Training method and apparatus of adversarial attack model, generating method and apparatus of adversarial image, electronic device, and storage medium
US-2022198790-A1 · Jun 23, 2022 · US
Defending deep generative models against adversarial attacks
US12182263B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12182263-B2 |
| Application number | US-202117643896-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 13, 2021 |
| Priority date | Dec 13, 2021 |
| Publication date | Dec 31, 2024 |
| Grant date | Dec 31, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Adversarial attack detection operations may be applied on one or more deep generative models for defending deep generative models from adversarial attacks. The adversarial attack may be detected on the one or more deep generative models based on the one or more of a plurality of adversarial attack detection operations. The one or more deep generative models may be sanitized based on the adversarial attack.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for defending deep generative models from adversarial attacks in a computing environment by one or more processors comprising: applying one or more of a plurality of adversarial attack detection operations on one or more deep generative models, including a static analysis with inspection of the compute graph and weights of one or more deep generative models; detecting an adversarial attack on a first deep generative model of the one or more deep generative models based on the applied adversarial attack detection operations; and generating a sanitized deep generative model from the first deep generative model based on the detected adversarial attack. 2. The method of claim 1 , further including providing compromised data to the one or more deep generative models for testing the one or more of a plurality of adversarial attack detection operations. 3. The method of claim 1 , further including providing training data to the one or more deep generative models for testing the one or more of a plurality of adversarial attack detection operations. 4. The method of claim 1 , further including: applying a dynamic analysis on the one or more deep generative models, wherein: the plurality of adversarial attack detection operations include the dynamic analysis with analysis and inspection of inactive neurons. 5. The method of claim 1 , further including: applying a sample-based analysis on one or more deep generative models, wherein the sample-based analysis is one of the plurality of adversarial attack detection operations. 6. The method of claim 1 , further including: applying a gradient analysis on one or more deep generative models, wherein the gradient analysis is one of the plurality of adversarial attack detection operations. 7. The method of claim 1 , further including indicating one or more potential adversarial attacks and one or more components of the one or more deep generative models susceptible to the one or more potential adversarial attacks based on applying the one or more of a plurality of adversarial attack detection operations. 8. The computer-implemented method of claim 1 , wherein the detected adversarial attack is a harmful mode poisoning attack. 9. A system for defending deep generative models from adversarial attacks in a computing environment, comprising: one or more computers with executable instructions that when executed cause the system to: apply one or more of a plurality of adversarial attack detection operations on one or more deep generative models, including a static analysis with inspection of the compute graph and weights of one or more deep generative models; detect an adversarial attack on a first deep generative model of the one or more deep generative models based on the applied adversarial attack detection operations; and generate a sanitized deep generative model from the first deep generative model based on the detected adversarial attack. 10. The system of claim 9 , wherein the executable instructions when executed cause the system to provide compromised data to the one or more deep generative models for testing the one or more of a plurality of adversarial attack detection operations. 11. The system of claim 9 , wherein the executable instructions when executed cause the system to provide training data to the one or more deep generative models for testing the one or more of a plurality of adversarial attack detection operations. 12. The system of claim 9 , wherein the executable instructions when executed cause the system to apply a dynamic analysis on the one or more deep generative models, wherein the plurality of adversarial attack detection operations include the dynamic analysis with analysis and inspection of inactive neurons. 13. The system of claim 9 , wherein the executable instructions when executed cause the system to: apply a sample-based analysis on one or more deep generative models, wherein the sample-based analysis is one of the plurality of adversarial attack detection operations. 14. The system of claim 9 , wherein the executable instructions when executed cause the system to: apply a gradient analysis on one or more deep generative models, wherein the gradient analysis is one of the plurality of adversarial attack detection operations. 15. The system of claim 9 , wherein the executable instructions when executed cause the system to indicate one or more potential adversarial attacks and one or more components of the one or more deep generative models susceptible to the one or more potential adversarial attacks based on applying the one or more of a plurality of adversarial attack detection operations. 16. A computer program product for defending deep generative models from adversarial attacks in a computing environment, the computer program product comprising: one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instruction comprising: program instructions to apply one or more of a plurality of adversarial attack detection operations on one or more deep generative models, including a static analysis with inspection of the compute graph and weights of one or more deep generative models; program instructions to detect an adversarial attack on a first deep generative model of the one or more deep generative models based on the applied adversarial attack detection operations; and program instructions to generate a sanitized deep generative model from the first deep generative model based on the detected adversarial attack. 17. The computer program product of claim 16 , further including program instructions to provide compromised data to the one or more deep generative models for testing the one or more of a plurality of adversarial attack detection operations. 18. The computer program product of claim 16 , the program instructions further including: program instructions to apply a sample-based analysis on one or more deep generative models, wherein the sample-based analysis is one of the plurality of adversarial attack detection operations. 19. The computer program product of claim 16 , the program instructions further including: program instructions to apply a gradient analysis on one or more deep generative models, wherein the gradient analysis is one of the plurality of adversarial attack detection operations. 20. The computer program product of claim 16 , further including program instructions to indicate one or more potential adversarial attacks and one or more components of the one or more deep generative models susceptible to the one or more potential adversarial attacks based on applying the one or more of a plurality of adversarial attack detection operations.
Assignees
Inventors
Classifications
- G06F21/554Primary
involving event detection and direct action · CPC title
Test or assess a computer or a system · CPC title
Assessing vulnerabilities and evaluating computer system security · CPC title
- G06F21/56Primary
Computer malware detection or handling, e.g. anti-virus arrangements · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12182263B2 cover?
- Adversarial attack detection operations may be applied on one or more deep generative models for defending deep generative models from adversarial attacks. The adversarial attack may be detected on the one or more deep generative models based on the one or more of a plurality of adversarial attack detection operations. The one or more deep generative models may be sanitized based on the adversa…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 31 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).