CN114358278A - Training method and device of neural network model - Google Patents
Training method and device of neural network model Download PDFInfo
- Publication number
- CN114358278A CN114358278A CN202111423212.7A CN202111423212A CN114358278A CN 114358278 A CN114358278 A CN 114358278A CN 202111423212 A CN202111423212 A CN 202111423212A CN 114358278 A CN114358278 A CN 114358278A
- Authority
- CN
- China
- Prior art keywords
- training
- neural network
- network model
- model
- data set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Image Analysis (AREA)
Abstract
The disclosure provides a training method and device of a neural network model. The method comprises the following steps: acquiring an original data set corresponding to the attack defense requirement of the neural network model; pre-training the neural network model by using the original data set to obtain a pre-training model; and performing supplementary training on the pre-training model by utilizing a training data set based on a covariance matrix adaptive evolution strategy CMA-ES to obtain a target model. According to the training method and device for the neural network model, the neural network is subjected to supplementary training by using the neural network training algorithm based on the covariance matrix adaptive evolution strategy, the robust neural network model is obtained, the accuracy and the efficiency of the confrontation and defense of the neural network are improved, and the safety of a deep learning related system is ensured.
Description
Technical Field
The disclosure relates to the field of deep learning, in particular to a training method and device of a neural network model.
Background
Machine learning techniques, particularly deep learning, are widely used in life, including military, industrial, medical, and internet fields. However, as machine learning related technologies and systems are more and more widely used in various infrastructures in various fields around the world, more and more malicious persons and organizations are targeting related systems in an attempt to attack them; the attack of the machine learning system can bring serious consequences to the scene applying the machine learning system, and the security problem of the machine learning system is gradually concerned by people along with the development and application of the machine learning system.
How to establish an effective defense mechanism is the key to ensure the safety of the machine learning system. The defense technologies in the prior art include an attack detection defense method based on Trojan horse pattern recognition, an confrontation training defense method which utilizes network gradient information and generates a confrontation network, a confrontation defense method based on neuron repair and pruning, and the like. However, most defense technologies realize attack detection or construction of defense models by knowing the mode information of attack samples; there is no effective method for preventing the pattern information of unknown attack samples.
Disclosure of Invention
In view of this, the present disclosure provides a method and an apparatus for training a neural network model.
In view of the above, one or more embodiments of the present disclosure provide a training method of a neural network model, including: acquiring an original data set corresponding to the attack defense requirement of the neural network model;
pre-training the neural network model by using the original data set to obtain a pre-training model;
and performing supplementary training on the pre-training model by utilizing a training data set based on a covariance matrix adaptive evolution strategy CMA-ES to obtain a target model.
As a further improvement of an embodiment of the present disclosure, based on a covariance matrix adaptive evolution strategy CMA-ES, the pre-training model is subjected to a supplementary training using the training data set to obtain a target model, including the following steps:
s41 modeling the middle layer variation of the pre-training model as a multi-dimensional Gaussian distribution;
s42, sampling a candidate solution set of the intermediate layer parameters in the multidimensional Gaussian distribution to form a plurality of candidate neural network models;
s43, generating a training data set from the original data set based on the structure and parameter information of the candidate neural network model according to a training data generation mode selected by a user;
s44 inputting the training data set into the candidate neural network model, and evaluating the robustness of the candidate neural network model;
s45, sorting according to the robustness from high to low, and selecting a candidate neural network model with a preset proportion from the highest robustness as a preferred neural network model;
s46, updating the parameters of the multidimensional Gaussian distribution based on the intermediate layer parameters of the optimized neural network model to obtain new multidimensional Gaussian distribution;
repeating the steps S42 to S46 until a preset termination condition is satisfied, and taking the preferred neural network model as a target model.
As a further improvement of an embodiment of the present disclosure, the preset termination condition is:
at least one of a number of iterations of the iteration threshold, an accuracy threshold, or the accuracy is no longer elevated during the iteration.
As a further improvement of an embodiment of the present disclosure, modeling the middle layer variation of the pre-training model as a multi-dimensional gaussian distribution includes:
modeling a solution space of the middle layer parameters of the pre-training model as a multi-dimensional Gaussian distribution N (mu, sigma)2C) Wherein mu is the mean value of distribution, sigma is the learning step length, and C is the covariance matrix;
and acquiring intermediate layer parameter values of the pre-training model, taking the parameter values as the initial mean value mu of the multidimensional Gaussian distribution, and initializing a learning step length sigma in the range of 0.0001-0.1.
As a further improvement of an embodiment of the present disclosure, the learning step σ is initialized to 0.1.
As a further improvement of an embodiment of the present disclosure, the acquiring the original data set includes:
selecting at least one of a public data set or a custom data set that matches a usage scenario of the pre-trained model as raw data, the raw data set including a picture of a pixel-level matrix data store.
As a further improvement of an embodiment of the present disclosure, according to a training data generation manner selected by a user, a training data set is generated from the original data set based on the structure and parameter information of the candidate neural network model, including the following steps:
and generating the training data set by adopting a multi-step training data generation mode based on the structure and parameter information of the candidate neural network model.
As a further improvement of an embodiment of the present disclosure, the multi-step training data generating manner includes: and generating training data by adopting a projection gradient descent mode.
As a further improvement of an embodiment of the present disclosure, the robustness of the candidate neural network model includes at least one of a loss function value such as a cross entropy and a classification accuracy of the training data set.
One or more embodiments of the present disclosure provide a neural network confrontation defense apparatus, including:
a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of training a neural network model as described above when executing the program.
From the above, the training method and device for the neural network model provided by the disclosure utilize the covariance matrix to model the randomness of the unknown attack, and utilize the combination of the evolutionary strategy algorithm and the neural network fine tuning technology, so as to improve the defense capability of the network against the unknown attack and further improve the security of the deep learning related system on the premise of ensuring the effect of the network against the known attack. The method is not limited by the condition of the data set and the specific model, and the specified model is subjected to supplementary training or repairing according to the conditions of different data sets, so that the efficiency of the defense of the neural network is improved, and the safety of a deep learning related system is improved.
Specific embodiments are disclosed in detail with reference to the following description and the accompanying drawings, which specify the manner in which the principles of the disclosed technology may be employed. It is to be understood that the embodiments of the present disclosure are not so limited in scope. The embodiments of the present disclosure include many variations, modifications, and equivalents within the spirit and scope of the appended claims. Features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments, in combination with or instead of the features of the other embodiments.
Drawings
In order to more clearly illustrate the technical solutions in the present disclosure or related technologies, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic diagram of a training method of a neural network model provided in an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a method for performing a supplementary training on a pre-training model to obtain a target model according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of a neural network defense apparatus according to an embodiment of the disclosure.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present disclosure should have a general meaning as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the disclosure is not intended to indicate any order, quantity, or importance, but rather to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items.
Referring to fig. 1, a training method of a neural network model provided in an embodiment of the present disclosure includes the following steps:
s1, acquiring an original data set corresponding to the attack defense requirement of the neural network model;
s2, pre-training the neural network model by using the original data set to obtain a pre-training model;
and S3, performing supplementary training on the pre-training model by using a training data set based on a covariance matrix adaptive evolution strategy CMA-ES to obtain a target model.
For step S1, an original data set corresponding to the attack defense requirement of the neural network model is obtained, and the original data set is selected according to the usage scenario or the test scenario of the pre-training model to be optimized.
The original data set may be an existing public data set or may be an uploaded custom data set. The raw data is represented in the form of "pictures stored in pixel-level matrix data". The raw data is used for training a neural network model, such as a classification system, face recognition and the like. In the disclosure, the original data has two purposes, namely, the original data is used for training a pre-training model to be optimized; the other purpose is to generate training data by the following selected training data generation mode.
For step S2, the neural network model is pre-trained with the raw data set to obtain a pre-trained model. Before the optimization starts, the pre-training model to be optimized is a pre-training model trained by raw data, i.e. a neural network model trained in a preceding step using raw data. The pre-training model can use a classical network structure or a custom network structure, input original data into the pre-training model, and complete pre-training by matching with the pre-training model.
Specifically, according to the requirements of the user's equipment and model application scenarios, different pre-training models are selected, for example, the neural network models such as ResNet18 and ResNet50, and the difference between ResNet18 and ResNet50 is that the two neural network models have different structural layers. In the case where a fast acquisition optimization model is required, a neural network model with a smaller number of structural layers, such as ResNet18, may be used. In the case where a relatively safe model needs to be obtained, a neural network model with a larger number of architectural layers, such as ResNet50, may be used.
The use of common neural network models can be implemented using the open source tool TensorFlow, pytorch, etc. Both TensorFlow and pytorech are tools for implementation of neural network models. If the classical neural network model does not meet the use requirement, uploading a user-defined network structure model as a pre-training model; the user-defined network structure model file can be a py file written in a python language; and inputting the acquired original data set into the selected pre-training model, and obtaining the available pre-training model when the classification accuracy of the pre-training model on the original data set is higher than a preset threshold value.
Referring to step S3, please refer to fig. 2, which is a schematic diagram of the target model obtained by performing supplementary training on the pre-training model with a training data set based on the covariance matrix adaptive evolution strategy CMA-ES provided in the embodiment of the present disclosure.
In step S41, the middle layer variation of the pre-training model is modeled as a multi-dimensional gaussian distribution. And extracting intermediate layer parameters of the pre-training model to be optimized, wherein the extracted intermediate layer of the neural network model comprises all network layers except the first layer and the last layer. Modeling a solution space of the intermediate layer parameters of the pre-training model as a multi-dimensional Gaussian distribution N (mu, sigma)2C) In that respect Where μ is the mean of the distribution, σ is the learning step size, and C is the covariance matrix. Taking the intermediate layer parameter value of the pre-training model to be optimized as the initial mean value mu 0 of Gaussian distribution; then initializing a learning step length sigma 0 in an interval of 0.0001-0.1; more preferably, the learning step σ 0 is initialized at 0.1.
And step S42, sampling a candidate solution set of the intermediate layer parameters in the multidimensional Gaussian distribution to form a plurality of candidate neural network models. Sampling and collecting all candidate solution sets in the current multidimensional Gaussian distribution, wherein each candidate solution corresponds to a candidate neural network model; and replacing the intermediate layer parameters of the pre-training model to be optimized with the intermediate layer parameters obtained by sampling to obtain a plurality of candidate neural network models.
Step S43, generating a training data set from the original data set based on the structure and parameter information of the candidate neural network model according to a training data generation manner selected by the user. The source of the training data set is original data, and on the basis of the original data, artificial attack data are obtained through calculation and are used for training a pre-training model to be optimized. The mode for generating the training data comprises a single-step training mode and a multi-step training data generating mode, wherein the time overhead of the single-step training mode is small, but the precision is relatively low; the time overhead for multi-step generation of training data is large, but the accuracy is relatively high.
Under the condition of high requirement on the training speed, a single-step data generation mode with low overhead can be selected; when the requirement on the training speed is not high, a data generation mode with longer time, such as a PGD (projection gradient descent mode) based mode, can be selected; the PGD carries out multiple iterations, each iteration is carried out by a small step, and the perturbation can be projected into a specified range; the PGD is used as the strongest first-order attack, and in all the first-order confrontation samples, the PGD is considered as the optimal method in effect; the simulation effect on the attack data of the real scene is higher, and the effect is better improved; in this embodiment, a multi-step manner of generating training data is preferable.
The generation of training data is based on the structure and model parameters of a pre-training model to be optimized, and when the training data is generated, the specific structure and model parameters of the pre-training model to be optimized are obtained firstly, wherein the specific structure and model parameters comprise the number of hidden layers of a deep neural network, the number of neurons in each layer, an input layer, an output layer and the like; and generating training data on the original data set according to the selected training data generation mode.
And step S44, inputting the training data set into the candidate neural network model, and evaluating the robustness of the candidate neural network model. And (4) respectively inputting the training data obtained in the step (S43) into the candidate neural network models to obtain the classification results of different candidate neural network models on the training data, and evaluating the robustness of the candidate neural network models. It will be appreciated by those skilled in the art that a variety of common parameters may be used in evaluating the robustness of a candidate neural network model, for example, to calculate the classification accuracy of the classification results. Preferably, the robustness of the candidate neural network model includes at least one of a loss function value such as a classification accuracy and a cross entropy of the training data set.
And step S45, sorting according to the robustness from high to low, and selecting a candidate neural network model with a preset proportion from the highest robustness as a preferred neural network model. After the robustness evaluation results of the candidate neural networks are obtained based on the step S44, all the candidate neural networks are ranked from high to low based on the robustness, and a candidate neural network model with a certain ratio of robustness from high to low is selected as the preferred neural network model. Preferably, the candidate neural network model ranked at the top 30% is selected as the preferred neural network model.
And step S46, updating the parameters of the multidimensional Gaussian distribution based on the intermediate layer parameters of the optimized neural network model to obtain new multidimensional Gaussian distribution. And acquiring parameters of the middle layer of the optimal neural network model, updating parameters such as mean value, covariance and the like of the multidimensional Gaussian distribution, and calculating to obtain the novel multidimensional Gaussian distribution. And then, through the new multidimensional gaussian distribution, the processes of establishing a candidate neural network model, generating a training data set, evaluating the robustness of the candidate neural network model, selecting a preferred neural network model, and updating the multidimensional gaussian distribution based on the preferred neural network model are performed as described in the steps S43 to S46. The optimal intermediate layer parameters are obtained through the circulation process.
And step S46, repeating the steps until the preset termination condition is met. And judging whether a preset termination condition is met, and stopping the operation of the algorithm when the iteration turns reach a preset number threshold, or the robustness parameter in the evaluation result exceeds a preset robustness parameter threshold, or the robustness parameter is not increased after multiple generations, wherein the selected optimal neural network model is the optimized target neural network model.
Optionally, the training method of the neural network model provided by the present disclosure further includes: and generating simulated attack data, and testing the robustness of the optimized neural network model. The generation of the simulated attack data is based on the structure and the model parameters of the optimized neural network model, the simulated attack data is generated on an original data set according to a selected training data generation mode, the simulated attack data is input into the optimized neural network model to obtain a classification result of the optimized neural network model, and the classification result is compared with a correct classification result of the simulated attack data, so that the classification correct rate of the optimized neural network model is obtained and is used as a robustness evaluation index to evaluate the robustness of the optimized neural network model.
From the above, the training method of the neural network model provided by the invention utilizes the covariance matrix to model the randomness of the unknown attacks, and utilizes the combination of the evolutionary strategy algorithm and the neural network fine tuning technology, so that the defense capability of the network to the unknown attacks is further improved on the premise of ensuring the effect of the network to the known attacks, and the safety of the deep learning related system is further improved. The method and the device for defending the other side of the neural network are not limited by the condition of a data set and the structure of a neural network model, the accuracy and the efficiency of defending the neural network are improved, and the safety of a deep learning related system is improved.
Based on the same inventive concept, corresponding to any embodiment method, the disclosure also provides a neural network confrontation defense device. The neural network confrontation defense device comprises: the data set selection unit is used for selecting an original data set according to specific requirements; and the model selection unit is used for selecting the existing neural network model as a pre-training model to be optimized. The influence of the pre-training models to be optimized with different structures is mainly reflected in the difference between the training overhead and the model accuracy brought by the models with different complexity. And the robust training module is used for training the robustness of the pre-training model to be optimized. The robust training module generates training data based on the original data, and trains and optimizes the intermediate layer parameters of the pre-training model to be optimized through a covariance matrix-based adaptive evolution strategy, so that the confrontation and defense capacity is provided for the neural network model.
Optionally, the neural network defense device further includes a data set uploading unit, configured to select to upload the custom data set when the public data set fails to meet the requirement.
Optionally, the neural network defense device further comprises a neural network model uploading unit, configured to upload a file of a custom neural network model structure, and preferably, the model file is a py file written in python language.
Further, the neural network confrontation defense device further comprises a testing module, and the testing module comprises: the test data generation unit is used for generating attack test data aiming at the optimized neural network model according to the original data; and the robustness evaluation unit is used for inputting the test data into the optimized neural network model to obtain a classification result of the optimized neural network model, and comparing the classification result with a correct classification result of the test data to obtain a robustness evaluation index of the optimized neural network model, and the robustness evaluation index is used for evaluating the robustness of the optimized neural network model.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the various modules may be implemented in the same one or more software and/or hardware implementations of the present disclosure.
The apparatus of the foregoing embodiment is used to implement the training method of the neural network model corresponding to any one of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
It should be noted that the method of the embodiments of the present disclosure may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may only perform one or more steps of the method of the embodiments of the present disclosure, and the devices may interact with each other to complete the method.
It should be noted that the above describes some embodiments of the disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, corresponding to any embodiment of the method, the disclosure further provides a neural network confrontation defense device, which includes a memory, a processor, and a computer program stored in the memory and running on the processor, wherein the processor implements the training method of the neural network model according to any embodiment when executing the program.
Fig. 3 is a schematic diagram illustrating a hardware structure of a neural network defense apparatus provided in this embodiment, where the apparatus may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The apparatus of the foregoing embodiment is used to implement the training method of the neural network model corresponding to any one of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the present disclosure, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in detail for the sake of brevity.
The disclosed embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalents, improvements, and the like that may be made within the spirit and principles of the embodiments of the disclosure are intended to be included within the scope of the disclosure.
Claims (10)
1. A training method of a neural network model is characterized by comprising the following steps:
acquiring an original data set corresponding to the attack defense requirement of the neural network model;
pre-training the neural network model by using the original data set to obtain a pre-training model;
and performing supplementary training on the pre-training model by utilizing a training data set based on a covariance matrix adaptive evolution strategy CMA-ES to obtain a target model.
2. The method for training the neural network model according to claim 1, wherein the pre-training model is subjected to supplementary training by using a training data set based on a covariance matrix adaptive evolution strategy (CMA-ES) to obtain a target model, and the method comprises the following steps:
s41 modeling the middle layer variation of the pre-training model as a multi-dimensional Gaussian distribution;
s42, sampling a candidate solution set of the intermediate layer parameters in the multidimensional Gaussian distribution to form a plurality of candidate neural network models;
s43, generating a training data set from the original data set based on the structure and parameter information of the candidate neural network model according to a training data generation mode selected by a user;
s44 inputting the training data set into the candidate neural network model, and evaluating the robustness of the candidate neural network model;
s45, sorting according to the robustness from high to low, and selecting a candidate neural network model with a preset proportion from the highest robustness as a preferred neural network model;
s46, updating the parameters of the multidimensional Gaussian distribution based on the intermediate layer parameters of the optimized neural network model to obtain new multidimensional Gaussian distribution;
repeating the steps S42 to S46 until a preset termination condition is satisfied, and taking the preferred neural network model as a target model.
3. The method for training a neural network model according to claim 2, wherein the predetermined termination condition is:
at least one of a number of iterations threshold, a robustness parameter threshold, or the robustness parameter is no longer elevated during the iteration.
4. The method of training of a neural network model of claim 2, wherein modeling the mid-level variation of the pre-trained model as a multi-dimensional gaussian distribution comprises:
modeling a solution space of the middle layer parameters of the pre-training model as a multi-dimensional Gaussian distribution N (mu, sigma)2C) Wherein mu is the mean value of distribution, sigma is the learning step length, and C is the covariance matrix;
and acquiring intermediate layer parameter values of the pre-training model, taking the parameter values as the initial mean value mu of the multidimensional Gaussian distribution, and initializing a learning step length sigma in the range of 0.0001-0.1.
5. The method of claim 4, wherein the learning step size σ is initialized to 0.1.
6. The method of claim 1, wherein the obtaining a raw data set comprises:
selecting at least one of a public data set or a custom data set that matches a usage scenario of the pre-trained model as raw data, the raw data set including a picture of a pixel-level matrix data store.
7. The method for training a neural network model according to claim 2, wherein a training data set is generated from the raw data set based on the structure and parameter information of the candidate neural network model according to a training data generation manner selected by a user, comprising the steps of:
and generating the training data set by adopting a multi-step training data generation mode based on the structure and parameter information of the candidate neural network model.
8. The method of claim 7, wherein the multi-step generation of training data comprises: and generating training data by adopting a projection gradient descent mode.
9. The method of claim 2, wherein the robustness of the candidate neural network model includes at least one of a loss function value such as a classification accuracy and a cross entropy for the training data set.
10. An apparatus for training a neural network model, comprising:
memory, processor and computer program stored on the memory and executable on the processor, which when executed by the processor implements a method of training a neural network model as claimed in any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111423212.7A CN114358278A (en) | 2021-11-26 | 2021-11-26 | Training method and device of neural network model |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111423212.7A CN114358278A (en) | 2021-11-26 | 2021-11-26 | Training method and device of neural network model |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114358278A true CN114358278A (en) | 2022-04-15 |
Family
ID=81096487
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111423212.7A Pending CN114358278A (en) | 2021-11-26 | 2021-11-26 | Training method and device of neural network model |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114358278A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116527411A (en) * | 2023-07-05 | 2023-08-01 | 安羚科技(杭州)有限公司 | Data security intelligent protection model construction method and device and collaboration platform |
| CN117331339A (en) * | 2023-12-01 | 2024-01-02 | 南京华视智能科技股份有限公司 | Coating machine die head motor control method and device based on time sequence neural network model |
-
2021
- 2021-11-26 CN CN202111423212.7A patent/CN114358278A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116527411A (en) * | 2023-07-05 | 2023-08-01 | 安羚科技(杭州)有限公司 | Data security intelligent protection model construction method and device and collaboration platform |
| CN116527411B (en) * | 2023-07-05 | 2023-09-22 | 安羚科技(杭州)有限公司 | Data security intelligent protection model construction method and device and collaboration platform |
| CN117331339A (en) * | 2023-12-01 | 2024-01-02 | 南京华视智能科技股份有限公司 | Coating machine die head motor control method and device based on time sequence neural network model |
| CN117331339B (en) * | 2023-12-01 | 2024-02-06 | 南京华视智能科技股份有限公司 | Coating machine die head motor control method and device based on time sequence neural network model |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Carlini et al. | Towards evaluating the robustness of neural networks | |
| CN111475797B (en) | Method, device and equipment for generating countermeasure image and readable storage medium | |
| CN114358278A (en) | Training method and device of neural network model | |
| CN111260620B (en) | Image anomaly detection method and device and electronic equipment | |
| CN111866004B (en) | Security assessment method, apparatus, computer system, and medium | |
| Kleyko et al. | Integer echo state networks: Efficient reservoir computing for digital hardware | |
| CN111694937A (en) | Interviewing method and device based on artificial intelligence, computer equipment and storage medium | |
| CN112905997B (en) | Method, device and system for detecting poisoning attack facing deep learning model | |
| CN111985411A (en) | Energy trace preprocessing method based on Sinc convolution noise reduction self-encoder | |
| CN111914994A (en) | Method and device for generating multilayer perceptron, electronic equipment and storage medium | |
| CN115439708A (en) | Image data processing method and device | |
| Jia et al. | When in doubt: Improving classification performance with alternating normalization | |
| CN116827685B (en) | Dynamic defense strategy method of micro-service system based on deep reinforcement learning | |
| CN115834251B (en) | Hypergraph-transform-based threat hunting model building method | |
| CN111914884A (en) | Gradient descent tree generation method and device, electronic equipment and storage medium | |
| CN116665282A (en) | Face recognition model training method, face recognition method and device | |
| CN112560881A (en) | Object identification method and device and data processing method | |
| CN114677556A (en) | Countermeasure sample generation method of neural network model and related equipment | |
| Hewage et al. | Optimizing the trade-off between classification accuracy and data privacy in the area of data stream mining | |
| CN116266273A (en) | Neural network generation method, neural network generation device, neural network image processing device and storage medium | |
| CN113836005A (en) | Virtual user generation method and device, electronic equipment and storage medium | |
| CN113934813A (en) | Method, system and equipment for dividing sample data and readable storage medium | |
| CN111581640A (en) | Malicious software detection method, device and equipment and storage medium | |
| US11609936B2 (en) | Graph data processing method, device, and computer program product | |
| CN117454187B (en) | Integrated model training method based on frequency domain limiting target attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |