To address the problem that deep neural network models are vulnerable to integrity damage,a Fast-MIV(model integ-rity verification)algorithm was proposed for the neural network model integrity verification based on reversible watermarking and model compression pruning theory.The redundancy of the model was explored based on model pruning compression theory.Weight parameters of the model that showed little impact on model's original tasks were preprocessed to construct the parameter sequence to be embedded.The difference extended reversible watermarking algorithm was used to embed the neural network watermark,which was sensitive to model tampering,on the neural network convolution layer to achieve integrity verification.Comprehensive experiments were conducted based on the typical ImageNet data benchmarks of VGG19,DenseNet-121,ResNet-50 and Inception-v3.The results show that Fast-MIV quickly verifies the integrity of the model and the damage degree of the model without affecting the accuracy of the original classification task of the model,and it can respond to data poisoning attack and structural damage.
关键词
完整性验证/可逆水印/剪枝/差值扩展/数据中毒攻击/神经网络/预训练
Key words
integrity verification/reversible watermark/prune/difference expansion/data poisoning attack/neural network/pre training
维普
万方数据