ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2020, Vol. 57 ›› Issue (9): 2001-2008.doi: 10.7544/issn1000-1239.2020.20190462

• 人工智能 • 上一篇    

基于动态约束自适应方法抵御高维鞍点攻击

李德权1,许月1,薛生2   

  1. 1(安徽理工大学数学与大数据学院 安徽淮南 232001);2(安徽理工大学能源与安全学院 安徽淮南 232001) (dqli@aust.edu.cn)
  • 出版日期: 2020-09-01
  • 基金资助: 
    国家重点研发计划项目(2018YFF0301000);国家自然科学基金项目(61472003);安徽省学术和技术带头人及后备人选项目(2019H211);安徽省淮南市“50·科技之星”创新团队项目

Defending Against Dimensional Saddle Point Attack Based on Adaptive Method with Dynamic Bound

Li Dequan1, Xu Yue1, Xue Sheng2   

  1. 1(School of Mathematics and Big Data, Anhui University of Science and Technology, Huainan, Anhui 232001);2(School of Energy and Security, Anhui University of Science and Technology, Huainan, Anhui 232001)
  • Online: 2020-09-01
  • Supported by: 
    This work was supported by the National Key Research and Development Program of China(2018YFF0301000), the National Natural Science Foundation of China (61472003), the Academic and Technical Leaders and the Backup Candidates of Anhui Province (2019H211), and the Program of the Innovation Team of “50 Star of Science and Technology” of Huainan, Anhui Province.

摘要: 随着大数据时代的到来,分布式机器学习已广泛应用于处理海量数据.其中最常用的是分布式随机梯度下降算法,但其易受到不同类型的Byzantine攻击.为了解决在分布式高维Byzantine环境下,能最大弹性限度地抵御蓄意攻击问题并有效求解优化问题.基于梯度更新规则,首先提出了一种新的Byzantine攻击方式——鞍点攻击.并分析了当目标函数陷入鞍点时,相比较于自适应和非自适应方法,所提出的动态约束自适应方法能够更快逃离鞍点,进而在数据集分类问题上做了比对实验.其次,提出了一种过滤Byzantine个体的聚合规则Saddle(·),理论分析表明它是高维Byzantine弹性.因此,在分布式高维Byzantine环境下,采用动态约束的自适应优化方法结合聚合规则Saddle(·)能够有效抵御鞍点攻击.最后,从数据集分类实验结果的错误率和误差方面比较并分析了动态约束自适应与自适应和非自适应方法的优劣性.结果表明,结合聚合规则Saddle(·)的动态约束自适应在分布式高维Byzantine环境下受鞍点攻击的影响较小.

关键词: 分布式优化, 高维Byzantine, 鞍点攻击, 动态约束自适应, 聚合规则Saddle(·)

Abstract: With the advent of the era of big data, distributed machine learning has been widely applied to process massive data. The most commonly used one is the distributed stochastic gradient descent algorithm, but it is vulnerable to different types of Byzantine attacks. In order to maximize the elastic limit to defend against attacks and optimize objective function in the distributed dimensional Byzantine environment based on the gradient update rule, firstly a new Byzantine attack method—saddle point attack is proposed in this paper. Contrasting with the adaptive non-adaptive methods, the adaptation with dynamic bound escapes the saddle point fast when the objective function is stuck in the saddle point. The comparative experiment is made on the classification of data sets. Secondly, an aggregation rule Saddle(·) for filtering Byzantine agents is proposed, and it is proved that the rule is the dimensional Byzantine resilience. Therefore, in the distributed dimensional Byzantine environment, the adaptive optimization method with dynamic bound combined with the aggregation rule Saddle(·) can effectively defend against the saddle point attack. Finally, the error rate of the data set classification in the experimental results is compared to analyze the advantages and disadvantages of the adaptation with dynamic bound over the adaptive and non-adaptive methods. The result shows that the adaptation with dynamic bound combined with the aggregation rule Saddle(·) is less affected by the saddle point attack in the distributed dimensional Byzantine environment.

Key words: distributed optimization, dimensional Byzantine, saddle point attack, the adaption with dynamic bound, the aggregation rule Saddle(·)

中图分类号: