METHOD AND APPARATUS FOR IDENTIFYING ADVERSARIAL SAMPLE TO PROTECT MODEL SECURITY

摘要

A method for identifying an adversarial sample to protect privacy security. The method comprises: first sampling multiple non-adversarial samples relating to private data, so as to obtain a first control sample set; then adding a target sample to be tested to the first control sample set, so as to obtain a first experimental sample set; next, separately using the first control sample set and the first experimental sample set to train an initial machine learning model, so as to obtain a trained first control model and a trained first experimental model; then, using a test sample set to perform performance evaluation on the first control model and the first experimental model, separately, so as to obtain a first control value and a first experimental value for a preset evaluation index; and next, calculating the difference value between the first control value and the first experimental value as a first gain value of the target sample for the model performance. Therefore, whether the target sample is an adversarial sample can be determined on the basis of the first gain value or multiple gain values obtained by repeating the process above.