CN112269992A - Real-time malicious sample detection method based on artificial intelligence processor and electronic device - Google Patents
Real-time malicious sample detection method based on artificial intelligence processor and electronic device Download PDFInfo
- Publication number
- CN112269992A CN112269992A CN202011179567.1A CN202011179567A CN112269992A CN 112269992 A CN112269992 A CN 112269992A CN 202011179567 A CN202011179567 A CN 202011179567A CN 112269992 A CN112269992 A CN 112269992A
- Authority
- CN
- China
- Prior art keywords
- malicious sample
- sample detection
- network
- detection mechanism
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/06—Physical realisation, i.e. hardware implementation of neural networks, neurons or parts of neurons
- G06N3/063—Physical realisation, i.e. hardware implementation of neural networks, neurons or parts of neurons using electronic means
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Health & Medical Sciences (AREA)
- Biophysics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biomedical Technology (AREA)
- Virology (AREA)
- Neurology (AREA)
- Artificial Intelligence (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Memory System Of A Hierarchy Structure (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a real-time malicious sample detection method and an electronic device based on an artificial intelligence processor, wherein the method comprises the following steps: according to a target network and a malicious sample detection mechanism, performing resource division on a global on-chip cache, a pulse array and a non-DNN computing unit of the artificial intelligent processor; the compiler generates an instruction file according to the resource division result; and when the malicious sample detection mechanism judges that the input data is a malicious sample, the target neural network is informed to stop calculating. The method and the device can not reduce the reasoning performance of the accelerator for executing the target network to some extent, and ensure that the system can be free from the risk of being attacked by malicious samples, so that the resource utilization rate of the artificial intelligent processor is greatly improved, the requirement on the memory bandwidth is reduced, and the detection algorithm has strong compatibility and good adaptability.
Description
Technical Field
The invention relates to the field of computing system and microprocessor safety, in particular to a real-time malicious sample detection method based on an artificial intelligence processor and an electronic device.
Background
In recent years, the process development speed of semiconductor chip is reduced, so that the advancing speed of moore's law is slowed down and gradually reaches the physical limit. Present computer systems rely on dedicated hardware accelerators for better performance and energy efficiency. The computation of machine learning models, particularly deep neural networks, is typically computationally and memory intensive, both of which require specialized hardware accelerators to improve the performance and energy efficiency of their execution. A great deal of effort has been made in the academic world, where the university institute of china 2014, calculated by the cloud researchers, pioneered the design of a high performance, low power consumption neural network processor DianNao, which can operate at 3mm2The area of the GPU is equivalent to that of the mainstream GPU. In addition, the research team provides a Cambricon instruction set which is the first international deep learning instruction set and can support various neural network algorithms through instruction combination while keeping high efficiency. In 2017, the Massachusetts institute of technology and technology proposed an Eyeris deep learning accelerator, which accelerates deep learning acceleration by adopting a data flow method and is used for accelerating a convolutional neural network. In the industry, google designs and develops an ASIC circuit tpu (sensor Processing unit) of a deep neural network, and three artificial intelligence processor chips of tpuv1.0, tpuv2.0 and tpuv3.0 are already completed at present and are applied to a cloud computing center. Meanwhile, great invida also opens the source of deep learning accelerator NVDLA, and is the first ASIC artificial intelligence processor in the industry.
Although the academic and industrial circles invest a lot of manpower and material resources for the development of the artificial intelligent processor, and have obtained many excellent research results. However, the deep neural network model itself faces many risks, and the current artificial intelligence processor architecture cannot do so. For example, with the rise of AI Face changing, the image technology is mature day by day, and meanwhile, series problems caused by AI black products are faced, Face images manufactured by adopting faking algorithms such as Face2Face, Face swap, deep faces, neuro textures and the like are natural and vivid, the authenticity of human eyes can hardly be distinguished, meanwhile, an AI system can make wrong judgment, and the task difficulty is greatly improved. In addition, the neural network can be manually operated to keep normal identification before the neural network is touched by responding to a trigger (trigger) by training the secret back door of the neural network in advance, and when the attack is needed, the trigger is used for attacking the neural network with the accuracy rate of more than 90 percent, thereby causing huge threat to automatic driving and image identification application. More generally, existing neural network models are also very vulnerable to challenge samples.
Most of the existing artificial intelligence processors are designed to be optimized and designed in order to improve the running efficiency and real-time performance of a neural network model, and the architectural design of the artificial intelligence processors is developed towards the directions of high performance, low power consumption, small volume and customization, so that the artificial intelligence processors can bring better performance and energy efficiency. However, in many application scenarios, it is desirable to protect the safety of the operation of the neural network model itself from the attack of the malicious samples described above. While the operation of the malicious sample detection algorithm usually requires an artificial intelligence processor, even a CPU processor, to complete the calculation of the corresponding algorithm, the existing artificial intelligence processor cannot provide effective calculation capability for both the target neural network model and the malicious sample detection algorithm, and particularly, the malicious sample detection algorithm includes a special calculation unit (e.g., conventional machine learning or a special hash layer). Existing artificial intelligence processors face a number of challenges in these applications.
In view of the increasingly outstanding security problems of the conventional artificial intelligence processor and the requirement of a malicious sample detection algorithm on new computing power, an artificial intelligence processor technology capable of providing mixed and multiple computing powers is urgently needed, so that a neural network model running by the artificial intelligence processor can be ensured to be capable of effectively detecting malicious sample attacks in real time. The research on the artificial intelligence processor architecture capable of resisting the attack of the malicious sample has wide practical value and application prospect.
Disclosure of Invention
In order to overcome the defects of the existing artificial intelligence processor technology, the invention provides a real-time malicious sample detection method and an electronic device based on an artificial intelligence processor, which can simultaneously operate a target neural network model and a malicious sample detection model (including a neural network malicious sample detection model, a traditional machine learning malicious sample detection model or the combination of the two models), so that the target neural network model can efficiently execute reasoning, and a malicious sample detection algorithm can effectively detect the attack of a malicious sample in real time.
The technical scheme of the invention is as follows:
a real-time malicious sample detection method based on an artificial intelligence processor is suitable for a system consisting of an on-chip general CPU processor, the artificial intelligence processor and a compiler, and comprises the following steps:
1) according to a target network and a malicious sample detection mechanism, resource division is carried out on a global on-chip cache, a pulse array and a non-DNN computing unit of an artificial intelligent processor to obtain the target network on-chip cache, a detection network on-chip cache, a target network pulse array and a detection network pulse array, so that when the malicious sample detection mechanism is a detection network, the non-DNN computing unit of the malicious sample detection mechanism runs on an on-chip general CPU processor, and a target neural network and the malicious sample detection network run on the artificial intelligent processor at the same time; when the malicious sample detection mechanism is a machine learning algorithm, the malicious sample detection mechanism runs on an on-chip general CPU (central processing unit) processor, and a target neural network runs on an artificial intelligent processor;
2) the compiler divides resources of the artificial intelligent processor according to a target network and a malicious prototype detection mechanism to generate respective corresponding instruction files;
3) and when the malicious sample detection mechanism judges that the input data is a malicious sample, the target neural network is informed to stop processing the calculation of the input data.
Furthermore, the artificial intelligence processor and the on-chip general-purpose CPU processor adopt a tightly coupled design.
Further, the algorithm in the non-DNN calculation unit includes: hash calculation and convex relaxation activation.
Further, a target neural network and a malicious sample detection network are trained on the deep learning platform; the deep learning platform comprises: TensorFlow, Keras, Caffe and PyTorch.
Further, the global on-chip cache is subjected to resource partitioning through the following steps:
1) designing all banks cached on the global chip as physical logic banks, and setting a unique label for each physical logic bank;
2) and completing resource division of the global on-chip cache according to the requirements of the target network and a malicious sample detection mechanism on the on-chip cache.
Further, the physical logic bank forms a weight cache and an input/output cache of the target neural network and the malicious sample detection neural network in a ping-pong cache mode.
An artificial intelligence processor-based real-time malicious sample detection system, comprising:
the general CPU processor on the chip is used for operating the non-DNN computing unit of the malicious sample detection mechanism when the malicious sample detection mechanism is a detection network; when the malicious sample detection mechanism is a machine learning algorithm, operating the malicious sample detection mechanism;
the compiler is used for partitioning the resources of the artificial intelligent processor according to a target network and a malicious prototype detection mechanism to generate respective corresponding instruction files;
the artificial intelligence processor is used for simultaneously operating the target neural network and the malicious sample detection network when the malicious sample detection mechanism is the detection network; when the malicious sample detection mechanism is a machine learning algorithm, operating a target neural network; when the malicious sample detection mechanism judges that the input data is a malicious sample, the target neural network is informed to stop processing the calculation of the input data; the method comprises the steps of carrying out resource division on a global on-chip cache, a pulse array and a non-DNN (non-redundant network) computing unit of the artificial intelligent processor according to a target network and a malicious sample detection mechanism to obtain a target network on-chip cache, a detection network on-chip cache, a target network pulse array and a detection network pulse array.
Furthermore, the artificial intelligence processor and the on-chip general-purpose CPU processor adopt a tightly coupled design.
Further, the global on-chip cache is subjected to resource partitioning through the following steps:
1) designing all banks cached on the global chip as physical logic banks, and setting a unique label for each physical logic bank;
2) and completing resource division of the global on-chip cache according to the requirements of the target network and a malicious sample detection mechanism on the on-chip cache.
Further, the physical logic bank forms a weight cache and an input/output cache of the target neural network and the malicious sample detection neural network in a ping-pong cache mode.
Compared with the prior art, the method has the advantages that:
(1) the invention can ensure that the target neural network model executes reasoning efficiently, and can operate the malicious sample detection algorithm, so that the system can not only finish the reasoning function of the target neural network model with high performance, but also can ensure that the system is not attacked by the malicious sample. The technology can improve the safety of the artificial intelligent processor system, simultaneously can not cause the inference performance of the accelerator for executing the target network to be reduced to some extent, and the loss of the performance can be ignored. Compared with an artificial intelligent processor without malicious sample defense capacity, the method increases the area and energy consumption of a chip, but on the premise of not influencing the execution performance of a target network, the system can be prevented from being attacked by malicious samples. The method can be widely used in the fields of safety protection of an artificial intelligent processor, an AIoT (advanced Internet technology) security terminal and the like, has great market benefits and good application prospects, and can be particularly applied to the fields with high requirements on the safety of a neural network model, such as automatic driving, finance or medical images;
(2) the elastic pulse array processing unit can elastically distribute corresponding computing resources to the target network model and the malicious sample detection neural network model, so that the resource utilization rate of the artificial intelligent processor is greatly improved, and the performance of model execution is effectively improved.
(3) The flexible global on-chip cache not only can divide two neural network models into two caches with similar functions, but also can be used as a large cache for a single neural network model, and the flexible on-chip cache not only improves the reusability of local data, but also greatly reduces the requirement on memory bandwidth.
(4) The defect that the conventional artificial intelligent processor is easily attacked by malicious samples is overcome, and the safety of the artificial intelligent processor in operating a target neural network model is ensured; the method has the characteristics of novel structure, small volume, high performance, strong compatibility of detection algorithms, good adaptability and the like.
Drawings
Fig. 1 is a schematic diagram of a real-time detection system for malicious sample attacks.
FIG. 2 is a schematic diagram of a flexible on-chip cache and flexible systolic array.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and examples.
The real-time detection system architecture for malicious sample attack is shown in fig. 1, wherein SoC is a system on chip, PE is a processing unit, and DNN is a deep neural network. The system mainly comprises an elastic artificial intelligence processor, a CPU and an accelerator off-chip DRAM. And generating an operation instruction file of the artificial intelligent processor corresponding to the target neural network model by a compiler of the artificial intelligent processor in the target neural network model and the malicious sample detection neural network model trained on deep learning platforms such as TensorFlow, Keras, Caffe, PyTorch and the like. And the artificial intelligence processor executes corresponding operations such as convolution operation, activation operation and pooling operation according to the received instruction, completes the calculation of each layer of the neural network model, finally completes the calculation of the whole target neural network model, and outputs the probability of the target neural network model corresponding to one class. Meanwhile, the artificial intelligence processor also completes the real-time detection of the malicious sample, and if the input sample is malicious and the output of the target neural network model is wrongly classified or predicted, the system cannot output the result.
The invention is specially designed aiming at the calculation capacity required by the existing malicious sample detection algorithm, and designs and improves the three aspects of a pulse array processing unit, a global on-chip cache and a nonlinear calculation unit of the existing artificial intelligent processor, so that the system can simultaneously run a target neural network model and a malicious sample detection neural network model, and all existing malicious sample detection methods can be deployed into the system to ensure that the artificial intelligent processor is prevented from being attacked by the malicious samples.
Specifically, the system of the present invention comprises: the system comprises a flexible artificial intelligent processor architecture, a scheduler, a general CPU processor core and an interconnection path between the two; the scheduler is responsible for scheduling the allocation of the computing resources and the storage resources of the two neural network models and scheduling the computing tasks of the CPU processor; the flexible artificial intelligence processor architecture includes a flexible on-chip cache (which can be divided into two global caches 0/1), a flexible systolic array, and two non-linear compute units. The elastic pulse array can be used as a large computing unit to execute a single neural network model, and can also be split into two processor cores with different sizes to respectively operate two neural network models; the flexible global on-chip cache can also be used as an independent cache module, and two global on-chip caches with different sizes can also be arranged for the two neural network models; and the two paths of nonlinear computing units respectively perform nonlinear processing on the intermediate data generated by one processor core.
The nonlinear computing unit is specially designed, such as hash computation, convex relaxation activation (covex relax activation), and the like.
Fig. 2 is a schematic diagram of flexible on-chip cache and flexible systolic array, where Pool is a pooling operation, Relu is a nonlinear activation, SBin is an input weight cache, NBin is an input profile cache, and NBout is an output profile cache, and it is composed of a flexible systolic array processing unit, an internal interconnect bus, and a flexible global on-chip cache. The flexible global on-chip cache is composed of conversion logic and a plurality of banks with unique marks. The translation logic is a protocol approach similar to crossbar, which is used to logically cut the global on-chip cache and generate the routes for the systolic array processing unit and the respective on-chip cache data exchanges. The physical logic bank forms a weight cache and an input/output cache required by the neural network model in a ping-pong cache mode, so that the bank with the unique identifier can be effectively divided and segmented according to the conversion logic, and the conversion logic can perform accurate read-write operation on the bank through the unique identifier. The flexible systolic array is composed of a group of processing units and can be divided into two processor cores with different sizes.
The method of the present invention has been described in detail by way of the form expression and examples, but the specific form of implementation of the present invention is not limited thereto. Various obvious changes and modifications can be made by one skilled in the art without departing from the spirit and principles of the process of the invention. The protection scope of the present invention shall be subject to the claims.
Claims (10)
1. A real-time malicious sample detection method based on an artificial intelligence processor is suitable for a system consisting of an on-chip general CPU processor, the artificial intelligence processor and a compiler, and comprises the following steps:
1) according to a target network and a malicious sample detection mechanism, resource division is carried out on a global on-chip cache, a pulse array and a non-DNN computing unit of an artificial intelligent processor to obtain the target network on-chip cache, a detection network on-chip cache, a target network pulse array and a detection network pulse array, so that when the malicious sample detection mechanism is a detection network, the non-DNN computing unit of the malicious sample detection mechanism runs on an on-chip general CPU processor, and a target neural network and the malicious sample detection network run on the artificial intelligent processor at the same time; when the malicious sample detection mechanism is a machine learning algorithm, the malicious sample detection mechanism runs on an on-chip general CPU (central processing unit) processor, and a target neural network runs on an artificial intelligent processor;
2) the compiler divides resources of the artificial intelligent processor according to a target network and a malicious prototype detection mechanism to generate respective corresponding instruction files;
3) and when the malicious sample detection mechanism judges that the input data is a malicious sample, the target neural network is informed to stop processing the calculation of the input data.
2. The method of claim 1, wherein the artificial intelligence processor and the on-chip general purpose CPU processor are in a tightly coupled design.
3. The method of claim 1, wherein the algorithm in the non-DNN computation unit comprises: hash calculation and convex relaxation activation.
4. The method of claim 1, wherein a target neural network and a malicious sample detection network trained at a deep learning platform; the deep learning platform comprises: TensorFlow, Keras, Caffe and PyTorch.
5. The method of claim 1, wherein a global on-chip cache is resource partitioned by:
1) designing all banks cached on the global chip as physical logic banks, and setting a unique label for each physical logic bank;
2) and completing resource division of the global on-chip cache according to the requirements of the target network and a malicious sample detection mechanism on the on-chip cache.
6. The method of claim 5, wherein the physical logic bank forms a weight cache and an input-output cache of the target neural network and the malicious sample detection neural network in a ping-pong cache manner.
7. An artificial intelligence processor-based real-time malicious sample detection system, comprising:
the general CPU processor on the chip is used for operating the non-DNN computing unit of the malicious sample detection mechanism when the malicious sample detection mechanism is a detection network; when the malicious sample detection mechanism is a machine learning algorithm, operating the malicious sample detection mechanism;
the compiler is used for partitioning the resources of the artificial intelligent processor according to a target network and a malicious prototype detection mechanism to generate respective corresponding instruction files;
the artificial intelligence processor is used for simultaneously operating the target neural network and the malicious sample detection network when the malicious sample detection mechanism is the detection network; when the malicious sample detection mechanism is a machine learning algorithm, operating a target neural network; when the malicious sample detection mechanism judges that the input data is a malicious sample, the target neural network is informed to stop processing the calculation of the input data; the method comprises the steps of carrying out resource division on a global on-chip cache, a pulse array and a non-DNN (non-redundant network) computing unit of the artificial intelligent processor according to a target network and a malicious sample detection mechanism to obtain a target network on-chip cache, a detection network on-chip cache, a target network pulse array and a detection network pulse array.
8. The system of claim 7, wherein the artificial intelligence processor and the on-chip general purpose CPU processor are in a tightly coupled design.
9. The system of claim 7, wherein the global on-chip cache is resource partitioned by:
1) designing all banks cached on the global chip as physical logic banks, and setting a unique label for each physical logic bank;
2) and completing resource division of the global on-chip cache according to the requirements of the target network and a malicious sample detection mechanism on the on-chip cache.
10. The system of claim 9, wherein the physical logic bank forms a weight cache and an input-output cache of the target neural network and the malicious sample detection neural network in a ping-pong cache manner.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2020104846645 | 2020-06-01 | ||
| CN202010484664 | 2020-06-01 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112269992A true CN112269992A (en) | 2021-01-26 |
| CN112269992B CN112269992B (en) | 2023-10-20 |
Family
ID=74344870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011179567.1A Active CN112269992B (en) | 2020-06-01 | 2020-10-29 | Real-time malicious sample detection method based on artificial intelligent processor and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112269992B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112734625A (en) * | 2021-01-29 | 2021-04-30 | 成都视海芯图微电子有限公司 | Hardware acceleration system and method based on 3D scene design |
| CN113255909A (en) * | 2021-05-31 | 2021-08-13 | 北京理工大学 | Clean label neural network back door implantation system based on universal countermeasure trigger |
| CN113269308A (en) * | 2021-05-31 | 2021-08-17 | 北京理工大学 | Clean label neural network back door implantation method based on universal countermeasure trigger |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103716204A (en) * | 2013-12-20 | 2014-04-09 | 中国科学院信息工程研究所 | Abnormal intrusion detection ensemble learning method and apparatus based on Wiener process |
| CN108347430A (en) * | 2018-01-05 | 2018-07-31 | 国网山东省电力公司济宁供电公司 | Network invasion monitoring based on deep learning and vulnerability scanning method and device |
| CN109784056A (en) * | 2019-01-02 | 2019-05-21 | 大连理工大学 | A kind of malware detection method based on deep learning |
| CN109918951A (en) * | 2019-03-12 | 2019-06-21 | 中国科学院信息工程研究所 | A kind of artificial intelligence process device side channel system of defense based on interlayer fusion |
| CN109934339A (en) * | 2019-03-06 | 2019-06-25 | 东南大学 | A kind of general convolutional neural networks accelerator based on a dimension systolic array |
| CN109981252A (en) * | 2019-03-12 | 2019-07-05 | 中国科学院信息工程研究所 | A kind of artificial intelligence process device safety enhancing system and method based on critical path encryption |
| CN110135157A (en) * | 2019-04-04 | 2019-08-16 | 国家计算机网络与信息安全管理中心 | Malware homology analysis method, system, electronic equipment and storage medium |
| CN110674936A (en) * | 2019-09-24 | 2020-01-10 | 上海寒武纪信息科技有限公司 | Neural network processing method and device, computer equipment and storage medium |
| CN110766145A (en) * | 2018-12-29 | 2020-02-07 | 中科寒武纪科技股份有限公司 | Learning task compiling method of artificial intelligence processor and related product |
| CN110808971A (en) * | 2019-10-30 | 2020-02-18 | 中国科学院信息工程研究所 | Deep embedding-based unknown malicious traffic active detection system and method |
| WO2020034098A1 (en) * | 2018-08-14 | 2020-02-20 | 华为技术有限公司 | Artificial intelligence (ai) processing method and ai processing device |
| CN111160551A (en) * | 2019-12-04 | 2020-05-15 | 上海寒武纪信息科技有限公司 | Computation graph execution method, computer device, and storage medium |
-
2020
- 2020-10-29 CN CN202011179567.1A patent/CN112269992B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103716204A (en) * | 2013-12-20 | 2014-04-09 | 中国科学院信息工程研究所 | Abnormal intrusion detection ensemble learning method and apparatus based on Wiener process |
| CN108347430A (en) * | 2018-01-05 | 2018-07-31 | 国网山东省电力公司济宁供电公司 | Network invasion monitoring based on deep learning and vulnerability scanning method and device |
| WO2020034098A1 (en) * | 2018-08-14 | 2020-02-20 | 华为技术有限公司 | Artificial intelligence (ai) processing method and ai processing device |
| CN110766145A (en) * | 2018-12-29 | 2020-02-07 | 中科寒武纪科技股份有限公司 | Learning task compiling method of artificial intelligence processor and related product |
| CN109784056A (en) * | 2019-01-02 | 2019-05-21 | 大连理工大学 | A kind of malware detection method based on deep learning |
| CN109934339A (en) * | 2019-03-06 | 2019-06-25 | 东南大学 | A kind of general convolutional neural networks accelerator based on a dimension systolic array |
| CN109918951A (en) * | 2019-03-12 | 2019-06-21 | 中国科学院信息工程研究所 | A kind of artificial intelligence process device side channel system of defense based on interlayer fusion |
| CN109981252A (en) * | 2019-03-12 | 2019-07-05 | 中国科学院信息工程研究所 | A kind of artificial intelligence process device safety enhancing system and method based on critical path encryption |
| CN110135157A (en) * | 2019-04-04 | 2019-08-16 | 国家计算机网络与信息安全管理中心 | Malware homology analysis method, system, electronic equipment and storage medium |
| CN110674936A (en) * | 2019-09-24 | 2020-01-10 | 上海寒武纪信息科技有限公司 | Neural network processing method and device, computer equipment and storage medium |
| CN110808971A (en) * | 2019-10-30 | 2020-02-18 | 中国科学院信息工程研究所 | Deep embedding-based unknown malicious traffic active detection system and method |
| CN111160551A (en) * | 2019-12-04 | 2020-05-15 | 上海寒武纪信息科技有限公司 | Computation graph execution method, computer device, and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| FANG LI, CHAO YAN, ET AL.: ""A Deep Malware Detection Method Based on General-Purpose Register Features"", "ICCS 2019", pages 221 - 235 * |
| 马梦雨、陈李维、孟丹: ""内存数据污染攻击和防御综述"", 《信息安全学报》, vol. 2, no. 4, pages 82 - 98 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112734625A (en) * | 2021-01-29 | 2021-04-30 | 成都视海芯图微电子有限公司 | Hardware acceleration system and method based on 3D scene design |
| CN112734625B (en) * | 2021-01-29 | 2022-06-07 | 成都视海芯图微电子有限公司 | Hardware acceleration system and method based on 3D scene design |
| CN113255909A (en) * | 2021-05-31 | 2021-08-13 | 北京理工大学 | Clean label neural network back door implantation system based on universal countermeasure trigger |
| CN113269308A (en) * | 2021-05-31 | 2021-08-17 | 北京理工大学 | Clean label neural network back door implantation method based on universal countermeasure trigger |
| CN113269308B (en) * | 2021-05-31 | 2022-11-18 | 北京理工大学 | Clean label neural network back door implantation method based on universal countermeasure trigger |
| CN113255909B (en) * | 2021-05-31 | 2022-12-13 | 北京理工大学 | Clean label neural network back door implantation system based on universal countermeasure trigger |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112269992B (en) | 2023-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112269992A (en) | Real-time malicious sample detection method based on artificial intelligence processor and electronic device | |
| US20180164866A1 (en) | Low-power architecture for sparse neural network | |
| CN109918951B (en) | Artificial intelligence processor side channel defense system based on interlayer fusion | |
| WO2020163315A1 (en) | Systems and methods for artificial intelligence with a flexible hardware processing framework | |
| WO2022077907A1 (en) | Adversarial attack detection method, system and device, and computer-readable storage medium | |
| CN111259397B (en) | Malware classification method based on Markov graph and deep learning | |
| Li et al. | Deep learning target vehicle detection method based on YOLOv3-tiny | |
| CN109472734A (en) | A kind of target detection network and its implementation based on FPGA | |
| EP4292018A1 (en) | Techniques for accelerating neural networks | |
| Liu et al. | Quantum-inspired African vultures optimization algorithm with elite mutation strategy for production scheduling problems | |
| Lei et al. | Scadis: A scalable accelerator for data-intensive string set matching on fpgas | |
| Wu et al. | Deep learning driven security in digital twins of drone network | |
| Zhuang et al. | Vlsi architecture design for adder convolution neural network accelerator | |
| CN112051981B (en) | Data pipeline calculation path structure and single-thread data pipeline system | |
| CN114218995A (en) | Speculative acceleration-based classification based on incomplete feature sets | |
| Zhang et al. | Design and implementation of deep neural network for edge computing | |
| Nishimura et al. | Accelerating the Smith-waterman algorithm using bitwise parallel bulk computation technique on GPU | |
| Bai et al. | An OpenCL-based FPGA accelerator with the Winograd’s minimal filtering algorithm for convolution neuron networks | |
| Feng et al. | Accelerating CNN-RNN based machine health monitoring on FPGA | |
| CN113012760A (en) | FPGA-based gene sequence assembly algorithm calculation acceleration method | |
| Chen et al. | Guarding deep learning systems with boosted evasion attack detection and model update | |
| CN112434350A (en) | Hardware Trojan attack method for reconfigurable accelerator on-chip interconnection structure | |
| Gao et al. | Exploiting adversarial examples to drain computational resources on mobile deep learning systems | |
| Liu et al. | Current Application Fields | |
| CN110059817A (en) | A method of realizing low consumption of resources acoustic convolver |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |