Vulnerability Diagnosis and Defense Technology for Japanese DNN Models [Kagoshima University]

It is an attack technique to discover vulnerabilities in Japanese language DNN models.

■Attack techniques to discover vulnerabilities in Japanese DNN models (Proposed Method 1) - This technology automatically generates cases where a Japanese DNN model makes incorrect judgments by adding Japanese-specific character type conversions (hiragana, katakana, kanji) and word order changes while keeping the meaning intact. - It can efficiently detect weaknesses in Japanese models and be utilized to improve the quality and safety of DNNs. ■Defense techniques to enhance model safety (Proposed Method 2) - In response to the vulnerabilities discovered in Proposed Method 1, this technology adds slight perturbations such as character type conversions (re-attack) and corrects the judgments through majority voting to prevent incorrect judgments. - It can be used to prevent misjudgments caused by weaknesses in DNN models and enhance reliability. 【Verification results with commercial models】 Attack technique (Proposed Method 1) - Efficiently discovered vulnerabilities in Japanese DNN models that could not be detected by conventional methods. - Successfully attacked a commercial model (Microsoft Azure Text Analytics). Defense technique (Proposed Method 2) - Achieved a significantly higher defense success rate compared to conventional methods.

Other security