Detection method and system for model tilt attack

• Main Authors: XU MING, YIN QIAN'AN, LIU SHENG, TAO JINGLONG, WANG QIFAN, YU XIANZHE, LIANG SHUYUN, ZHOU XIAOYONG, MA YING, WEI GUOFU
• Format: Patent
• Language: Chinese; English
• Published: 30.04.2021
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; HANDLING RECORD CARRIERS; PHYSICS; PRESENTATION OF DATA; RECOGNITION OF DATA; RECORD CARRIERS

The invention discloses a detection method and system for a model tilt attack. The detection method comprises the following steps of S1, obtaining a tampered training data set data11 and a tampered test data set data22; s2, performing word segmentation processing on the data set sample to obtain an N-dimensional sample data feature vector V; s3, encoding the N-dimensional sample data feature vector V to generate a sample fingerprint; and S4, performing similarity matching on the obtained fingerprint to obtain a sample set with high similarity, namely tampered data. According to the detection method for the attack mode that model classification inclines due to the fact that a large number of similar texts exist in training data, it is guaranteed that a large number of repetitions exist in sample data through manual modification of the sample data, the sample data are more accurate, and quick recognition can be achieved based on fingerprint similarity matching. In addition, the detection method provided by the