows:
Figure BDA0002686631900000045
wherein k is the number of ciphertext pixels corresponding to the size of the filter;
in the averaging process, a factor is multiplied to replace division, the factor is a real number type and needs to be scaled, so that a scaling factor needs to be multiplied, and the coding is carried out by adopting a CRT batch processing technology:
Figure BDA0002686631900000046
wherein the content of the first and second substances,
Figure BDA0002686631900000047
for a downward rounding function, P [. Cndot]Continuing CRT batch coding for the processed real number factor;
the operation of the zoomed pooling layer only comprises ciphertext accumulation, ciphertext and plaintext multiplication, and an FV encryption algorithm can be executed;
the ciphertext operates at the full concatenation level as:
Figure BDA0002686631900000048
and obtaining a ciphertext.
Further, the ciphertext prediction result is obtained through ciphertext prediction, so as to obtain a final data result, specifically: and the cloud server carries out ciphertext prediction on the ciphertext to obtain a ciphertext prediction result [ Y ], the ciphertext prediction result [ Y ] is returned to the user, and the user decrypts the ciphertext through a private key of an FV encryption method to obtain a final plaintext prediction result Y.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. the invention applies the FV encryption method to the lightweight convolutional neural network, deepens the neural network hierarchy, reduces redundant weight parameters and improves the prediction efficiency by pruning the convolutional neural network under the condition of not influencing the prediction precision.
2. According to the method and the device, the computing service provided by the cloud server is utilized to realize the prediction analysis of the data, and the cloud server is ensured not to obtain any effective information of the user, and the user also cannot obtain any information of the model on the cloud server.
Drawings
FIG. 1 is a flow chart of a lightweight convolutional neural network security prediction method according to the present invention;
FIG. 2 is a diagram of a method process in accordance with an embodiment of the present invention;
fig. 3 is a simulation diagram of a real scene according to the embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but the present invention is not limited thereto.
The embodiment is as follows:
a lightweight convolutional neural network security prediction method is disclosed, as shown in FIG. 1, and includes the following steps:
constructing a network security prediction model through training samples; the method specifically comprises the following steps: obtaining a training sample and preprocessing the training sample; randomly selecting training samples to carry out convolution and pooling, and outputting from a full connection layer; and regulating the network weight through back propagation to obtain a network security prediction model. The specific process is shown in fig. 2.
Performing filter pruning on the network safety prediction model to obtain a pruning network safety prediction model; the method specifically comprises the following steps: according to the fact that the smaller the sum of the absolute values of convolution kernels of each channel in each filter is, the lower the importance of the filter is, and each layer selects m least important filters for pruning. The pruning method is characterized in that some filters with less importance are removed from a trained model while the precision loss is minimum, so that the calculation efficiency is improved. For the network pruning scheme, the most important point is how to take off the filter needing pruning and how to judge whether the weight is redundant. The measure of the method is the sum of absolute values of the weights of the filters, and the importance of the filters in each layer is judged by calculating the sum of the absolute values.
The single layer filter was pruned as follows: setting each filter to contain several channels, each channel representing a convolution kernel, measuring the effect of the filter by the sum of the absolute values of the convolution kernels of all the channels in each filter, and setting the sum K of the absolute values of the convolution kernels of the p-th channel of the filter p Expressed as:
Figure BDA0002686631900000051
wherein, K p Is the sum of the absolute values of the convolution kernel weight values, k × k is the size of the convolution kernel matrix, w i For each weight value in the convolution kernel;
the sum of the absolute values of convolution kernels of all channels of the jth filter of the ith layer
Figure BDA0002686631900000061
Comprises the following steps:
Figure BDA0002686631900000062
wherein n is i Is the number of channels of the filter in the l-th layer, K p Summing the absolute values of the convolution kernels of the p-th channel;
let n be in the first convolution layer l+1 The filters are used for sequencing the sums of the absolute values of the convolution kernels of the filters from small to large, selecting the filter with the minimum sum of the absolute values of the m convolution kernels and cutting the filter;
further, the multilayer filter pruning specifically comprises: when the filters of the multilayer convolutional layers are pruned, each convolutional layer is taken as an independent single-layer filter to be pruned according to a single-layer filter pruning method, and then the multilayer filter pruning is completed.
Coding the model parameters of the pruning network safety prediction model to obtain a coding network safety prediction model; the method comprises the following specific steps: the data type of the parameter in the neural network is usually real number, such as MNIST data set, when used as the input layer, the pixel points of each picture are all located at [0,255 ]]Or to [0,1 ]]Floating point numbers in between. The plaintext space of FV homomorphic encryption method is not integer domain or real domain, but polynomial quotient ring
Figure BDA0002686631900000063
The ciphertext space is
Figure BDA0002686631900000064
To encrypt using FV homomorphic encryption methods, the input data and model parameters are encoded, and integer and floating point numbers are mapped into the plaintext space.
Integer coding:
the selection base B =2, can be paired with- (2) n -1)≤2 n -1 integer is encoded. Firstly, a is represented by n-bit binary system, and is represented as a n-1 …a 1 a 0 The specific coding formula is as follows:
IntegerEncoder(a,B=2)=sign(a)·(a n-1 x n-1 +…+a 1 x+a 0 );
the floating-point number is encoded as follows:
multiplying real number by a scaling factor S, converting decimal into integer, and then encoding the integer as above:
Figure BDA0002686631900000065
wherein a represents floating point number to be encoded, and a 'represents scaled a, a' n-1 ,...,a 1 ',a' 0 Representing a' in B =2 scale, n representing the order of the polynomial modulus;
CRT batch processing technology:
in a homomorphic encryption scheme, batch processing techniques-Single Instruction Multiple Data (SIMD), are often used, SIMD techniques use a parallel concept. Generally, n integers modulo t can be packed into a plaintext polynomial, and batch processing operation has requirements on the polynomial order n and the plaintext spatial coefficient modulo t, requiring t to be prime and t ≡ 1 (mod 2 n). If the polynomial is selected as x n +1 means that n integers modulo t can be placed in a polynomial.
Inputting the data uploaded by the user into a coding network security prediction model, and encrypting the data uploaded by the user to obtain a ciphertext; the method specifically comprises the following steps: on the userBefore data transmission, in order to ensure privacy safety, encryption processing is required to be carried out, and a ciphertext is obtained and transmitted to a cloud server; because both the plaintext and ciphertext spaces of FV homomorphic encryption are polynomials, before ciphertext neural network prediction is performed, input samples are encoded and encrypted, and neural network parameters are only encoded; let the user have n inclusions d 2 A sample of the dataset of features, one of which is represented by a matrix X:
Figure BDA0002686631900000071
wherein x is 11 1 st feature, x, representing a sample dd Represents the d-th of the sample 2 A feature;
in the invention, the encryption scheme used is an FV homomorphic encryption method, the encryption mechanism can realize ciphertext addition and ciphertext multiplication operations for limited times, each feature in a sample is encrypted by the FV homomorphic encryption method, each feature in the encrypted sample is represented by [. Cndot ], and the method comprises the following steps:
Figure BDA0002686631900000072
further obtaining a ciphertext, and processing the ciphertext in a coding network security prediction model, wherein the ciphertext comprises a convolution layer, an activation layer, a pooling layer and a full-link layer; wherein, the convolutional layers are as follows:
the ciphertext operates as:
Figure BDA0002686631900000073
where Σ is a ciphertext accumulation operation,
Figure BDA0002686631900000074
is a convolution operation; x j Is the j-th feature map of the input, Y i Is the j-th feature map of the output, W ij Volumes used for convolution operationsAccumulating kernels;
the ciphertext operates at the active layer as: in the neural network model, the convolution layer and the full connection layer are linear layers, linear operation is carried out, and if a nonlinear function is not introduced, the network approximation effect is the same no matter how deep the neural network hierarchy is. In this case, a non-linear function, i.e. an activation layer, needs to be introduced. Commonly used activation functions are Sigmoid, reLU, tanh functions, and some variants thereof, but they are all non-linear operations and homomorphic encryption algorithms cannot compute. Here, a square function is selected as the activation function, and the square function on the ciphertext is the ciphertext at the same position to be multiplied:
[X i ]=[X i ][X i ];
ciphertext operates at the pooling layer as: max pooling and average pooling are two pooling operations commonly used in convolutional neural networks, but they are both non-linear and cannot operate using a homomorphic encryption scheme. The invention selects a special pooling layer to replace the operation of the largest pooling layer. The maximum function can be expressed as:
Figure BDA0002686631900000081
the operation on the corresponding ciphertext may be represented as follows:
Figure BDA0002686631900000082
/>
wherein k is the number of ciphertext pixels corresponding to the size of the filter;
to keep homomorphic multiplication operations low, d should be kept as small as possible, and the meaningful minimum is d =1, where the result is a scalar multiple of the average pooling function, i.e., the sum of the ciphertexts in the sliding window. Because division operation cannot be performed in homomorphic encryption operation, in order to obtain average pooling result, the division is replaced by multiplying a factor which is a real number type and needs to be scaled when averaging, so that a scaling factor needs to be multiplied and encoded by using CRT batch processing technology:
Figure BDA0002686631900000083
wherein the content of the first and second substances,
Figure BDA0002686631900000084
for a downward rounding function, P [. Cndot]Continuing CRT batch coding for the processed real number factor;
the operation of the zoomed pooling layer only comprises ciphertext accumulation, ciphertext and plaintext multiplication, and an FV encryption algorithm can be executed;
the ciphertext operates at the full concatenation level as:
in convolutional neural networks, multiple convolutional and pooling layers, combined, will typically contain several fully-connected layers. The full connection layer is that each neuron of two adjacent layers is completely connected:
Figure BDA0002686631900000085
and obtaining a ciphertext.
The convolutional neural network consists of the four layers, a prediction result is obtained after the cloud server calculates on a ciphertext, namely, the ciphertext prediction result is obtained through ciphertext prediction, and then a final data result is obtained, specifically: and the cloud server carries out ciphertext prediction on the ciphertext to obtain a ciphertext prediction result [ Y ], the ciphertext prediction result [ Y ] is returned to the user, and the user decrypts the ciphertext through a private key of an FV encryption method to obtain a final plaintext prediction result Y.
Compared with the existing privacy protection scheme CryptoNets, the method mainly comprises the accuracy and time of ciphertext prediction. The comparison results are shown in table 1. The datasets used are the MNIST dataset and the fast-MNIST dataset.
TABLE 1 comparison of protocols
Figure BDA0002686631900000091
The present invention considers a realistic scene simulation of a patient and a hospital, as shown in fig. 3. The patient encrypts and sends personal health information of the patient to a hospital, the hospital predicts the encrypted health information by using a trained prediction model, an obtained prediction result is returned to the patient, and the patient himself decrypts the prediction result to obtain a final diagnosis result. In the process, the hospital can not obtain the privacy information of the patient, and meanwhile, as the patient does not use the deep learning model, the model is protected for the hospital.
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such modifications are intended to be included in the scope of the present invention.

Claims (4)

1. A lightweight convolutional neural network security prediction method is characterized by comprising the following steps:
constructing a network security prediction model through training samples;
performing filter pruning on the network safety prediction model to obtain a pruning network safety prediction model;
coding the model parameters of the pruning network safety prediction model to obtain a coding network safety prediction model;
the method for coding the model parameters of the pruning network safety prediction model specifically comprises the following steps: encrypting by using an FV homomorphic encryption method, encoding model parameters, and mapping integer and floating point numbers into a plaintext space; integer coding is as follows:
IntegerEncoder(a,B=2)=sign(a)·(a n-1 x n-1 +…+a 1 x+a 0 )
wherein B =2 is a base number, a is an integer to be coded, and a n-1 ,…,a 1 ,a 0 Representing a in B =2 scale, n representing the order of the polynomial modulus;
the floating point number is encoded as follows:
multiplying the real number by a scaling factor S, converting the decimal number into an integer, and then encoding the decimal number as the integer:
Figure FDA0004048205160000011
wherein a represents a floating point number to be encoded, and a 'represents a scaled a, a' n-1 ,...,a 1 ',a' 0 Representing a' in B =2 scale, n representing the order of the polynomial modulus;
packing n integers of modulus t into a plaintext polynomial, wherein batch processing operation has requirements on polynomial order n and plaintext space coefficient modulus t, and t is required to be prime and t is equal to 1 (mod 2 n); if the polynomial is selected as x n +1, i.e. an integer representing that n modulo t can be put in a polynomial;
inputting the data uploaded by the user into a coding network security prediction model, and encrypting the data uploaded by the user to obtain a ciphertext, wherein the ciphertext specifically comprises the following steps:
before a user uploads data, encryption processing is required to be carried out, and a ciphertext is obtained and transmitted to a cloud server; let the user have n inclusions d 2 A sample of the dataset of features, one of which is represented by a matrix X:
Figure FDA0004048205160000012
wherein x is 11 1 st feature, x, representing a sample dd Represents the d-th of the sample 2 A feature;
carrying out encryption processing on each feature in the sample by an FV homomorphic encryption method, wherein each feature in the encrypted sample is represented by [. Cndot. ], and the method comprises the following steps:
Figure FDA0004048205160000021
further obtaining a ciphertext, and processing the ciphertext in a coding network security prediction model, wherein the ciphertext comprises a convolution layer, an activation layer, a pooling layer and a full-link layer; wherein, the convolutional layers are as follows:
the ciphertext operates at the convolutional layer as:
Figure FDA0004048205160000022
/>
wherein, sigma is the cipher text accumulation operation,
Figure FDA0004048205160000023
is a convolution operation; x j Is the j-th feature map of the input, Y i Is the j-th feature map of the output, W ij A convolution kernel for performing a convolution operation;
the ciphertext operates at the active layer as: selecting a square function as an activation function, wherein the square function on the ciphertext is that the ciphertext at the same position is desired to be multiplied by:
[X i ]=[X i ][X i ];
ciphertext operates at the pooling layer as: the max function is expressed as follows:
Figure FDA0004048205160000024
wherein k is the number of ciphertext pixels corresponding to the size of the filter;
in the averaging process, a factor is multiplied to replace division, the factor is a real number type and needs to be scaled, so that a scaling factor needs to be multiplied, and the coding is carried out by adopting a CRT batch processing technology:
Figure FDA0004048205160000025
wherein the content of the first and second substances,
Figure FDA0004048205160000026
to go downwardsInteger function, P [ ·]Continuing CRT batch coding for the processed real number factor;
the operation of the zoomed pooling layer only comprises ciphertext accumulation, ciphertext and plaintext multiplication, and an FV encryption algorithm can be executed;
the ciphertext operates at the full concatenation level as:
Figure FDA0004048205160000027
obtaining a ciphertext; through ciphertext prediction, a ciphertext prediction result is obtained, and then a final data result is obtained, which specifically comprises: and the cloud server carries out ciphertext prediction on the ciphertext to obtain a ciphertext prediction result [ Y ], the ciphertext prediction result [ Y ] is returned to the user, and the user decrypts the ciphertext through a private key of an FV encryption method to obtain a final plaintext prediction result Y.
2. The method for predicting the security of the lightweight convolutional neural network as claimed in claim 1, wherein the constructing of the network security prediction model specifically comprises: obtaining a training sample and preprocessing the training sample; randomly selecting training samples to carry out convolution and pooling, and outputting from a full connection layer; and adjusting the network weight by back propagation to obtain a network security prediction model.
3. The method according to claim 1, wherein the filter pruning is performed on the network security prediction model, specifically: calculating the absolute value sum of the weights of the filters, and cutting off part of the filters according to the absolute value sum of the weights of the filters so as to improve the calculation efficiency; the filter pruning comprises single-layer filter pruning which is as follows:
setting each filter to contain a plurality of channels, wherein each channel represents a convolution kernel, and the sum K of absolute values of convolution kernel weight values of the p-th channel of the filter p Expressed as:
Figure FDA0004048205160000031
wherein, K p Is the sum of absolute values of convolution kernel weight values, k × k is the size of the convolution kernel matrix, w i For each weight value in the convolution kernel;
the sum of the absolute values of convolution kernels of all channels of the jth filter of the ith layer
Figure FDA0004048205160000032
Comprises the following steps:
Figure FDA0004048205160000033
/>
wherein n is i Is the number of channels of the filter in the l-th layer, K p Summing the absolute values of the convolution kernels for the p-th channel;
let n in the first layer of the convolution layer l+1 And the filters sort the sums of the absolute values of the convolution kernels of the filters, select the filter with the minimum sum of the absolute values of the m convolution kernels and cut the filter.
4. The lightweight convolutional neural network security prediction method of claim 3, wherein the filter pruning further comprises a multilayer filter pruning, specifically: when the filters of the multilayer convolutional layers are pruned, each convolutional layer is taken as an independent single-layer filter to be pruned according to a single-layer filter pruning method, and then the multilayer filter pruning is completed.
CN202010978442.9A 2020-09-17 2020-09-17 Lightweight convolutional neural network security prediction method Active CN112217663B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010978442.9A CN112217663B (en) 2020-09-17 2020-09-17 Lightweight convolutional neural network security prediction method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010978442.9A CN112217663B (en) 2020-09-17 2020-09-17 Lightweight convolutional neural network security prediction method

Publications (2)

Publication Number Publication Date
CN112217663A CN112217663A (en) 2021-01-12
CN112217663B true CN112217663B (en) 2023-04-07

Family

ID=74049924

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010978442.9A Active CN112217663B (en) 2020-09-17 2020-09-17 Lightweight convolutional neural network security prediction method

Country Status (1)

Country Link
CN (1) CN112217663B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113255881B (en) * 2021-04-27 2023-04-07 西安交通大学 Homomorphic encryption neural network framework of PS and PL cooperative architecture and inference method
CN113689376A (en) * 2021-06-02 2021-11-23 北京信息职业技术学院 Pathological image recognition method based on computer vision
CN113435406A (en) * 2021-07-15 2021-09-24 支付宝(杭州)信息技术有限公司 Face recognition method and device for realizing privacy protection
CN114168991B (en) * 2022-02-10 2022-05-20 北京鹰瞳科技发展股份有限公司 Method, circuit and related product for processing encrypted data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107609351A (en) * 2017-10-23 2018-01-19 桂林电子科技大学 A kind of method based on convolutional neural networks prediction pseudouridine decorating site
CN110490128A (en) * 2019-08-16 2019-11-22 南京邮电大学 A kind of hand-written recognition method based on encryption neural network
CN111178525A (en) * 2019-12-24 2020-05-19 重庆邮电大学 Pruning-based convolutional neural network compression method, system and medium
CN111275711A (en) * 2020-01-08 2020-06-12 西安电子科技大学 Real-time image semantic segmentation method based on lightweight convolutional neural network model

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107609351A (en) * 2017-10-23 2018-01-19 桂林电子科技大学 A kind of method based on convolutional neural networks prediction pseudouridine decorating site
CN110490128A (en) * 2019-08-16 2019-11-22 南京邮电大学 A kind of hand-written recognition method based on encryption neural network
CN111178525A (en) * 2019-12-24 2020-05-19 重庆邮电大学 Pruning-based convolutional neural network compression method, system and medium
CN111275711A (en) * 2020-01-08 2020-06-12 西安电子科技大学 Real-time image semantic segmentation method based on lightweight convolutional neural network model

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Pruning filters for efficient convnets;LI H, et al.;《https://arxiv.org/pdf/1608.08710.pdf》;20160831;正文第3节 *

Also Published As

Publication number Publication date
CN112217663A (en) 2021-01-12

Similar Documents

Publication Publication Date Title
CN112217663B (en) Lightweight convolutional neural network security prediction method
JP7300253B2 (en) Prediction model distribution method and prediction model distribution system
CN112910624B (en) Ciphertext prediction method based on homomorphic encryption
Kumar Pandey et al. Encryption and steganography-based text extraction in IoT using the EWCTS optimizer
Lou et al. She: A fast and accurate deep neural network for encrypted data
Rehman et al. A novel chaos-based privacy-preserving deep learning model for cancer diagnosis
CN110543901A (en) image recognition method, device and equipment
US20230359865A1 (en) Modeling Dependencies with Global Self-Attention Neural Networks
KR20220113714A (en) Systems and methods for efficient computation of partitioned data and partitioning algorithms
Alzamily et al. Classification of Encrypted Images Using Deep Learning–Resnet50
Barannik et al. Video data compression methods in the decision support systems
Selvi et al. Medical image encryption and compression by adaptive sigma filterized synorr certificateless signcryptive Levenshtein entropy-coding-based deep neural learning
US20230299788A1 (en) Systems and Methods for Improved Machine-Learned Compression
Sharma et al. A novel resolution independent gradient edge predictor for lossless compression of medical image sequences
Jiang et al. ASB-CS: Adaptive sparse basis compressive sensing model and its application to medical image encryption
Kumar A novel weakest t-norm based fuzzy fault tree analysis through qualitative data processing and its application in system reliability evaluation
CN114978189A (en) Data coding method and related equipment
Yavanoglu et al. A new intelligent steganalysis method for waveform audio files
El-kafrawy et al. An efficient encryption and compression of sensed IoT medical images using auto-encoder
CN113436608B (en) Double-flow voice conversion method, device, equipment and storage medium
Briner et al. Tabular-to-Image Transformations for the Classification of Anonymous Network Traffic Using Deep Residual Networks
CN113949880B (en) Extremely-low-bit-rate man-machine collaborative image coding training method and coding and decoding method
CN115424725A (en) Data analysis method and device, storage medium and processor
Wang et al. pCOVID: A Privacy-Preserving COVID-19 Inference Framework
JP7368386B2 (en) Prediction model conversion method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant