MTDNNF: Building the Security Framework for Deep Neural Network by Moving Target Defense*

With the development of deep neural networks in pattern classification for recognizing handwritten digits on cheques, object classification for the automated surveillance, and autonomous vehicles, the problem of DNNs confront malicious inputs has been a hot topic. In this paper, we introduced a security-enhanced framework for DNNs to conduct classification based on moving target defense (MTDNNF). Also, we presented three pivotal characteristics to realize the framework, heterogeneity, selectivity, and adaptability, which enabled MTDNNF and guaranteed security and veracity. Also, we analyzed the security and performance of MTDNNF. Those analyses show that the MTDNNF can provide significant security improvements against malicious inputs, and extra cost in performance is inessential under both massive and minimum scenarios.