CN113407968A

CN113407968A - Encryption method, device, equipment and storage medium of target detection model

Info

Publication number: CN113407968A
Application number: CN202110732784.7A
Authority: CN
Inventors: 黄哲
Original assignee: Ping An International Smart City Technology Co Ltd
Current assignee: Ping An International Smart City Technology Co Ltd
Priority date: 2021-06-29
Filing date: 2021-06-29
Publication date: 2021-09-17

Abstract

The application relates to the field of computers, in particular to an encryption method of a target detection model, which comprises the following steps: acquiring an open source image set, and screening the open source image set to obtain a training image set; based on a preset image conversion rule, carrying out random rule conversion on the training image set to generate image conversion rule data, and carrying out encryption processing on the image conversion rule data to obtain a rule ciphertext; performing image conversion on the training image set according to the image conversion rule data to obtain converted image data; inputting the converted image data into a neural network for training to obtain a target detection model; and configuring the rule ciphertext in the target detection model to obtain an encrypted target detection model. Therefore, the target detection model can be prevented from being illegally stolen, the safety of the target detection model is improved, and the user experience is improved.

Description

Encryption method, device, equipment and storage medium of target detection model

Technical Field

The present application relates to the field of computers, and in particular, to an encryption method for a target detection model, an encryption apparatus for a target detection model, a computer device, and a storage medium.

Background

The existing neural network weights are generally delivered to a client side for deployment, but a designer cannot completely ensure that a client side maintainer follows an information security protocol, and once the client side maintainer does not follow the information security protocol, a neural network model is leaked. The neural network model is an independent module and is difficult to disassemble again, and the structure of the neural network model is mostly open source codes, if the model leaks, the model can be operated by illegally obtaining the corresponding steps conveniently, so that the neural network model obtained illegally is utilized, and the neural network model is easy to steal.

The existing method is to encrypt the model by using a binary shell adding mode, and the mode has the defects that the neural network model after the binary shell adding is an independent model only by shielding the internal network structure and weight information and not disassembling the model function module, so that an illegal acquirer does not need to research the internal structure, can conveniently call an interface for identification, and the neural network model is easy to be illegally stolen and stolen.

Disclosure of Invention

The application provides an encryption method of a target detection model, an encryption device of the target detection model, computer equipment and a storage medium, and aims to solve the problem that the existing encryption mode of a neural network model is still easy to be stolen.

In order to achieve the above object, the present application provides an encryption method for an object detection model, the method comprising:

acquiring an open source image set, and screening the open source image set to obtain a training image set;

based on a preset image conversion rule, carrying out random rule conversion on the training image set to generate image conversion rule data, and carrying out encryption processing on the image conversion rule data to obtain a rule ciphertext;

performing image conversion on the training image set according to the image conversion rule data to obtain converted image data;

inputting the converted image data into a neural network for training to obtain a target detection model;

and configuring the rule ciphertext in the target detection model to obtain an encrypted target detection model.

In order to achieve the above object, the present application further provides an encryption apparatus for an object detection model, including:

the training set generation module is used for acquiring an open source image set and screening the open source image set to obtain a training image set;

the data encryption module is used for carrying out random rule conversion on the training image set based on a preset image conversion rule to generate image conversion rule data and carrying out encryption processing on the image conversion rule data to obtain a rule ciphertext;

the image conversion module is used for carrying out image conversion on the training image set according to the image conversion rule data to obtain converted image data;

the model training module is used for inputting the converted image data into a neural network for training to obtain a target detection model;

and the ciphertext configuration module is used for configuring the rule ciphertext in the target detection model to obtain the encrypted target detection model.

In addition, to achieve the above object, the present application also provides a computer device comprising a memory and a processor; the memory for storing a computer program; the processor is configured to execute the computer program and implement the encryption method of the object detection model according to any one of the embodiments of the present application when the computer program is executed.

In addition, to achieve the above object, the present application further provides a computer-readable storage medium storing a computer program, which when executed by a processor, causes the processor to implement any one of the encryption methods of the object detection model provided in the embodiments of the present application.

According to the encryption method of the target detection model, the encryption device of the target detection model, the equipment and the storage medium, the generated image conversion rule is encrypted by randomly generating the image conversion rule, and finally the encrypted target detection model is obtained through training and configuration, so that the target detection model can be prevented from being illegally stolen, meanwhile, the safety of the target detection model is improved, the safety of data is guaranteed, and the user experience is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic view of a scene of an encryption method of a target detection model according to an embodiment of the present application;

fig. 2 is a schematic flowchart of an encryption method for an object detection model according to an embodiment of the present application;

FIG. 3 is a schematic block diagram of an encryption apparatus of an object detection model according to an embodiment of the present application;

fig. 4 is a schematic block diagram of a computer device according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The flow diagrams depicted in the figures are merely illustrative and do not necessarily include all of the elements and operations/steps, nor do they necessarily have to be performed in the order depicted. For example, some operations/steps may be decomposed, combined or partially combined, so that the actual execution sequence may be changed according to the actual situation. In addition, although the division of the functional blocks is made in the device diagram, in some cases, it may be divided in blocks different from those in the device diagram.

The term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.

The existing solution is to encrypt the model by using a binary shell adding mode, and the mode has the defects that the neural network model after binary shell adding only shields the internal network structure and weight information, and does not disassemble the model function module, and is still an independent model, so that an illegal acquirer does not need to research the internal structure, can conveniently call an interface for identification, and the neural network model is easily stolen and stolen illegally.

There is also a more complicated solution, which is to add a corresponding layer in the neural network structure, and such a method is difficult to develop and maintain, and causes a change in the neural network structure. But also has a plurality of disadvantages, firstly, on part of the chip, the modified neural network can not be adapted, so that the mobility of the neural network is poor; secondly, the change of the neural network structure may cause the precision loss and needs a large amount of optimization work, so the method also has a plurality of disadvantages.

In order to solve the problems, the encryption method of the image recognition model can be applied to a server and can also be applied to terminal equipment, the neural network model can be encrypted, the problem that the existing neural network model encryption mode is still easy to steal is solved, the convenience of deployment of the neural network model can be improved, meanwhile, the safety of the neural network model is improved, and the user experience is improved.

The terminal device may include a fixed terminal such as a mobile phone, a tablet computer, a Personal Digital Assistant (PDA), and the like. The servers may be, for example, individual servers or clusters of servers. However, for the sake of understanding, the following embodiments will be described in detail with respect to an encryption method applied to an object detection model of a server.

Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.

As shown in fig. 1, the model generation method provided in the embodiment of the present application may be applied to the application environment shown in fig. 1. The application environment includes a terminal device 110 and a server 120, wherein the terminal device 110 can communicate with the server 120 through a network. Specifically, the server 120 trains and encrypts the target detection model, and sends the encrypted target detection model to the terminal device 110, so that the user uses the encrypted target detection model through the terminal device 110. The server 120 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, a middleware service, a domain name service, a security service, a CDN, a big data and artificial intelligence platform, and the like. The terminal device 110 may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, and the like. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.

Referring to fig. 2, fig. 2 is a schematic flowchart of an encryption method for a target detection model according to an embodiment of the present application. The encryption method of the target detection model can be applied to a server, so that the convenience of deployment of the neural network model can be improved, and meanwhile, the safety of the neural network model is improved.

As shown in fig. 2, the encryption method of the object detection model includes steps S101 to S105.

S101, obtaining an open source image set, and screening the open source image set to obtain a training image set.

The open source image set is a plurality of types of images acquired on the network, and the training image set is used for randomly generating image conversion rule data, and specifically, the corresponding training image set can be obtained by manually or mechanically screening.

In some embodiments, determining whether a target object is present in each image in the open source image set; and labeling the target object in the image with the target object to obtain a labeled image set, and taking the labeled image set as a training image set. Therefore, the target object of the training sample can be labeled, and subsequent model training is facilitated.

Specifically, it may be determined whether a target object exists in each image in the open source image set; labeling a target object in an image with the target object to obtain a labeled image set, and taking the labeled image set as a training image set; and screening the images in the initial image set if the target object does not exist in the images.

Illustratively, a target object of each image in the open source image set is labeled, for example, a cat in one image is labeled by an expert or a machine, so as to obtain a labeled image set, and the labeled image set is used as a training image set.

In some embodiments, an open source image set is obtained, images conforming to a preset format are screened from the open source image set, a screened image set is obtained, and the screened image set is used as a training image set. The preset format may be a picture format such as JPG, JPEG, PNG, BMP, and ICO, and may also be an image including a target object. Therefore, images which are in the same picture format and contain the target object can be screened out, and subsequent target detection is facilitated.

Since the open source image set is not in the same picture format for every picture, images conforming to the picture format can be marked. In addition, the open source image set also has a plurality of images which do not comprise the target object, so the images have no value to a target detection model obtained by subsequent training, and therefore the non-conforming images can be screened out firstly.

Specifically, images in accordance with the preset format can be screened out through manual screening, such as by research and development personnel, and images in the preset format can also be screened out through a machine, such as according to the parameter characteristics of the images. And marking the image which accords with the preset format, and taking the image subjected to marking processing as a training image set.

S102, based on a preset image conversion rule, carrying out random rule conversion on the training image set to generate image conversion rule data, and carrying out encryption processing on the image conversion rule data to obtain a rule ciphertext.

The preset image conversion rule comprises one or more of RGB value rearrangement, a designated resampling mode, an image rotation angle, an image mirror image turning mode, an image initial coordinate and an aspect ratio scaling. The RGB value rearrangement is to reset the RGB values of the image, and the specified resampling mode may include adjacent sampling, bilinear sampling, bicubic interpolation sampling, Anti-alias sampling, and the like. The random rule conversion is performed by randomly selecting one or more image conversion rules from preset image conversion rules and converting the training image set, for example, two modes of RGB value rearrangement and designated adjacent sampling are generated as the image conversion rules, and the training image set is converted according to the image conversion rules.

In some embodiments, based on a preset image transformation rule tool, randomly generating a rule according to the training image set to obtain image transformation rule data, where the image transformation rule data includes an image transformation rule and a corresponding numerical value; and encrypting the numerical value to obtain a rule ciphertext. Therefore, the effect of encrypting the whole target detection model can be achieved by encrypting the randomly generated image conversion rule data.

The preset image conversion rule tool is a Software Development Kit (SDK) developed in advance according to a preset image conversion rule, the preset Software Development Kit (SDK) is a software development kit for conversion and is used for randomly generating a rule, the image conversion rule data includes randomly generated image conversion rules and correspondingly generated numerical values, the image conversion rules and the numerical values obtained through conversion are in one-to-one correspondence, and the numerical values can be Regular values (Regular values). Therefore, the corresponding image conversion rule and the regular value can be generated according to the image which accords with the preset image parameter, and the regular value is encrypted, so that the effect of encrypting the whole model is achieved.

Illustratively, the generated image transformation rules include three ways of image start coordinates, aspect ratio scaling and image mirror flipping. Where the starting coordinates of the images in the training image set in the background picture are (112, 123, 499, 500), the aspect ratio scaling is 2:1, we can manually assign a value, such as 3, and the image mirror inversion mode is reverse, such as 8, then the generated value is 11212349950038. The value is actually an image conversion rule generated by recording, and the value can be more conveniently used because a machine can conveniently analyze the code.

Specifically, based on a pre-configured Software Development Kit (SDK), rule data is randomly generated according to a preset image conversion rule and a training image set, so as to obtain an image conversion rule and randomly generate a corresponding group of regular values, and RSA encryption is performed on the group of regular values. Therefore, the image conversion model can be encrypted through the regular value, and the model is prevented from being easily stolen.

The value in the image conversion rule data is encrypted, for example, the value in the image conversion rule data may be encrypted by using an RSA encryption algorithm, an MD5 value encryption method, an AES symmetric key encryption method, a DES encryption method, and the like, so as to obtain a rule ciphertext and generate a corresponding detection certificate. And comparing the detection certificate with the verification certificate to determine whether the user of the client successfully decrypts the rule ciphertext.

Illustratively, MD5 value encryption is an MD5 value that generates a 32-bit alphanumeric code that can encrypt the values in the image conversion rule data. Therefore, whether the original data is changed or not can be quickly determined through the MD5 value, the method is easy to implement, and the probability that the MD5 value is accidentally the same is low.

Illustratively, the AES symmetric key is implemented by encrypting a value in the image conversion rule data by an encryption code.

In some embodiments, based on the mac address of the client to be deployed, an RSA public key and a corresponding RSA private key are generated; and encrypting the numerical value through the RSA public key to obtain a rule ciphertext, and generating a detection certificate according to the RSA private key and the rule ciphertext. The RSA private key generated during deployment can be used as a first RSA private key, and the first RSA private key is used for generating a detection certificate; the RSA private key input by the user when the user uses the encrypted target detection model provided by the application can be used as the second RSA private key, and the second RSA private key is used for generating the verification certificate.

When encryption is carried out, a mac address corresponding to a client needs to be obtained first, an RSA public key and a corresponding RSA private key are generated according to the mac address, the numerical value is encrypted through the RSA public key, a rule ciphertext is obtained, and since the first RSA private key is used for decrypting the RSA public key, a decryption relation of the first RSA private key used for decrypting the rule ciphertext is formed, and a detection certificate is generated according to the decryption relation.

Due to the uniqueness of the public key certificates of the client or different accounts, namely, the public key certificates corresponding to different clients or different accounts are different; therefore, when different clients or different accounts want to use the encrypted target detection model provided by the application, the detection credentials calculated by the server according to the public key of the client are different. Specifically, the corresponding RSA public key and the corresponding RSA private key are determined according to the client mac address provided by the user, so that the encrypted target detection model provided by the present application can be used only after the corresponding client is deployed.

Illustratively, for example, a user needs to make a project, the project includes the encrypted target detection model provided by the application, the user provides a mac address of a client to be deployed, and the server allocates a public key and a private key to the client, wherein the public key represents the identity of the client and corresponds to a unique private key. Therefore, the privacy of the model can be better ensured.

It should be noted that, after the encryption is completed, when the model is delivered to the user of the client, the corresponding RSA private key is provided to the user of the client, so that the user can decrypt the model through the RSA private key when using the model.

S103, performing image conversion on the training image set according to the image conversion rule data to obtain converted image data.

Specifically, image conversion is performed on all images in the training image set by using the image conversion rule data, so that converted image data is obtained.

In some embodiments, the training image set is subjected to letterbox conversion based on the image conversion rule data to obtain image data meeting preset image parameters, and the image meeting the preset image parameters is taken as converted image data, where the preset image parameters include but are not limited to image size and image resolution. Thereby, distortion of the image caused by using resize transformation can be avoided.

The letterbox conversion may be to perform operations such as size conversion, scaling, translation, mirror image conversion, and the like on an image, and the preset image parameter may be an image parameter required when the target detection model is input, specifically may include an image parameter such as an image size, an image resolution, an image color, and the like, and may be any value and any color, which is not limited specifically herein.

Specifically, let tterbox may be used to fill and modify the image size to obtain an image and an original image target frame that meet the target size, remove the gray edges of the image according to the original image target frame and the image that meet the target size, and reduce the size of the target frame to obtain image data that meet the preset image parameters, and use the image that meet the preset image parameters as the converted image data.

Illustratively, the letterbox conversion is performed on all images in the training image set based on the image conversion rule data, such as the image conversion rule data is performed on the RGB values of the images, the specified resampling mode, the image rotation angle, and the image mirror inversion mode, conversion is performed according to the above-mentioned rule, for example, RGB values of the image may be rearranged to (255,69,0) and (0,0,0) corresponding to orange red and black, respectively, in a manner of adjacent sampling and 45 ° of image rotation angle, the image mirror image turning mode is vertical turning, the image initial coordinate is (0,0) and the aspect ratio scaling ratio is 2:1, and finally, through the letterbox conversion, thus, an image which accords with the preset image parameters is obtained, and the image which accords with the preset image parameters is used as converted image data.

And S104, inputting the converted image data into a neural network for training to obtain a target detection model.

The target detection model may be used to detect the position information and the category information of the target object. The preset target detection model may include an image target detection model such as a YOLO neural network model, an RCNN neural network model, and the like. The YOLO neural network model is a convolutional neural network that can predict multiple target positions and categories at one time, and can implement end-to-end target detection and identification, and the greatest advantage of the model is that the detection speed is high.

Specifically, the converted image data is divided into a training set, a verification set and a test set, the training set is input into a neural network to train a target detection model, so that the converted image data is learned, a rough target detection model is established by matching image parameters required by the target detection model, and then the verification set is used for adjusting parameters of the target detection model, such as selecting the number of hidden units in the neural network and determining parameters for controlling the complexity of the network structure or the model. And finally, testing the resolving power, such as the recognition rate and other performances of the trained model through the test set so as to achieve the performance of the test, and selecting the optimal model as a target detection model. Therefore, the neural network can be trained through the open source data set, and a corresponding target detection model is obtained.

And S105, configuring the rule ciphertext in the target detection model to obtain the encrypted target detection model.

The rule ciphertext is configured in the target detection model, namely, the target detection model is encrypted, the encrypted target detection model is a target detection model to be issued and can be directly delivered to a user for use, the encrypted target detection model can be directly delivered to the user for use, the user needs to decrypt the rule ciphertext before using the rule ciphertext, and the encrypted target detection model can be used after decryption is successful.

In the target detection training, most of the data set provided by the user is not in accordance with the image parameters input by the target detection model, so before the target detection, the image parameters need to be converted to obtain the image in accordance with the preset image parameters, and the image in accordance with the preset image parameters is input into the target detection model for detection.

Therefore, the rule ciphertext is configured in the target detection model, so that the user needs to decrypt the rule ciphertext before using the encrypted target detection model provided by the application, and after the decryption is successful, the target detection model converts the image provided by the user, and then uses the encrypted target detection model. If the decryption is unsuccessful, the target detection model does not convert the image provided by the user, and the user cannot use the encrypted target detection model.

After the encrypted target detection model is obtained, the encrypted target detection model is sent to a user, and before the user uses the target detection model, the user needs to decrypt the target detection model, and the specific steps of decrypting the target detection model are described below.

In some embodiments, an image detection instruction sent by a client is obtained, wherein the image detection instruction comprises an image to be identified and verification information; decrypting the encrypted target detection model according to the verification information; if the encrypted target detection model is successfully decrypted according to the verification information, the image to be identified is converted through the image conversion rule data to obtain a converted image; and inputting the converted image into the target detection model for target detection to obtain the position information and the category of the target object in the image to be recognized. The authentication information may be authentication information, and may use authentication information such as a password, a key, a fingerprint, and the like.

Specifically, when the user uses the encrypted target detection model provided by the application, the encrypted target detection model can be decrypted according to the verification information; if the encrypted target detection model is successfully decrypted according to the verification information, the image to be identified is converted through the image conversion rule data to obtain a converted image; and if the encrypted target detection model is not successfully decrypted according to the verification information, image conversion cannot be carried out.

In some embodiments, an image detection instruction sent by a client is obtained, and a verification certificate is generated according to the image detection instruction, wherein the image detection instruction comprises an image to be identified; if the verification certificate is consistent with the detection certificate, converting the image to be identified through the image conversion rule data to obtain a converted image; and inputting the converted image into the encrypted target detection model for target detection to obtain the position information and the category of a target object in the image to be identified. The image detection instruction comprises a second RSA private key and an image to be identified, and the image to be identified is an image which needs to be subjected to target detection by a user. The second RSA private key is an RSA private key provided by a user, and may be the same as or different from the first RSA private key.

Specifically, whether the verification certificate is consistent with the detection certificate is detected; if the verification certificate is consistent with the detection certificate, converting the image to be identified through the image conversion rule data to obtain a converted image; if the verification certificate is inconsistent with the detection certificate, the decryption is unsuccessful, and the image conversion of the image to be identified cannot be carried out.

For example, a user may input a corresponding image to be identified at a client, such as a computer, and the image detection instruction obtained from the client further includes a private key signature of the client. Specifically, the client signs the image detection instruction by using a private key certificate of the client to obtain a second RSA private key.

Wherein the private key certificate is a digital encryption certificate provided by microsoft, and the signature is created using a public key signature algorithm such as RSA public key cryptography. The private key is known only to its owner, while the public key can be used by anyone. If one key is used for encryption, another key is used for decryption. Further, the decryption key cannot be reasonably calculated from the encryption key. Thus, the encryption using the RSA has higher security.

In some embodiments, the rule ciphertext is obtained and an authentication credential is generated from the rule ciphertext and the second RSA private key. Therefore, the rule ciphertext can be decrypted by using the RSA private key provided by the user to obtain a corresponding verification certificate, and the verification certificate is used for comparing with the detection certificate so as to determine whether the RSA private key provided by the user is matched.

Specifically, a rule ciphertext is obtained through a Software Development Kit (SDK) pre-configured in the client server, and the rule ciphertext is decrypted through a second RSA private key, so that a corresponding verification certificate is generated.

In some embodiments, if the verification certificate is consistent with the detection certificate, the rule ciphertext is decrypted through an RSA private key to obtain a pre-deployed client mac address which is used as a first mac address; acquiring a mac address of a current client as a second mac address, and detecting whether the first mac address is consistent with the second mac address; and if the first mac address is consistent with the second mac address, acquiring the image conversion rule data and converting the image to be recognized according to the image conversion rule data to obtain a converted image. Therefore, whether the model runs on a pre-deployed server can be verified through the mac address, and the use permission of model running is improved. The mac address of the client can be queried by inputting a corresponding query instruction on the computer.

Specifically, whether the first mac address is consistent with the second mac address is detected, and if the first mac address is consistent with the second mac address, the image conversion rule data is acquired to convert the image to be recognized, and a converted image is obtained; and if the first mac address is inconsistent with the second mac address, the image conversion rule data cannot be acquired.

The step of detecting whether the verification certificate is consistent with the detection certificate is specifically to detect whether a second RSA private key in an image detection instruction is matched with a public key of a rule ciphertext or not, and because the private key cannot be disclosed under normal conditions, and the private key signature of a third party is not matched.

Illustratively, if the first mac address is, for example, E0-77-BC-8D-10-36 and the second mac address is also E0-77-BC-8D-10-36, the first mac address is the same as the second mac address, the image conversion rule data is obtained to perform conversion processing on the image to be recognized, and a converted image is obtained.

In some embodiments, the letterbox conversion is performed on the data to be recognized based on the image conversion rule data to obtain a converted image, and the converted image is input into the encrypted target detection model to perform target detection, so as to obtain the position information and the category of the target object in the image to be recognized.

Specifically, after the user decrypts the encrypted target detection model, the server performs lettbex conversion on data to be recognized according to the image conversion rule data obtained by decryption to obtain an image meeting the image input requirement of the target detection model, and inputs the converted image into the encrypted target detection model for target detection to obtain the position information and the category of a target object in the image to be recognized.

In some embodiments, the target detection is performed on the image to be recognized based on the target detection model, so as to obtain a central point coordinate, a width and a height and a confidence score corresponding to an image frame, and the position information and the category of a target object in the image to be recognized are determined according to the central point coordinate, the width and the confidence score corresponding to the image frame.

Specifically, taking the target detection model as a YOLO neural network model as an example, the YOLO neural network model divides an input image into S × S meshes, and if the center of an object falls within a certain mesh, the corresponding mesh is responsible for detecting the object. During training and testing, each network predicts B bounding boxes (image borders), each bounding box corresponds to 5 prediction parameters, and the 5 prediction parameters are the center point coordinates (x, y), the width and the height (w, h) and the confidence score (confidence) of the bounding box respectively.

The confidence score is used for reflecting the confidence that the current bounding box contains the target object and the accuracy of the target position predicted by the current bounding box, and if the target object does not exist in the bounding box, the probability that the object belongs to a certain class is 0. And if the target object exists, predicting the probability that the object belongs to a certain class under the condition that the object exists according to the predicted bounding box and the real bounding box, and taking the class with the highest probability as the class of the target object.

For example, assuming a common C-type object, if the input image is divided into 7 × 7 grids (S ═ 7), each grid predicts 2 bounding boxes (B ═ 2), and there are 20 types of objects to be detected (C ═ 20), it is equivalent to finally predict a vector with a length of S × S (B × 5+ C) ═ 7 × 7 ═ 30 as the target object, so that the position information of the target object can be determined based on the vector and the coordinates.

Referring to fig. 3, fig. 3 is a schematic block diagram of an encryption apparatus for a target detection model according to an embodiment of the present application, where the encryption apparatus for a target detection model can be configured in a server for executing the aforementioned encryption method for a target detection model.

As shown in fig. 3, the encryption apparatus 200 of the object detection model includes: a training set generation module 201, a data encryption module 202, an image conversion module 203, a model training module 204 and a ciphertext configuration module 205.

It should be noted that, as will be clear to those skilled in the art, for convenience and brevity of description, the specific working processes of the apparatus, the modules and the units described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

The methods, apparatus, and devices of the present application are operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.

For example, the method and apparatus described above may be implemented in the form of a computer program that can be run on a computer device as shown in fig. 4.

Referring to fig. 4, fig. 4 is a schematic diagram of a computer device according to an embodiment of the present disclosure. The computer device may be a server.

As shown in fig. 4, the computer device includes a processor, a memory, and a network interface connected by a system bus, wherein the memory may include a nonvolatile storage medium and an internal memory.

The non-volatile storage medium may store an operating system and a computer program. The computer program includes program instructions that, when executed, cause a processor to perform any one of the object detection model encryption methods.

The processor is used for providing calculation and control capability and supporting the operation of the whole computer equipment.

The internal memory provides an environment for the execution of a computer program on a non-volatile storage medium, which when executed by the processor, causes the processor to perform any one of the methods for encryption of the object detection model.

The network interface is used for network communication, such as sending assigned tasks and the like. Those skilled in the art will appreciate that the configuration of the computer apparatus is merely a block diagram of a portion of the configuration associated with aspects of the present application and is not intended to limit the computer apparatus to which aspects of the present application may be applied, and that a particular computer apparatus may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.

It should be understood that the Processor may be a Central Processing Unit (CPU), and the Processor may be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, etc. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

Wherein, in some embodiments, the processor is configured to execute a computer program stored in the memory to implement the steps of: acquiring an open source image set, and screening the open source image set to obtain a training image set; based on a preset image conversion rule, carrying out random rule conversion on the training image set to generate image conversion rule data, and carrying out encryption processing on the image conversion rule data to obtain a rule ciphertext; performing image conversion on the training image set according to the image conversion rule data to obtain converted image data; inputting the converted image data into a neural network for training to obtain a target detection model; and configuring the rule ciphertext in the target detection model to obtain an encrypted target detection model.

In some embodiments, the processor is further configured to: determining whether a target object exists in each image in the open source image set; and labeling the target object in the image with the target object to obtain a labeled image set, and taking the labeled image set as a training image set.

In some embodiments, the processor is further configured to: based on a preset image conversion rule tool, randomly generating a rule according to the training image set to obtain image conversion rule data, wherein the image conversion rule data comprises an image conversion rule and a corresponding numerical value; and encrypting the numerical value to obtain a rule ciphertext.

In some embodiments, the processor is further configured to: generating an RSA public key and a corresponding RSA private key according to the mac address of the client to be deployed; and encrypting the numerical value through the RSA public key to obtain a rule ciphertext, and generating a detection certificate according to the RSA private key and the rule ciphertext.

In some embodiments, the processor is further configured to: carrying out letterbox conversion on the training image set based on the image conversion rule data to obtain image data which accords with preset image parameters, and taking the image which accords with the preset image parameters as converted image data, wherein the preset image parameters comprise image size and image resolution.

In some embodiments, the processor is further configured to: acquiring an image detection instruction sent by a client, and generating a verification certificate according to the image detection instruction, wherein the image detection instruction comprises an image to be identified; if the verification certificate is consistent with the detection certificate, converting the image to be identified through the image conversion rule data to obtain a converted image; and inputting the converted image into the encrypted target detection model for target detection to obtain the position information and the category of a target object in the image to be identified.

In some embodiments, the processor is further configured to: if the verification certificate is consistent with the detection certificate, decrypting the rule ciphertext through an RSA private key to obtain a pre-deployed client mac address serving as a first mac address; acquiring a mac address of a current client as a second mac address, and detecting whether the first mac address is consistent with the second mac address; and if the first mac address is consistent with the second mac address, acquiring the image conversion rule data and converting the image to be recognized according to the image conversion rule data to obtain a converted image.

The embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, where the computer program includes program instructions, and the program instructions, when executed, implement any one of the encryption methods of the object detection model provided in the embodiment of the present application.

The computer-readable storage medium may be an internal storage unit of the computer device described in the foregoing embodiment, for example, a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the computer device.

Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.

The invention relates to a novel application mode of computer technologies such as storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like of a block chain language model. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.

While the invention has been described with reference to specific embodiments, the scope of the invention is not limited thereto, and those skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method for encrypting an object detection model, the method comprising:

2. The method of claim 1, wherein the filtering the open-source image set to obtain a training image set comprises:

determining whether a target object exists in each image in the open source image set;

and labeling the target object in the image with the target object to obtain a labeled image set, and taking the labeled image set as a training image set.

3. The method of claim 1, wherein the performing random rule transformation on the training image set based on a preset image transformation rule to generate image transformation rule data, and performing encryption processing on the image transformation rule data to obtain a rule ciphertext comprises:

based on a preset image conversion rule tool, randomly generating a rule according to the training image set to obtain image conversion rule data, wherein the image conversion rule data comprises an image conversion rule and a corresponding numerical value;

and encrypting the numerical value to obtain a rule ciphertext.

4. The method of claim 3, further comprising:

generating an RSA public key and a corresponding RSA private key according to the mac address of the client to be deployed;

the encrypting the numerical value to obtain a rule ciphertext includes:

and encrypting the numerical value through the RSA public key to obtain a rule ciphertext, and generating a detection certificate according to the RSA private key and the rule ciphertext.

5. The method of claim 4, further comprising:

acquiring an image detection instruction sent by a client, and generating a verification certificate according to the image detection instruction, wherein the image detection instruction comprises an image to be identified;

if the verification certificate is consistent with the detection certificate, converting the image to be identified through the image conversion rule data to obtain a converted image;

and inputting the converted image into the encrypted target detection model for target detection to obtain the position information and the category of a target object in the image to be identified.

6. The method according to claim 5, wherein if the verification certificate is consistent with the detection certificate, the converting the image to be recognized through the image conversion rule data to obtain a converted image comprises:

if the verification certificate is consistent with the detection certificate, decrypting the rule ciphertext through an RSA private key to obtain a pre-deployed client mac address serving as a first mac address;

acquiring a mac address of a current client as a second mac address, and detecting whether the first mac address is consistent with the second mac address;

and if the first mac address is consistent with the second mac address, acquiring the image conversion rule data and converting the image to be recognized according to the image conversion rule data to obtain a converted image.

7. The method of claim 1, wherein the image transforming the training image set according to the image transformation rule data to obtain transformed image data comprises:

carrying out letterbox conversion on the training image set based on the image conversion rule data to obtain image data which accords with preset image parameters, and taking the image which accords with the preset image parameters as converted image data, wherein the preset image parameters comprise image size and image resolution.

8. An encryption apparatus based on an object detection model, comprising:

9. A computer device, wherein the computer device comprises a memory and a processor;

the memory for storing a computer program;

the processor is used for executing the computer program and realizing the following when the computer program is executed:

an encryption method for an object detection model as claimed in any one of claims 1 to 7.

10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, causes the processor to implement the encryption method of the object detection model according to any one of claims 1 to 7.