• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学 ›› 2022, Vol. 44 ›› Issue (11): 1959-1968.

• 计算机网络与信息安全 • 上一篇    下一篇

深度神经网络模型后门植入与检测技术研究综述

马铭苑,李虎,王梓斌,况晓辉   

  1. (军事科学院系统工程研究院信息系统安全技术重点实验室,北京 100101)
  • 收稿日期:2021-12-17 修回日期:2022-03-04 接受日期:2022-11-25 出版日期:2022-11-25 发布日期:2022-11-25

A survey of backdoor implantation and detection techniques on deep neural network model

MA Ming-yuan,LI Hu,WANG Zi-bin,KUANG Xiao-hui   

  1. (National Key Laboratory of Science and Technology on Information System Security,
    Institute of System and Engineering,Academy of Military Sciences,Beijing 100101,China)
  • Received:2021-12-17 Revised:2022-03-04 Accepted:2022-11-25 Online:2022-11-25 Published:2022-11-25

摘要: 作为当前人工智能快速发展的代表性技术之一,深度神经网络的应用范围越来越广,由此带来的安全性问题也逐渐受到关注。现有研究主要聚焦于如何高效构造多样化的对抗样本,以实现对深度神经网络模型的欺骗,以及如何检测对抗样本并加固深度神经网络模型。但是,随着深度神经网络模型的开发越来越依赖开源数据集、预训练模型和计算框架等第三方资源,模型被植入后门的风险越来越高。从深度神经网络模型生命周期的各个环节出发,对深度神经网络模型后门植入与检测相关技术进行了归纳总结,对比分析了不同技术的主要特征与适用场景,对相关技术未来的发展方向进行了展望。

关键词: 深度神经网络, 后门植入, 后门检测, 人工智能

Abstract: As one of the representative technologies of the rapid development of artificial intelligence, deep neural network has been applied more and more widely, and the security problems brought by it have gradually attracted attention. Existing studies mainly focus on how to efficiently construct diverse adversarial samples to cheat deep neural network models, and how to detect adversarial samples and reinforce deep neural network models. However, with the development of deep neural network models increasingly relying on open-source data sets, pre-trained models, computing frameworks and other third-party resources, the risk of models being implanted into backdoors is increasing. Starting from each link of the life cycle of deep neural network models, this paper summarizes the related technologies and methods of backdoor implantation and detection of deep neural network models, compares and analyzes the main characteristics and applicable scenarios of different methods, and prospects the future development direction of related technologies.

Key words: deep neural network, backdoor implantation, backdoor detection, artificial intelligence