CN113723604B - Neural network training method and device, electronic equipment and readable storage medium - Google Patents
Neural network training method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN113723604B CN113723604B CN202010456574.5A CN202010456574A CN113723604B CN 113723604 B CN113723604 B CN 113723604B CN 202010456574 A CN202010456574 A CN 202010456574A CN 113723604 B CN113723604 B CN 113723604B
- Authority
- CN
- China
- Prior art keywords
- neural network
- trained
- training
- layer
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013528 artificial neural network Methods 0.000 title claims abstract description 154
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000003062 neural network model Methods 0.000 claims abstract description 19
- 230000006835 compression Effects 0.000 claims description 18
- 238000007906 compression Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 17
- 238000013139 quantization Methods 0.000 claims description 6
- 239000010410 layer Substances 0.000 description 134
- 238000010586 diagram Methods 0.000 description 9
- 238000011176 pooling Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000000605 extraction Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 235000012434 pretzels Nutrition 0.000 description 1
- 239000002356 single layer Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000011282 treatment Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Biomedical Technology (AREA)
- Mathematical Physics (AREA)
- Data Mining & Analysis (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Computational Linguistics (AREA)
- Biophysics (AREA)
- Evolutionary Computation (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Image Analysis (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides a neural network training method, a device, electronic equipment and a readable storage medium, wherein the neural network training method comprises the following steps: processing the first type training data by using a fixed layer of the neural network to be trained to obtain encryption characteristics; and training the trainable layer of the neural network to be trained based on the encryption characteristics and the second type training data until the neural network to be trained converges. The method can improve the performance of the neural network model under the condition of ensuring the safety of the first type training data.
Description
Technical Field
The present disclosure relates to deep learning technology, and in particular, to a neural network training method, device, electronic apparatus, and readable storage medium.
Background
Online learning is a learning method which uses online unsupervised data to train, thereby further improving the generalization performance of the model in the deployed actual environment. In an online learning system, it is often necessary to use some or all of the original supervised data to assist in training to ensure performance of the model. Because of the privacy and confidentiality of the data involved, the original supervised data cannot be directly stored at the deployment end of the online learning system. The common file is stored in an encrypted mode, and the scheme participating in training after decryption has the risks of key leakage and unsafe data memory. In this case, encryption training is an effective scheme for securing data.
In encryption training, the data does not need to be decrypted, but rather participates in the training directly in the form of ciphertext. Existing encryption training schemes include symmetric encryption schemes, training data plus noise encryption schemes, and self-encoder encryption schemes.
The symmetric encryption scheme ensures that the encryption training model is consistent with the original data training, so that the performance of the model is ensured; however, the original data can be restored after the secret key is revealed, and the data security risk exists; meanwhile, the symmetric encryption scheme can only be applied to models such as a single-layer perceptron and the like which do not comprise nonlinear operation, and cannot be applied to a deep neural network.
Training data plus noise encryption schemes encrypt raw data by adding noise to the raw data. However, since noise changes the mode of the original data, the performance of the model is seriously degraded due to too much noise; the confidentiality of the original data is insufficient with too little noise.
The self-encoder encryption scheme trains a self-encoder to perform feature extraction on the original data, learns the mode of the original data by using hidden layer features, and serves as encrypted data. However, when the decoder parameters are revealed, the original data can still be restored through the hidden layer features and the decoder, and a certain data security risk exists. In addition, when the original data pattern is complex (picture, video, etc.) and the data size is large, it is difficult for self-encoding to learn good hidden layer features to represent all patterns of the original data; the performance of the cryptographically trained model in this case is also greatly affected.
Disclosure of Invention
In view of the foregoing, the present application provides a neural network training method, a neural network training device, an electronic device, and a readable storage medium.
Specifically, the application is realized by the following technical scheme:
according to a first aspect of embodiments of the present application, there is provided a neural network training method, including:
processing the first type training data by using a fixed layer of the neural network to be trained to obtain encryption characteristics; the first type training data are original supervised data, the fixed layer is the front N layers of the neural network to be trained, the fixed layer comprises at least one nonlinear layer, and N is a positive integer;
and training the trainable layer of the neural network to be trained based on the encryption characteristics and second type training data until the neural network to be trained converges, wherein the second type training data is online acquired training data.
According to a second aspect of embodiments of the present application, there is provided a neural network training device, including
The data processing unit is used for encrypting the first type training data by utilizing the fixed layer of the neural network to be trained so as to obtain encryption characteristics; the first type training data are original supervised data, the fixed layer is the front N layers of the neural network to be trained, the fixed layer comprises at least one nonlinear layer, and N is a positive integer;
the training unit is used for training the trainable layer of the neural network to be trained based on the encryption characteristics and second type training data until the neural network to be trained converges, wherein the second type training data is online acquired training data.
According to a third aspect of embodiments of the present application, there is provided an electronic device comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor for executing the machine-executable instructions to implement the above-described neural network training method.
According to a fourth aspect of embodiments of the present application, there is provided a machine-readable storage medium having stored thereon machine-executable instructions which, when executed by a processor, implement the above-described neural network training method.
The technical scheme that this application provided can bring following beneficial effect at least:
the first type training data is processed by utilizing the fixed layer of the neural network to be trained to obtain encryption characteristics, and based on the encryption characteristics and the second type training data, the trainable layer of the neural network to be trained is trained until the neural network to be trained converges, and the performance of the neural network model is improved under the condition of ensuring the safety of the first type training data.
Drawings
FIG. 1 is a flow chart of a neural network training method according to an exemplary embodiment of the present application;
FIG. 2 is a flow chart of training a trainable layer of a neural network to be trained based on processed encryption characteristics and a second type of training data, as shown in an exemplary embodiment of the present application;
FIG. 3 is a flow chart of training a trainable layer of a neural network to be trained based on encryption features and a second type of training data, as shown in an exemplary embodiment of the present application;
FIG. 4A is a flow chart illustrating one example embodiment of the present application for deriving encryption features;
FIG. 4B is a flow chart of a method of neural network training, as shown in an exemplary embodiment of the present application;
FIG. 5A is a schematic diagram of a neural network shown in an exemplary embodiment of the present application;
FIG. 5B is a flow diagram illustrating one data set encryption shown in an exemplary embodiment of the present application;
FIG. 5C is a flow diagram of an online training process, as shown in an exemplary embodiment of the present application;
FIG. 6 is a schematic diagram of a neural network training device, according to an exemplary embodiment of the present application;
fig. 7 is a schematic diagram of a hardware structure of an electronic device according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
The terminology used in the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the present application. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
In order to better understand the technical solutions provided by the embodiments of the present application and make the above objects, features and advantages of the embodiments of the present application more obvious, the technical solutions in the embodiments of the present application are described in further detail below with reference to the accompanying drawings.
Referring to fig. 1, a flowchart of a neural network training method provided in an embodiment of the present application, as shown in fig. 1, the neural network training method may include the following steps:
it should be noted that, in the embodiment of the present application, if not specifically described, the neural network to be trained refers to a neural network that has been pre-trained, and the embodiment of the present application will not be repeated later.
Step S100, encrypting the first type training data by utilizing a fixed layer of the neural network to be trained to obtain an encryption characteristic; the fixed layer is the front N layers of the neural network to be trained, and comprises at least one nonlinear layer, wherein N is a positive integer.
In the embodiment of the application, as the convolution layer and the pooling layer of the neural network are the lossy feature extraction process, original data can not be restored even if middle features and parameters of the convolution layer are known; therefore, the data are encrypted through the convolution layer and the pooling layer of the neural network, so that the data privacy and safety can be effectively ensured.
In addition, since the fine adjustment of the fixed shallow parameters of the pre-trained neural network model has little influence on the performance, the fixed shallow parameters of the pre-trained neural network model are kept unchanged in the training process, and the influence on the performance of the neural network model is little.
Based on this, in order to ensure the performance of the neural network model while ensuring the security of the first type training data, the pre-preset number of layers of the neural network to be trained may be used as a fixed layer (the parameters of the fixed layer do not participate in the training of the neural network), and the first type training data is encrypted by using the fixed layer, so as to encrypt the first type training data, and obtain the encryption feature corresponding to the first type training data.
Illustratively, the first type of training data is raw supervised data.
Illustratively, to ensure security of the first type of training data, the fixed layer used to encrypt the first type of training data needs to include at least one non-linear layer (e.g., a pooling layer, an activation layer, etc.).
It should be noted that, because the parameters of the fixed layers of the neural network do not participate in training, the larger the number of the fixed layers is, the larger the influence on the performance of the neural network model is; in addition, the greater the number of fixed layers of the neural network, the higher the security of the data processed by the fixed layers of the neural network, and therefore, when setting the fixed layers of the neural network, it is necessary to consider the performance of the neural network model and the security of the processed data in a balanced manner (too many fixed layers may cause too poor performance of the neural network model, and too few fixed layers may cause too poor security of the data processed by the fixed layers).
For example, the layer in the first 1-2 blocks of the neural network may be determined as a fixed layer of the neural network.
In addition, in the embodiment of the present application, in step S100, the encryption processing of the first type of training data by using the fixed layer of the neural network to be trained may be performed offline, that is, the encryption of the first type of training data is performed offline, and the training of the neural network is performed online.
And step S110, training a trainable layer of the neural network to be trained based on the encryption characteristics and the second type training data until the neural network to be trained converges.
In this embodiment of the present application, after the encryption feature is obtained according to the manner described in step S100, the trainable layer of the neural network to be trained may be trained based on the obtained encryption feature and the second type training data until the neural network to be trained converges.
Illustratively, the trainable layers of the neural network to be trained include the remaining layers other than the fixed layer, which generally includes a convolutional layer of a higher layer of the neural network to be trained and a fully-connected layer, parameters of the trainable layer being trained during online training of the neural network.
Illustratively, the second type of training data is online acquired training data, such as online unsupervised data.
It can be seen that, in the method flow shown in fig. 1, the front N layers of the neural network to be trained including at least one nonlinear layer are set as fixed layers, and the fixed layers of the neural network to be trained are utilized to process the first type training data so as to obtain the encryption feature, and based on the encryption feature and the second type training data, the trainable layers of the neural network to be trained are trained until the neural network to be trained converges, so that the performance of the neural network model is improved under the condition of ensuring the security of the first type training data.
In one embodiment, after the encryption processing is performed on the first type of training data by using the fixed layer of the neural network to be trained in step S100, the method may further include:
the encryption characteristics are subjected to appointed processing so as to improve the safety of the encryption characteristics or/and reduce the storage space occupied by the encryption characteristics;
in step S110, training the trainable layer of the neural network to be trained based on the encryption feature and the second type of training data may include:
based on the processed encryption characteristics and the second type of training data, the trainable layer of the neural network to be trained is trained.
For example, in order to further improve the security of the first type training data and/or reduce the storage space occupied by the encryption feature, after the encryption processing is performed on the first type training data by using the fixed layer of the neural network to be trained to obtain the encryption feature, the encryption feature may be further subjected to the designated processing.
In one example, the designation process may include, but is not limited to, one or more of quantization, clipping, and compression.
Illustratively, the compression is lossy compression.
Accordingly, after the processed encryption feature is obtained, the trainable layer of the neural network to be trained can be trained based on the processed encryption feature and the second type training data when on-line training is performed.
In one example, as shown in fig. 2, the training of the trainable layer of the neural network to be trained based on the processed encryption feature and the second type of training data may include the following steps:
step 200, when the designated processing includes compression, decompressing the processed encryption feature;
step S210, training a trainable layer of the neural network to be trained based on the decompressed encryption characteristics, processing second-type training data by using a fixed layer of the neural network to be trained, and training the trainable layer of the neural network to be trained based on the processed second-type training data.
For example, when the neural network to be trained is trained online, if the encryption feature is compressed, when the trainable layer of the neural network to be trained is trained based on the encryption feature, the compressed encryption feature needs to be decompressed first to obtain the decompressed encryption feature.
On the one hand, when on-line training of the neural network is performed, the trainable layer of the neural network to be trained can be trained based on the decompressed encryption characteristics; on the other hand, the trainable layer of the neural network to be trained may be trained based on the second type of training data.
The encryption characteristics are characteristics processed by the fixed layer of the neural network to be trained, so that when the encryption characteristics are input into the neural network to be trained, the fixed layer of the neural network to be trained can not process the encryption characteristics any more, and the trainable layer of the neural network to be trained is trained by utilizing the encryption characteristics.
When the second type of training data is input to the neural network to be trained, the second type of training data needs to be processed by using a fixed layer of the neural network to be trained, and the trainable layer of the neural network to be trained is trained based on the processed second type of training data.
In one embodiment, as shown in fig. 3, training the trainable layer of the neural network to be trained based on the encryption feature and the second type of training data in step S110 may include the following steps:
and step S111, performing characteristic enhancement on the encryption characteristic.
Step S112, training the trainable layer of the neural network to be trained based on the encrypted features with the added features and the second type training data.
For example, in order to enhance the richness of the data and improve the performance of the neural network model, when the trainable layer of the neural network to be trained is trained based on the encryption feature, the encryption feature may be enhanced, that is, some information or change data is added to the encryption feature through a certain means, for example, gaussian noise or pretzel noise is added, and based on the encryption feature with the added feature and the second type of training data, the trainable layer of the neural network to be trained is trained.
In this embodiment, if the encrypted feature used for training the trainable layer of the neural network to be trained is the compressed encrypted feature, before the feature enhancement processing is performed on the encrypted feature, the compressed encrypted feature needs to be decompressed and the decompressed encrypted feature needs to be subjected to the feature enhancement processing.
In order to enable those skilled in the art to better understand the technical solutions provided by the embodiments of the present application, the technical solutions provided by the embodiments of the present application are described below with reference to specific examples.
In this embodiment, the neural network training system may include two parts: the first part is an off-line data set encryption subsystem, and the second part is an on-line training subsystem; wherein:
the off-line data set encryption subsystem uses a shallow layer (i.e., the first N layers) of the neural network model to be trained as an encryption layer, and processes the first type of training data to obtain encryption characteristics, where the flowchart may be as shown in fig. 4A. Forward calculation is carried out on the first type training data through a fixed layer of the model, and a feature map is obtained; then cutting and quantizing the feature map to reduce the size of the feature map; then further compressing and storing by using a compression algorithm of picture storage, including but not limited to run-length coding, JPEG (one image format) compression and the like; the final feature is the encrypted data of the first type training data.
Because the first type training data is subjected to a series of non-restorable processes such as convolution, pooling, quantization, clipping, compression and the like, the encrypted data can effectively protect the safety of the first type training data. In addition, the encrypted data is used as the middle layer characteristic of the model, and a subsequent layer can be added for training, so that the performance of the model is ensured.
The on-line training system trains parameters of the non-fixed layer (i.e. the trainable layer) of the neural network model to be trained by utilizing the encryption characteristics corresponding to the first type training data and the second type training data together, so that the performance of the model in a deployed practical environment is further improved, and a realization flow chart can be shown as a figure 4B.
For example, in order to enhance the richness of the data and improve the performance of the neural network model, the encryption feature may be enhanced, and further, the encrypted feature after the enhancement processing and the second type training data after the processing of the fixed layer of the network to be trained are utilized, where the two features are combined to train the parameters of the trainable layer of the neural network to be trained, so that the performance of the neural network model is improved.
For example, please refer to fig. 5A, which is a schematic diagram of a neural network according to an embodiment of the present application, the neural network includes a convolution layer and a full connection layer.
Illustratively, a pooling layer, not shown, may also be included between the convolution layers.
In this example, the convolutional layers include the fixed convolutional layer of the bottom layer (i.e., the fixed layer described above) and the trainable convolutional layer of the higher layer. The fixed convolution layer is used as an encryption layer for encrypting the first type of training data, and the parameters of the fixed convolution layer do not participate in training; the parameters of the trainable convolutional layer and the fully-connected layer (i.e., the trainable layer described above) are trained in an online training process.
Fig. 5B is a schematic flow chart of data set encryption provided in the embodiment of the present application, where, as shown in fig. 5B, after any picture in the first type training data set is subjected to forward computation by the fixed convolution layer, feature diagrams of a plurality of channels are obtained, and the feature diagrams hide features of an original picture, but retain data features related to tasks; and then carrying out quantization, clipping, compression and other treatments on the feature map to obtain the final encrypted feature.
Fig. 5C is a schematic flow chart of an online training process provided in the embodiment of the present application, as shown in fig. 5C, the encryption feature is decompressed to obtain a corresponding lossy feature map (left column), and the second type training data is calculated forward through the fixed convolution layer to obtain a corresponding feature map (right column), where the feature maps are input together into the subsequent trainable convolution layer and the full connection layer, and the parameters of the layers are trained, and since the encryption of the first type training data is implemented by encrypting the first type training data through the fixed layer of the neural network to be trained, that is, the encryption feature belongs to the middle layer feature of the neural network to be trained, the encryption feature is used to participate in the training of the trainable layer of the neural network to be trained, so that the performance of the neural network model can be improved under the condition of ensuring the security of the first type training data; in addition, after the encryption feature is obtained, the encryption feature is compressed and stored by using a lossy compression algorithm and is decompressed and used when the neural network training is performed, and the influence of lossy compression loss information on data to be compressed (namely the encryption feature) is smaller, but the compression ratio is obviously larger than that of lossless compression, so that the safety of the first-type training data can be further improved and the storage space occupied by the encryption feature is obviously reduced under the condition of ensuring the performance.
According to the embodiment of the application, the first type training data is processed by the fixed layer of the neural network to be trained to obtain the encryption characteristic, and the trainable layer of the neural network to be trained is trained based on the encryption characteristic and the second type training data, so that the performance of the neural network model is improved under the condition that the safety of the first type training data is ensured.
The methods provided herein are described above. The apparatus provided in this application is described below:
referring to fig. 6, a schematic structural diagram of a neural network training device according to an embodiment of the present application is shown in fig. 6, where the neural network training device may include:
the data processing unit 610 is configured to encrypt the first type of training data by using a fixed layer of the neural network to be trained, so as to obtain an encryption feature; the first type training data are original supervised data, the fixed layer is the front N layers of the neural network to be trained, the fixed layer comprises at least one nonlinear layer, and N is a positive integer;
the training unit 620 is configured to train the trainable layer of the neural network to be trained based on the encryption feature and second type training data, where the second type training data is training data obtained online until the neural network to be trained converges.
In one possible embodiment, after the data processing unit 610 encrypts the first type of training data using the fixed layer of the neural network to be trained, the method further includes:
performing appointed processing on the encryption characteristics;
the training unit 620 trains the trainable layer of the neural network to be trained based on the encryption feature and the second type training data, including:
and training the trainable layer of the neural network to be trained based on the processed encryption characteristics and the second type training data.
In one possible embodiment, the specifying process includes one or more of the following:
quantization, clipping and compression.
In a possible embodiment, the training unit 620 trains the trainable layer of the neural network to be trained based on the processed encrypted feature and the second type of training data, including:
when the specified processing includes compression, decompressing the processed encrypted feature;
training the trainable layer of the neural network to be trained based on the decompressed encryption characteristics, processing the second type training data by using the fixed layer of the neural network to be trained, and training the trainable layer of the neural network to be trained based on the processed second type training data.
In a possible embodiment, the training unit 620 trains the trainable layer of the neural network to be trained based on the encryption feature and the second type of training data, including:
performing feature enhancement on the encryption feature;
training the trainable layer of the neural network to be trained based on the encrypted features with the increased features and the second type of training data.
Fig. 7 is a schematic hardware structure of an electronic device according to an embodiment of the present application. The electronic device may include a processor 701, a memory 702 storing machine-executable instructions. The processor 701 and the memory 702 may communicate via a system bus 703. Also, the processor 701 may perform the neural network training method described above by reading and executing machine-executable instructions in the memory 702 corresponding to the encoded control logic.
The memory 702 referred to herein may be any electronic, magnetic, optical, or other physical storage device that may contain or store information, such as executable instructions, data, or the like. For example, a machine-readable storage medium may be: RAM (Radom Access Memory, random access memory), volatile memory, non-volatile memory, flash memory, a storage drive (e.g., hard drive), a solid state drive, any type of storage disk (e.g., optical disk, dvd, etc.), or a similar storage medium, or a combination thereof.
In some embodiments, a machine-readable storage medium, such as memory 702 in fig. 7, is also provided, having stored thereon machine-executable instructions that when executed by a processor implement the neural network training method described above. For example, the machine-readable storage medium may be ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing description of the preferred embodiments of the present invention is not intended to limit the invention to the precise form disclosed, and any modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present invention are intended to be included within the scope of the present invention.
Claims (12)
1. A neural network training method, comprising:
encrypting the first type training data by using a fixed layer of the neural network to be trained to obtain encryption characteristics; the first type training data are original supervised data, the fixed layer is the front N layers of the neural network to be trained, the number of nonlinear layers in the fixed layer is more than one, and N is a positive integer; the neural network to be trained is a neural network with pretraining completed, and the neural network with pretraining completed comprises a fixed layer with pretraining completed and a trainable layer with pretraining completed; n is determined according to the performance of the neural network model and the safety of the processed data;
training the trainable layer of the neural network to be trained based on the encryption characteristics, processing second-type training data by using the fixed layer of the neural network to be trained, and training the trainable layer of the neural network to be trained based on the processed second-type training data until the neural network to be trained converges, wherein the second-type training data is online acquired training data; the trainable layer of the neural network to be trained comprises other layers except the fixed layer, and parameters of the fixed layer of the neural network to be trained remain unchanged in the process of training the trainable layer of the neural network to be trained.
2. The method of claim 1, wherein after encrypting the first type of training data with the fixed layer of the neural network to be trained, further comprising:
performing appointed processing on the encryption feature to improve the security of the encryption feature or/and reduce the storage space occupied by the encryption feature;
the training the trainable layer of the neural network to be trained based on the encryption feature comprises:
and training the trainable layer of the neural network to be trained based on the processed encryption characteristics.
3. The method of claim 2, wherein the specifying process comprises one or more of:
quantization, clipping and compression.
4. A method according to claim 3, wherein the training the trainable layer of the neural network to be trained based on the processed encryption characteristics comprises:
when the specified processing includes compression, decompressing the processed encrypted feature;
and training the trainable layer of the neural network to be trained based on the decompressed encryption characteristics.
5. The method of claim 1, wherein the training the trainable layer of the neural network to be trained based on the encryption characteristics comprises:
performing feature enhancement on the encryption feature;
and training the trainable layer of the neural network to be trained based on the encrypted characteristics after the characteristic enhancement.
6. A neural network training device, comprising:
the data processing unit is used for encrypting the first type training data by utilizing the fixed layer of the neural network to be trained so as to obtain encryption characteristics; the first type training data are original supervised data, the fixed layer is the front N layers of the neural network to be trained, the number of nonlinear layers in the fixed layer is more than one, and N is a positive integer; the neural network to be trained is a neural network with pretraining completed, and the neural network with pretraining completed comprises a fixed layer with pretraining completed and a trainable layer with pretraining completed; n is determined according to the performance of the neural network model and the safety of the processed data;
the training unit is used for training the trainable layer of the neural network to be trained based on the encryption characteristics, processing second-type training data by utilizing the fixed layer of the neural network to be trained, and training the trainable layer of the neural network to be trained based on the processed second-type training data until the neural network to be trained converges, wherein the second-type training data is online acquired training data; the trainable layer of the neural network to be trained comprises other layers except the fixed layer, and parameters of the fixed layer of the neural network to be trained remain unchanged in the process of training the trainable layer of the neural network to be trained.
7. The apparatus of claim 6, wherein the data processing unit, after encrypting the first type of training data using the fixed layer of the neural network to be trained, further comprises:
performing appointed processing on the encryption feature to improve the security of the encryption feature or/and reduce the storage space occupied by the encryption feature;
the training unit trains the trainable layer of the neural network to be trained based on the encryption characteristics, including:
and training the trainable layer of the neural network to be trained based on the processed encryption characteristics.
8. The apparatus of claim 7, wherein the designation process comprises one or more of:
quantization, clipping and compression.
9. The apparatus of claim 8, wherein the training unit trains the trainable layer of the neural network to be trained based on the processed encryption characteristics, comprising:
when the specified processing includes compression, decompressing the processed encrypted feature;
and training the trainable layer of the neural network to be trained based on the decompressed encryption characteristics.
10. The apparatus of claim 6, wherein the training unit trains the trainable layer of the neural network to be trained based on the encryption feature, comprising:
performing feature enhancement on the encryption feature;
and training the trainable layer of the neural network to be trained based on the encrypted characteristics after the characteristic enhancement.
11. An electronic device comprising a processor and a memory, the memory storing machine executable instructions executable by the processor for executing the machine executable instructions to implement the method of any of claims 1-5.
12. A machine-readable storage medium having stored thereon machine-executable instructions which, when executed by a processor, implement the method of any of claims 1-5.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010456574.5A CN113723604B (en) | 2020-05-26 | 2020-05-26 | Neural network training method and device, electronic equipment and readable storage medium |
| PCT/CN2021/096109 WO2021238992A1 (en) | 2020-05-26 | 2021-05-26 | Neural network training method and apparatus, electronic device, and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010456574.5A CN113723604B (en) | 2020-05-26 | 2020-05-26 | Neural network training method and device, electronic equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113723604A CN113723604A (en) | 2021-11-30 |
| CN113723604B true CN113723604B (en) | 2024-03-26 |
Family
ID=78672063
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010456574.5A Active CN113723604B (en) | 2020-05-26 | 2020-05-26 | Neural network training method and device, electronic equipment and readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113723604B (en) |
| WO (1) | WO2021238992A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117874794B (en) * | 2024-03-12 | 2024-07-05 | 北方健康医疗大数据科技有限公司 | Training method, system and device for large language model and readable storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016118206A2 (en) * | 2014-11-07 | 2016-07-28 | Microsoft Technology Licensing, Llc | Neural networks for encrypted data |
| JP2018045679A (en) * | 2016-09-08 | 2018-03-22 | 公立大学法人会津大学 | Sensing agent system using portable terminal, machine learning method in sensing agent system, and program for implementing the same |
| FR3057090A1 (en) * | 2016-09-30 | 2018-04-06 | Safran Identity & Security | METHODS FOR SECURELY LEARNING PARAMETERS FROM A CONVOLVED NEURON NETWORK AND SECURED CLASSIFICATION OF INPUT DATA |
| CN108776790A (en) * | 2018-06-06 | 2018-11-09 | 海南大学 | Face encryption recognition methods based on neural network under cloud environment |
| CN108876864A (en) * | 2017-11-03 | 2018-11-23 | 北京旷视科技有限公司 | Image coding, coding/decoding method, device, electronic equipment and computer-readable medium |
| CN108921282A (en) * | 2018-05-16 | 2018-11-30 | 深圳大学 | A kind of construction method and device of deep neural network model |
| CN109214193A (en) * | 2017-07-05 | 2019-01-15 | 阿里巴巴集团控股有限公司 | Data encryption, machine learning model training method, device and electronic equipment |
| CN109325584A (en) * | 2018-08-10 | 2019-02-12 | 深圳前海微众银行股份有限公司 | Federation's modeling method, equipment and readable storage medium storing program for executing neural network based |
| CN110674941A (en) * | 2019-09-25 | 2020-01-10 | 南开大学 | Data encryption transmission method and system based on neural network |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9436835B1 (en) * | 2012-01-05 | 2016-09-06 | Gokay Saldamli | Homomorphic encryption in computing systems and environments |
| CN108564587A (en) * | 2018-03-07 | 2018-09-21 | 浙江大学 | A kind of a wide range of remote sensing image semantic segmentation method based on full convolutional neural networks |
| US11575500B2 (en) * | 2018-07-25 | 2023-02-07 | Sap Se | Encrypted protection system for a trained neural network |
| CN110830515A (en) * | 2019-12-13 | 2020-02-21 | 支付宝(杭州)信息技术有限公司 | Flow detection method and device and electronic equipment |
| CN111027632B (en) * | 2019-12-13 | 2023-04-25 | 蚂蚁金服(杭州)网络技术有限公司 | Model training method, device and equipment |
-
2020
- 2020-05-26 CN CN202010456574.5A patent/CN113723604B/en active Active
-
2021
- 2021-05-26 WO PCT/CN2021/096109 patent/WO2021238992A1/en active Application Filing
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016118206A2 (en) * | 2014-11-07 | 2016-07-28 | Microsoft Technology Licensing, Llc | Neural networks for encrypted data |
| JP2018045679A (en) * | 2016-09-08 | 2018-03-22 | 公立大学法人会津大学 | Sensing agent system using portable terminal, machine learning method in sensing agent system, and program for implementing the same |
| FR3057090A1 (en) * | 2016-09-30 | 2018-04-06 | Safran Identity & Security | METHODS FOR SECURELY LEARNING PARAMETERS FROM A CONVOLVED NEURON NETWORK AND SECURED CLASSIFICATION OF INPUT DATA |
| CN109214193A (en) * | 2017-07-05 | 2019-01-15 | 阿里巴巴集团控股有限公司 | Data encryption, machine learning model training method, device and electronic equipment |
| CN108876864A (en) * | 2017-11-03 | 2018-11-23 | 北京旷视科技有限公司 | Image coding, coding/decoding method, device, electronic equipment and computer-readable medium |
| CN108921282A (en) * | 2018-05-16 | 2018-11-30 | 深圳大学 | A kind of construction method and device of deep neural network model |
| CN108776790A (en) * | 2018-06-06 | 2018-11-09 | 海南大学 | Face encryption recognition methods based on neural network under cloud environment |
| CN109325584A (en) * | 2018-08-10 | 2019-02-12 | 深圳前海微众银行股份有限公司 | Federation's modeling method, equipment and readable storage medium storing program for executing neural network based |
| CN110674941A (en) * | 2019-09-25 | 2020-01-10 | 南开大学 | Data encryption transmission method and system based on neural network |
Non-Patent Citations (10)
| Title |
|---|
| Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy;Gilad-Bachrach R等;International conference on machine learning. PMLR;20161231;全文 * |
| GELU-Net: A Globally Encrypted, Locally Unencrypted Deep Neural Network for Privacy-Preserved Learning;Zhang Q等;IJCAI;20181231;全文 * |
| Multichannel attention refinement for video question answering;Zhuang Y等;ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM);20200312;全文 * |
| Towards deep neural network training on encrypted data;Nandakumar K;Proceedings of the IEEE/CVF conference on computer vision and pattern recognition workshops;20191231;全文 * |
| 一种基于神经网络模型的在线修正优化控制;朱波等;企业开发技术;第23卷(第10期);第6页第2栏第3行-第8页第1栏第29行, 图3-4 * |
| 一种基于神经网络模型的在线修正优化控制;朱波等;企业技术开发(第10期);第6页第2栏第3行-第8页第1栏第29行, 图3-4 * |
| 基于卷积神经网络的低照度可见光与近红外图像融合;唐超影等;光学学报;20200519;第40卷(第16期);全文 * |
| 基于神经网络的视频加密与压缩技术的研究;赵婷婷;中国硕士学位论文全文库 信息科技辑;20100715;全文 * |
| 神经网络中的隐私保护研究;程琼;中国硕士学位论文全文库 信息科技辑;20200115;全文 * |
| 陈雨时.高光谱数据降维及压缩技术.哈尔滨工程大学出版社,2014,第89页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021238992A1 (en) | 2021-12-02 |
| CN113723604A (en) | 2021-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111523668B (en) | Training method and device of data generation system based on differential privacy | |
| CN111680787B (en) | Side channel curve processing method and device and electronic equipment | |
| CN111681154B (en) | Color image steganography distortion function design method based on generation countermeasure network | |
| Duan et al. | Efficient image encryption and compression based on a VAE generative model | |
| CN113298268A (en) | Vertical federal learning method and device based on anti-noise injection | |
| CN112787971A (en) | Construction method of side channel attack model, password attack equipment and computer storage medium | |
| CN115310121A (en) | Real-time reinforced federal learning data privacy security method based on MePC-F model in Internet of vehicles | |
| Fang et al. | Gifd: A generative gradient inversion method with feature domain optimization | |
| WO2022241307A1 (en) | Image steganography utilizing adversarial perturbations | |
| CN113723604B (en) | Neural network training method and device, electronic equipment and readable storage medium | |
| Das et al. | An image secret sharing technique with block based image coding | |
| Hamamoto et al. | Image watermarking technique using embedder and extractor neural networks | |
| Gupta et al. | Hybrid image compression-encryption scheme based on multilayer stacked autoencoder and logistic map | |
| CN1694400B (en) | Randomized signal transforms and their applications | |
| Yang et al. | Provably secure robust image steganography | |
| Devi et al. | A robust and optimized 3D red-cyan anaglyph blind image watermarking in the DWT domain | |
| CN117474118A (en) | Federal learning privacy protection method based on improved diffusion model | |
| Abdulmunem et al. | Advanced Intelligent Data Hiding Using Video Stego and Convolutional Neural Networks | |
| CN116309164A (en) | Image processing method and device | |
| CN114638002B (en) | Compressed image encryption method supporting similarity retrieval | |
| Xu et al. | Image encryption methods in deep joint source channel coding: A review and performance evaluation | |
| CN111275603B (en) | Security image steganography method based on style conversion and electronic device | |
| Qi et al. | Privacy-Preserving Image Classification Using ConvMixer with Adaptive Permutation Matrix | |
| Guo et al. | AISM: An Adaptable Image Steganography Model with User Customization | |
| CN111953485B (en) | Secret image sharing method with variable threshold |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |