融合安全保护机制的深度检索推荐技术研究

The popularity of the internet and smart devices facilitated the generation of big data in recent years. To solve information overload, information retrieval and recommendation systems adopted deep learning models to mine the feature interactions of information objects and user behavior, in order to return more relevant results. However, the application of deep models have brought severe challenges: 1) the data security problem: adversarial samples in the big data can affect the performance of models when they can’t differentiate them from normal samples; 2) the model security problem: minor perturbations of training samples can serious affect the model obtained through training and cause its malfunctioning; 3) tradeoff of model performance against security. This project aims to study three aspects and conduct simulation experiments, including data security techniques, model security techniques and performance-security balance techniques. The expected outcome includes innovations in adversarial sample generation, model attack/defense, trade-off techniques of performance and security.

近年来，互联网的普及和电脑、手机等智能设备的流行催生了海量数据。为了在大数据时代下解决信息过载的问题，信息检索推荐系统在近年来逐渐转向利用深度学习模型，来对信息对象之间的特征以及用户交互历史进行深度挖掘，更准确地返回相关结果。然而，采用深度学习技术的信息检索推荐系统却遇到技术上的严峻挑战：1）数据安全问题：海量数据中可能存在攻击样本，当和正常数据混杂一起而模型不能有效区分时，就会对模型正常发挥效能带来挑战；2）模型安全问题：对抗性攻击通过对模型输入数据进行微小扰动，在人类容易忽视的情况下，干扰、影响深度学习模型的训练过程，使模型功能异常；3）性能与安全性权衡问题。本项目在深度检索推荐系统中围绕三个方面进行研究并开展仿真和验证实验，具体包括研究数据安全保护技术、模型安全保护技术以及性能和安全权衡技术。实现对抗样本生成技术方法创新、攻击和防护方法创新，与安全性和性能权衡技术创新。