Systems and methods of training neural networks against adversarial attacks
US11468314B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 12, 2018 |
| Grant date | Oct 11, 2022 |
| Priority date | — |
| Expiry date | Jun 29, 2041 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06V10/82
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Embodiments disclosed herein describe systems, methods, and products that generate trained neural networks that are robust against adversarial attacks. During a training phase, an illustrative computer may iteratively optimize a loss function that may include a penalty for ill-conditioned weight matrices in addition to a penalty for classification errors. Therefore, after the training phase, the trained neural network may include one or more well-conditioned weight matrices. The one or more well-conditioned weight matrices may minimize the effect of perturbations within an adversarial input thereby increasing the accuracy of classification of the adversarial input. By contrast, conventional training approaches may merely reduce the classification errors using backpropagation, and, as a result, any perturbation in an input is prone to generate a large effect on the output.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.