CN112463387A - Method for identifying deep learning model on local server based on GPU (graphics processing Unit) space-time resource consumption - Google Patents
Method for identifying deep learning model on local server based on GPU (graphics processing Unit) space-time resource consumption Download PDFInfo
- Publication number
- CN112463387A CN112463387A CN202011427759.XA CN202011427759A CN112463387A CN 112463387 A CN112463387 A CN 112463387A CN 202011427759 A CN202011427759 A CN 202011427759A CN 112463387 A CN112463387 A CN 112463387A
- Authority
- CN
- China
- Prior art keywords
- deep learning
- data
- gpu
- local server
- learning model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013136 deep learning model Methods 0.000 title claims abstract description 41
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000012545 processing Methods 0.000 title claims abstract description 12
- 238000013527 convolutional neural network Methods 0.000 claims abstract description 14
- 238000012360 testing method Methods 0.000 claims abstract description 7
- 238000002474 experimental method Methods 0.000 claims abstract description 5
- 239000011159 matrix material Substances 0.000 claims abstract description 5
- 238000013135 deep learning Methods 0.000 claims abstract description 4
- 230000008569 process Effects 0.000 claims abstract description 4
- 238000010606 normalization Methods 0.000 claims description 7
- 230000004913 activation Effects 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 6
- 238000011176 pooling Methods 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 7
- 238000012549 training Methods 0.000 description 7
- 238000012800 visualization Methods 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 3
- 238000013145 classification model Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000000605 extraction Methods 0.000 description 3
- 238000013528 artificial neural network Methods 0.000 description 2
- 235000000332 black box Nutrition 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000016273 neuron death Effects 0.000 description 2
- RTAQQCXQSZGOHL-UHFFFAOYSA-N Titanium Chemical compound [Ti] RTAQQCXQSZGOHL-UHFFFAOYSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013506 data mapping Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005670 electromagnetic radiation Effects 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
- G06F9/5044—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering hardware capabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5011—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/047—Probabilistic or stochastic networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/049—Temporal neural networks, e.g. delay elements, oscillating neurons or pulsed inputs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Artificial Intelligence (AREA)
- Computing Systems (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Biophysics (AREA)
- Biomedical Technology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Probability & Statistics with Applications (AREA)
- Image Analysis (AREA)
Abstract
The method for identifying the deep learning model on the local server based on GPU space-time resource consumption comprises the following steps: (S1) building an experiment platform for collecting the utilization rate and power consumption data of the local server GPU; (S2) running various common deep learning models on the local server by using an open source deep learning framework such as tensiorflow, pyrrch and the like; (S3): capturing the utilization rate and power consumption data of the GPU in real time in the process that the local server runs the deep learning model; (S4) processing the collected data; and (S5) constructing a convolutional neural network to classify the collected data, and presenting the test result in a confusion matrix mode. The final result shows that when the deep learning model runs, the GPU utilization rate and the power consumption of the local server have correlation with the internal model, and through the analysis of the correlation, a lot of effective information about the model can be obtained.
Description
Technical Field
The invention relates to the field of deep learning model identification, which is mainly applied to the safety field of deep learning models, in particular to a method for identifying a deep learning model on a local server based on GPU (graphics processing unit) space-time resource consumption.
Background
Side channel attacks are attack techniques based on side channel information. Side channel information means other information in the encryption device than explicit information directly related to the ciphertext, such as GPU usage of the device, video memory occupancy of the GPU, power consumption, electromagnetic radiation, time consumption, and the like. With the continuous penetration of artificial intelligence technology in military, civil and other industries, security problems and attack and defense technologies are receiving more and more attention. The safety consideration of the traditional artificial intelligence technology only stays at a software level, and by adding disturbance to the input of the deep learning model, the countermeasure sample is generated to make the output of the model misclassified. Such attacks are generally classified into black-box attacks and white-box attacks according to the degree of understanding about the model, wherein the former attacks have no knowledge about the model information, and the latter attacks know the model architecture, training data, model weight, and other information exactly. Obviously, the more the model is known, the greater the threat of attack, and white-box attacks are generally superior to black-box attacks in attack effectiveness. It is more advantageous for the attacker to attack if more model information can be known. In fact, when the model is running, the attacker analyzes the space-time resource consumption of the device on the hardware level to obtain part of the model information, and the analyzed information is collectively called side channel information. The side channel attack is called as the side channel attack by the side channel information to realize the cracking of the model.
Server-based deep learning model applications such as image recognition, signal recognition, network classification, etc. are very common. Since the deep learning model requires extremely high computational power to operate, the model is deployed in a server, and the input and output of the model are transmitted through a local network or the internet, which is a common application scenario. Therefore, a large portion of the deep learning models can provide services in terms of artificial intelligence to the market in a server-deployed manner. For the models, the information of the running models cannot be directly obtained from the server, but the use condition of the models for the hardware resources of the server can be obtained, and the running models are judged according to the use of the hardware resources. As for the local server, the side channel information available to the attacker includes CPU cache, data transmission time, and the like. In the prior art, the deep learning model information is stolen by using a Cache (Cache) of a CPU. The invention provides a method for identifying deep learning models in a server by acquiring the GPU utilization rate and power consumption, so that the identification of different deep learning models is realized by relatively simple actual operation.
Disclosure of Invention
The invention provides a method for directly identifying a deep learning model in a local server through utilization rate and power consumption information of a GPU (graphics processing unit), aiming at overcoming the defect that the type of the deep learning model in the local server is difficult to identify by using the traditional attack method in the prior art.
The technical conception of the invention is as follows: experiments show that when the deep learning model runs, the GPU utilization rate and the power consumption of the local server have correlation with the internal model, and the correlation is shown in that when the input is the same, the more complex the model is, the higher the GPU utilization rate and the power consumption are, and vice versa, the lower the GPU utilization rate and the power consumption are. Through the analysis of the correlation, the information of the deep learning model in the local server can be inferred according to the utilization rate and the power consumption information of the GPU, and an attacker can change the black box attack into the gray box attack or even the white box attack on the local server so as to improve the accuracy of the attack success.
The technical scheme adopted by the invention for realizing the aim is as follows:
1. a method for identifying a deep learning model on a local server based on GPU space-time resource consumption is characterized by comprising the following steps:
s1, establishing an experiment platform for acquiring the utilization rate and power consumption data of the local server GPU;
s2, running various common deep learning models on the local server by using open source deep learning frameworks such as tensiorflow, pyrrch and the like;
s3: capturing the utilization rate and power consumption data of the GPU in real time in the process that the local server runs the deep learning model;
s4, processing the collected data;
and S5, constructing a convolutional neural network to classify the collected data, and presenting the test result in a confusion matrix mode.
Further, the step S3 specifically includes: the utilization rate and power consumption data of the GPU are collected in real time when the different-deep learning models run, and input signals of the different-deep learning models can be one-dimensional time sequence data, two-dimensional image data and complex network data.
Further, the step S4 specifically includes:
s4.1, carrying out linear normalization processing on the acquired data, wherein the purpose of normalization is to limit the acquired data between 0 and 1, so that the speed of solving the optimal solution by gradient descent is increased, and the identification precision is improved, and the formula is as follows:
where x is the collected raw data, min (x) the minimum value in the collected raw data, max (x) the maximum value in the collected raw data, and x' is the value after the raw data is normalized.
And S4.2, converting the normalized data into 512-512 two-dimensional gray level pictures, fully exerting the advantages of the convolutional neural network in the aspect of image feature extraction, reducing the calculation complexity, and then marking each picture with a corresponding label so as to directly input the pictures into the convolutional neural network for training and testing.
Further, the step S5 specifically includes: the convolutional neural network comprises four convolutional layers, the number of model parameters is compressed as much as possible by using 3 x 3 and 1 x 1 convolutional kernels, the number of characteristic channels is doubled after each pooling operation so as to keep the integrity of characteristics as much as possible, the probability of neuron death and overfitting in training are reduced by using a relu nonlinear activation function, and the output of the neural network is changed into probability distribution by using a softmax activation function so that the classification is more accurate.
The invention has the beneficial effects that:
(1) reasonably utilizing the local server platform, the deployment is simple, the data acquisition is convenient, and the analysis is easy.
(2) The method shows that when the deep learning model runs, the GPU utilization rate and the power consumption of the local server have correlation with the internal model, and through analysis of the correlation, a lot of effective information about the model can be obtained.
(3) The method for identifying the deep learning model in the local server can change the traditional counterattack sample attack from black box attack to gray box attack or even white box attack, and obviously improves the attack accuracy.
(4) The invention provides a method for converting one-dimensional time sequence data into a two-dimensional image, which can fully play the advantages of a convolutional neural network in the aspect of image feature extraction, reduce the computational complexity and provide a solution for the difficulty in processing the one-dimensional time sequence data.
(5) The convolutional neural network algorithm has a good classification effect on the one-dimensional time sequence data mapping.
Drawings
FIG. 1 is a flow chart of the method of the present invention;
fig. 2(a) is a visualization diagram of GPU usage data, and fig. 2(b) is a visualization diagram of GPU usage data after normalization;
fig. 3(a) is a visualization diagram of GPU power consumption data, and fig. 3(b) is a visualization diagram after normalization of the GPU power consumption data;
FIG. 4 is a diagram of normalized GPU usage data;
FIG. 5 is a diagram of normalized GPU power consumption data;
FIG. 6 is a diagram of the classification result of an image model inputted as two-dimensional image data;
FIG. 7 is a graph of the results of a model classification of a signal input as one-dimensional time series data;
fig. 8 is a graph of the classification result of the node model with the input being the complex network data.
Detailed Description
The following detailed description of embodiments of the invention is provided in connection with the accompanying drawings.
Referring to fig. 1 to 8, a method for identifying a deep learning model on a local server based on GPU spatiotemporal resource consumption includes the following steps:
s1, establishing an experiment platform for collecting the utilization rate and power consumption data of the local server GPU, specifically comprising the following steps:
the local server is configured to use Intel I7-6700 for the CPU and use Intel GTX TITAN X PASCAL for the GPU;
s2, running various common deep learning models on the local server by using open source deep learning frameworks such as tensiorflow, pyrrch and the like, wherein the deep learning models specifically comprise the following steps:
running the image recognition models alexnet, mobilenetv1, mobilenetv2, inceptonv 3, resnetv1 and resnetv2 on the server, respectively; the signal identification models are fx _ crmr, nin, alexnet, fx _ resnet and lstm respectively; the node classification models are demo _ net, gat, gcn, graphsage, h-gcn and mixhop respectively;
s3: capturing the utilization rate and power consumption data of the GPU in real time in the process that the local server runs the deep learning model; the method specifically comprises the following steps:
the utilization rate and power consumption data of the GPU during the operation of different-deep learning models can be collected in real time by combining python program packages pynvml and psutil, wherein the input of a signal recognition model is one-dimensional time sequence data, the input of an image recognition model is two-dimensional image data, and the input of a node classification model is complex network data;
s4, processing the collected data; the method specifically comprises the following steps:
s4.1, carrying out linear normalization processing on the acquired data as shown in figures 2 and 3, wherein the purpose of normalization is to limit the acquired data between 0 and 1, so that the speed of solving the optimal solution by gradient descent is increased, and the identification precision is improved, and the formula is as follows:
wherein x is the collected original data, min (x) the minimum value in the collected original data, max (x) the maximum value in the collected original data, and x' is the value after the original data is normalized;
s4.2, converting the normalized data into 512-512 grayscale images such as figures 4 and 5, fully playing the advantages of the convolutional neural network in the aspect of image feature extraction, reducing the calculation complexity, and then marking each image with a corresponding label so as to directly input the images into the convolutional neural network for training and testing;
s5, building a convolutional neural network to classify the collected data, and presenting the test result in a confusion matrix mode; the method specifically comprises the following steps:
s5.1, the convolutional neural network comprises four convolutional layers, the number of model parameters is compressed as much as possible by using 3 x 3 and 1 x 1 convolutional kernels, the number of characteristic channels is doubled after each maximum pooling operation so as to keep the integrity of characteristics as much as possible, a relu nonlinear activation function is used, the probability of neuron death and overfitting in training are reduced, and the softmax activation function enables the output of the neural network to be probability distribution and enables classification to be more accurate;
s5.2, inputting the processed data into a convolutional neural network, and after training of a training set, outputting a classification result by a test set through a confusion matrix, wherein numbers represent classification precision such as 0.96 to represent 96% accuracy, the classification result of an image recognition model is shown in figure 6, the classification result of a signal recognition model is shown in figure 7, and the classification result of a node classification model is shown in figure 8.
And S6, combining the model classification result with an image model attack method, a signal model attack method and a node model attack method, and performing special attack on the deep learning model operated by the local server to improve the attack accuracy.
The embodiments described in this specification are merely illustrative of implementations of the inventive concept and the scope of the present invention should not be considered limited to the specific forms set forth in the embodiments but rather by the equivalents thereof as may occur to those skilled in the art upon consideration of the present inventive concept.
Claims (4)
1. A method for identifying a deep learning model on a local server based on GPU space-time resource consumption is characterized by comprising the following steps:
s1, establishing an experiment platform for acquiring the utilization rate and power consumption data of the local server GPU;
s2, running various common deep learning models on the local server by using open source deep learning frameworks such as tensiorflow, pyrrch and the like;
s3: capturing the utilization rate and power consumption data of the GPU in real time in the process that the local server runs the deep learning model;
s4, processing the collected data;
and S5, constructing a convolutional neural network to classify the collected data, and presenting the test result in a confusion matrix mode.
2. The method for identifying deep learning models on local servers based on GPU spatiotemporal resource consumption as claimed in claim 1, characterized in that: the step S3 specifically includes:
the utilization rate and power consumption data of the GPU are collected in real time when the different-deep learning models run, and input signals of the different-deep learning models can be one-dimensional time sequence data, two-dimensional image data and complex network data.
3. The method for deep learning model identification based on side channel attack as claimed in claim 1, wherein: the step S4 specifically includes:
s4.1, carrying out linear normalization processing on the acquired data, wherein the formula is as follows:
wherein x is the collected original data, min (x) the minimum value in the collected original data, max (x) the maximum value in the collected original data, and x' is the value after the original data is normalized;
and S4.2, converting the normalized data into 512-512 gray level pictures, and then marking each picture with a corresponding label.
4. The method for deep learning model identification based on side channel attack as claimed in claim 1, wherein: the step S5 specifically includes:
the convolutional neural network comprises four convolutional layers, convolution kernels are 3 x 3 and 1 x 1, a maximum pooling layer is added behind each convolutional layer, two full-connected layers are used, a relu activation function is used behind the first full-connected layer, a softmax activation function is used behind the second full-connected layer, and a prediction result is output.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011427759.XA CN112463387B (en) | 2020-12-07 | 2020-12-07 | Method for identifying deep learning model on local server based on GPU space-time resource consumption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011427759.XA CN112463387B (en) | 2020-12-07 | 2020-12-07 | Method for identifying deep learning model on local server based on GPU space-time resource consumption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112463387A true CN112463387A (en) | 2021-03-09 |
| CN112463387B CN112463387B (en) | 2024-03-29 |
Family
ID=74800370
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011427759.XA Active CN112463387B (en) | 2020-12-07 | 2020-12-07 | Method for identifying deep learning model on local server based on GPU space-time resource consumption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112463387B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113676311A (en) * | 2021-07-05 | 2021-11-19 | 浙江工业大学 | Method and system for obtaining deep learning model structure based on side channel information |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110048827A (en) * | 2019-04-15 | 2019-07-23 | 电子科技大学 | A kind of class template attack method based on deep learning convolutional neural networks |
| US20190377606A1 (en) * | 2018-06-12 | 2019-12-12 | International Business Machines Corporation | Smart accelerator allocation and reclamation for deep learning jobs in a computing cluster |
| CN111291860A (en) * | 2020-01-13 | 2020-06-16 | 哈尔滨工程大学 | Anomaly detection method based on convolutional neural network feature compression |
| CN111401567A (en) * | 2020-03-20 | 2020-07-10 | 厦门渊亭信息科技有限公司 | Universal deep learning hyper-parameter optimization method and device |
-
2020
- 2020-12-07 CN CN202011427759.XA patent/CN112463387B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190377606A1 (en) * | 2018-06-12 | 2019-12-12 | International Business Machines Corporation | Smart accelerator allocation and reclamation for deep learning jobs in a computing cluster |
| CN110048827A (en) * | 2019-04-15 | 2019-07-23 | 电子科技大学 | A kind of class template attack method based on deep learning convolutional neural networks |
| CN111291860A (en) * | 2020-01-13 | 2020-06-16 | 哈尔滨工程大学 | Anomaly detection method based on convolutional neural network feature compression |
| CN111401567A (en) * | 2020-03-20 | 2020-07-10 | 厦门渊亭信息科技有限公司 | Universal deep learning hyper-parameter optimization method and device |
Non-Patent Citations (1)
| Title |
|---|
| 靳涛;张永爱;: "TensorFlow平台下基于深度学习的数字识别", 信息技术与网络安全, no. 04, 10 April 2018 (2018-04-10) * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113676311A (en) * | 2021-07-05 | 2021-11-19 | 浙江工业大学 | Method and system for obtaining deep learning model structure based on side channel information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112463387B (en) | 2024-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kim et al. | Deep convolutional neural models for picture-quality prediction: Challenges and solutions to data-driven image quality assessment | |
| Kim et al. | Fully deep blind image quality predictor | |
| Rao et al. | Learning discriminative aggregation network for video-based face recognition and person re-identification | |
| CN108780508A (en) | System and method for normalized image | |
| US20230021661A1 (en) | Forgery detection of face image | |
| CN111475797A (en) | Method, device and equipment for generating confrontation image and readable storage medium | |
| Tang et al. | Improving cost learning for JPEG steganography by exploiting JPEG domain knowledge | |
| Chen et al. | Geo-defakehop: High-performance geographic fake image detection | |
| Ahmed et al. | PIQI: perceptual image quality index based on ensemble of Gaussian process regression | |
| Mareen et al. | Comprint: Image forgery detection and localization using compression fingerprints | |
| Zanddizari et al. | Generating black-box adversarial examples in sparse domain | |
| CN112463387B (en) | Method for identifying deep learning model on local server based on GPU space-time resource consumption | |
| CN115457015A (en) | Image no-reference quality evaluation method and device based on visual interactive perception double-flow network | |
| Sun et al. | Instance-level Trojan Attacks on Visual Question Answering via Adversarial Learning in Neuron Activation Space | |
| CN114638356A (en) | Static weight guided deep neural network back door detection method and system | |
| Xu et al. | Blind image quality assessment by pairwise ranking image series | |
| CN113676311A (en) | Method and system for obtaining deep learning model structure based on side channel information | |
| Shelke et al. | Multiple forgery detection in digital video with VGG-16-based deep neural network and KPCA | |
| Tanaka et al. | On the transferability of adversarial examples between encrypted models | |
| Basile et al. | Relating implicit bias and adversarial attacks through intrinsic dimension | |
| Kaplun et al. | Using Artificial Neural Networks and Wavelet Transform for Image Denoising | |
| Guo et al. | Er-iqa: Boosting perceptual quality assessment using external reference images | |
| Chen et al. | PAM: Pyramid Attention Mechanism Based on Contextual Reasoning | |
| Saealal et al. | In-the-Wild Deepfake Detection Using Adaptable CNN Models with Visual Class Activation Mapping for Improved Accuracy | |
| Fadaeddini et al. | Data augmentation using fast converging CIELAB-GAN for efficient deep learning dataset generation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |