An adversarial sample defense method, device, equipment and program product

By embedding backdoor traps into deep learning models, constructing backdoor models, and utilizing neuron activation differences and label offset filtering, we can achieve accurate detection of adversarial examples. This solves the problems of universality and computational resource consumption of existing defense methods, and improves detection efficiency and accuracy.

CN122241700APending Publication Date: 2026-06-19GUANGZHOU UNIVERSITY

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGZHOU UNIVERSITY
Filing Date
2026-03-23
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing adversarial defense methods lack universality, rely on perturbation patterns of specific attacks, consume high computational resources, have low detection accuracy, are difficult to deal with unknown attacks, and are inefficient in real-time application scenarios.

Method used

By constructing backdoor samples to implant backdoor traps into the original model, a backdoor model is built. By using neuron activation differences and label offset screening, combined with neuron matching verification, accurate detection of adversarial examples is achieved.

Benefits of technology

It improves the accuracy and efficiency of adversarial example detection, reduces computational resource consumption, adapts to unknown attacks, and meets the needs of real-time applications.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122241700A_ABST
    Figure CN122241700A_ABST
Patent Text Reader

Abstract

This application discloses an adversarial example defense method, apparatus, device, and program product. The method includes: constructing a backdoor sample to implant a backdoor trap into an original model, thereby constructing a backdoor model; inputting a clean sample and the backdoor sample into the backdoor model respectively to compare the differences in neuron activation, thereby locating the backdoor neuron activation set; inputting a sample to be tested into the backdoor model for label offset filtering to obtain a suspected sample; and performing neuron matching verification processing on the suspected sample based on the backdoor neuron activation set to detect the adversarial example. The embodiments of this application can improve the accuracy of adversarial example detection and can be widely applied in the field of artificial intelligence technology.
Need to check novelty before this filing date? Find Prior Art