Adversarial example detection method and apparatus, computing device, and non-volatile computer-readable storage medium
US10936973B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 27, 2020 |
| Grant date | Mar 2, 2021 |
| Priority date | — |
| Expiry date | Jul 27, 2040 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06N7/01
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
An adversarial example detection method includes: acquiring training examples and training example labels corresponding thereto, wherein the training example labels comprises normal examples and adversarial examples; inputting the training examples into a target model to obtain a first predicted score vector of the training examples; adding a random perturbation at N times to the training examples to obtain N groups of comparative training examples; respectively inputting the N groups of comparative training examples into the target model to obtain a second predicted score vector of each group of comparative training examples; constructing feature data according to the first predicted score vector and the second predicted score vector of each group of comparative training examples; training a classification model according to the feature data and the training example labels corresponding to the feature to obtain a detector; and detecting input test data according to the detector.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.