Deploying neural-trojan-resistant convolutional neural networks

Authors

Robert Anthony Karam
Brooks Allen Olney

Document Type

Article

Publication Date

October 2023

Patent Number

11785024

Abstract

In some implementation, a system for identifying malicious attacks on a convolutional neural network (CNN) model includes a target computing system that performs classification of objects using a CNN model, and an attack identification computing system that identifies an injected neural attack. The attack identification computing system can be configured to generate, based on the CNN model and associated parameters, an ecosystem of CNN models by modifying original weights of the parameters associated with the CNN model; update the original weights of the parameters with the modified weights; store, in a secure data store, the updated weights of the parameters; generate, based on the updated weights, an update file for the CNN model; update, using the update file, the CNN model; and transmit the updated CNN model to a targeting computing system configured to detect neural attacks by an attacker computing system based on the updated CNN model.

Application Number

17/208616

Recommended Citation

Karam, Robert Anthony and Olney, Brooks Allen, "Deploying neural-trojan-resistant convolutional neural networks" (2023). USF Patents. 1363.
https://digitalcommons.usf.edu/usf_patents/1363

Assignees

University of South Florida

Filing Date

03/22/2021