Patent · US Active

Defending against model inversion attacks on neural networks

US10733292B2 · kind B2 · utility

11Cited by

1References

20Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Frederico Araujo · White Plains, US
Jialong Zhang · White Plains, US
Teryl Paul Taylor · Danbury, US
Marc Philippe Stoecklin · Bern, CH

Key dates

Filing date	Jul 10, 2018
Grant date	Aug 4, 2020
Priority date	—
Expiry date	Jan 21, 2039

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Mechanisms are provided for protecting a neural network model against model inversion attacks. The mechanisms generate a decoy dataset comprising decoy data for each class recognized by a neural network model. The mechanisms further configure the neural network model to generate a modified output based on the decoy dataset that directs a gradient of the modified output to the decoy dataset. The neural network model receives and process input data to generate an actual output. The neural network model modifies one or more actual elements of the actual output to be one or more corresponding modified elements of the modified output, and returns the one or more corresponding modified elements, instead of the one or more actual elements, to the source computing device.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.