Methods, devices, and computer program products for protecting deep neural networks (DNNs) (detection of hostile attacks against DNNs)

摘要

PROBLEM TO BE SOLVED: To provide a method, a device and a program for coping with a hostile attack targeting a deep neural network (DNN). A method of detecting a hostile attack is to start training by inputting all training data sets into the network and record intermediate representations (internal activation data) of each of the multiple layers of 500, DNN. 502, for each intermediate representation, a separate machine learning model is trained to generate each set of label arrays for each intermediate representation 504, and each set of label arrays is used to train an outlier detection model 506, Assuming an associated implementation system, determine if a hostile attack is detected for a given input or occurrence 508, and if it indicates a hostile attack, take action in response to the detection of the hostile attack. 510 to execute. [Selection diagram] FIG. 5