What technology area does this patent fall under?

Primary CPC classification G06V10/82. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jun 03 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Hardened deep neural networks through training from adversarial misclassified data

US12322165B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12322165-B2
Application number	US-202017093938-A
Country	US
Kind code	B2
Filing date	Nov 10, 2020
Priority date	Jul 1, 2017
Publication date	Jun 3, 2025
Grant date	Jun 3, 2025

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Various embodiments are generally directed to techniques for training deep neural networks, such as with an iterative approach, for instance. Some embodiments are particularly directed to a deep neural network (DNN) training system that generates a hardened DNN by iteratively training DNNs with images that were misclassified by previous iterations of the DNN. One or more embodiments, for example, may include logic to generate an adversarial image that is misclassified by a first DNN that was previously trained with a set of sample images. In some embodiments, the logic may determine a second training set that includes the adversarial image that was misclassified by the first DNN and the first training set of one or more sample images. The second training set may be used to train a second DNN. In various embodiments, the above process may be repeated for a predetermined number of iterations to produce a hardened DNN.

First claim

Opening claim text (preview).

What is claimed is: 1. An apparatus, comprising: circuitry; and a memory device coupled to the circuitry, the memory device to store instructions that when executed by the circuitry cause the circuitry to: modify at least a first pixel of a base image to generate an adversarial image; present the adversarial image to a neural network (NN) to classify; determine whether the NN classified the adversarial image into a classification associated with the base image; and train the NN with the training set comprising the adversarial image based on a determination that the NN did not classify the adversarial image into the classification associated with the base image. 2. The apparatus of claim 1 , the memory device comprising instructions that when executed by the circuitry cause the apparatus to: modify at least a second pixel of the base image to generate a second adversarial image; determine whether the NN incorrectly classified the adversarial image; present the second adversarial image to the NN to classify; and determine whether the NN classified the second adversarial image into the classification associated with the base image. 3. The apparatus of claim 2 , the memory device comprising instructions that when executed by the circuitry cause the apparatus to train the NN with the training set comprising the adversarial image and the second adversarial image based on a determination that the NN did not classify the second adversarial image into the classification associated with the base image. 4. The apparatus of claim 1 , the memory device comprising instructions that when executed by the circuitry cause the apparatus to utilize a fast gradient sign method to modify the at least the first pixel of the base image. 5. The apparatus of claim 1 , the memory device comprising instructions that when executed by the circuitry cause the apparatus to minimize a Chebyshev or L-infinity distance between the base image and the adversarial image. 6. An apparatus, comprising: circuitry; and a memory device coupled to the circuitry, the memory device to store instructions that when executed by the circuitry cause the circuitry to: identify at least a first pixel of a base image based on a sliding window technique, wherein the sliding window technique is used to combine portions of the base image with the at least first pixel of the base image based on a sliding window; modify the at least first pixel of the base image to geneerate an adversarial image, the adversarial image misclassified by a neural network (NN) into a classification not associated with the base image; and train the NN with a training set comprising the adversarial image based on a determination that the NN did not classify the adversarial image into the classification associated with the base image. 7. At least one non-transitory computer-readable medium comprising a set of instructions that in response to being executed at a computing device, cause the computing device to: modify at least a first pixel of a base image to generate an adversarial image; present the adversarial image to a neural network (NN) to classify; determine whether the NN classified the adversarial image into the classification associated with the base image; and train the NN with the training set comprising the adversarial image based on a determination that the NN did not classify the adversarial image into the classification associated with the base image. 8. The at least one non-transitory computer-readable medium of claim 7 , comprising instructions, that in response to being executed at the computing device, cause the computing device to: modify at least a second pixel of the base image to generate a second adversarial image; determine whether the NN incorrectly classified the adversarial image; present the second adversarial image to the NN to classify; and determine whether the NN classified the second adversarial image into the classification associated with the base image. 9. The at least one non-transitory computer-readable medium of claim 8 , comprising instructions, that in response to being executed at the computing device, cause the computing device to train the NN with the training set comprising the adversarial image and the second adversarial image based on a determination that the NN did not classify the second adversarial image into the classification associated with the base image. 10. The at least one non-transitory computer-readable medium of claim 7 , comprising instructions, that in response to being executed at the computing device, cause the computing device to utilize a fast gradient sign method to modify the at least the first pixel of the base image. 11. The at least one non-transitory computer-readable medium of claim 7 , comprising instructions, that in response to being executed at the computing device, cause the computing device to minimize a Chebyshev or L-infinity distance between the base image and the adversarial image. 12. At least one non-transitory computer-readable medium comprising a set of instructions that in response to being executed at a computing device, cause the computing device to: identify at least a first pixel of a base image based on a sliding window technique, wherein the sliding window technique is used to combine portions of the base image with the at least first pixel of the base image based on a sliding window; modify the at least first pixel of the base image to generate an adversarial image, the adversarial image misclassified by a neural network (NN) into a classification not associated with the base image; and train the NN with a training set comprising the adversarial image based on a determination that the NN did not classify the adversarial image into the classification associated with the base image. 13. An apparatus, comprising: circuitry; and a memory device coupled to the circuitry, the memory device to store instructions that when executed by the circuitry cause the circuitry to: modify at least one image of a first group of images of a training set for a neural network (NN) to form a plurality of adversarial images, the first group of images associated with a first classification of the NN; present at least one of the plurality of adversarial images to the NN to classify; determine the at least one of the plurality of adversarial images does not match the first classification; and train the NN with the at least one of the plurality of adversarial images based on the determination that the NN did not classify the at least one of the plurality of adversarial images into the first classification of the NN. 14. The apparatus of claim 13 , the memory device comprising instructions that when executed by the circuitry cause the apparatus to: modify at least one image of a second group of images of the training set for the NN to form a second plurality of adversarial images, the second group of images associated with a second classification of the NN; and train the NN with the training set, at least one of the plurality of adversarial images, and at least one of the plurality of second adversarial images. 15. The apparatus of claim 14 , the memory device comprising instructions that when executed by the circuitry cause the apparatus to: present the plurality of adversarial images to the NN to classify; determine, for each of the plurality of adversarial images, whether the NN classified the plurality of adversarial images into the first classification; and train the NN with the training set, the ones of the plurality of adversarial images that the NN did not classif

Assignees

Intel Corp

Inventors

Classifications

G06V10/82Primary
using neural networks · CPC title
G06N3/094Primary
Adversarial learning · CPC title
G06N3/0464
Convolutional networks [CNN, ConvNet] · CPC title
G06N3/09
Supervised learning · CPC title
G06N3/088Primary
Non-supervised learning, e.g. competitive learning · CPC title

Patent family

Related publications grouped by family.

View patent family 64661931

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12322165B2 cover?: Various embodiments are generally directed to techniques for training deep neural networks, such as with an iterative approach, for instance. Some embodiments are particularly directed to a deep neural network (DNN) training system that generates a hardened DNN by iteratively training DNNs with images that were misclassified by previous iterations of the DNN. One or more embodiments, for exampl…
Who is the assignee on this patent?: Intel Corp
What technology area does this patent fall under?: Primary CPC classification G06V10/82. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jun 03 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).