APPARATUS AND METHOD FOR RETRAINING SUBSTITUTE MODEL FOR EVASION ATTACK, AND EVASION ATTACK APPARATUS

Title:

APPARATUS AND METHOD FOR RETRAINING SUBSTITUTE MODEL FOR EVASION ATTACK, AND EVASION ATTACK APPARATUS

Document Type and Number:

WIPO Patent Application WO/2021/095984

Kind Code:

A1

Abstract:

The present invention relates to an apparatus and method for retraining a substitute model for an evasion attack, and an evasion attack apparatus. The present invention is characterized in: on the basis of a substitute model previously trained in the same type as a target model trained, via a neural network, to classify labels of input data, generating, from original data, specific attack data for allowing the target model to misclassify labels of the original data to input, to the target model, the generated specific attack data as a query for the target model; acquiring a classification result obtained by classifying, by the target model, labels of the specific attack data in response to the query; and on the basis of the acquired classification result and the specific attack data, retraining the substitute model so that the substitute model partially imitates the target model.

More Like This:

WO/2022/002699	METHOD AND SYSTEM FOR CLASSIFYING MONITORED MOLECULAR INTERACTIONS
WO/2020/239203	TECHNIQUE FOR GENERATING SYNTHETIC DATA FOR RADIO ACCESS NETWORK CONFIGURATION RECOMMENDATION
WO/2022/261950	SYSTEM AND METHOD FOR MODEL COMPOSITION OF NEURAL NETWORKS

Inventors:

PARK HO SUNG (KR)
CHOI DAE SEON (KR)

Application Number:

PCT/KR2019/018161

Publication Date:

May 20, 2021

Filing Date:

December 20, 2019

Export Citation:

Click for automatic bibliography generation Help

Assignee:

NAT UNIV KONGJU IND UNIV COOP FOUND (KR)

International Classes:

G06N3/08; G06F16/906; H04L29/06

Foreign References:

KR20190061446A	2019-06-05
KR20160095856A	2016-08-12
KR20190094068A	2019-08-12

Other References:

XIE, CIHANG, ZHANG ZHISHUAI; ZHOU YUYIN; BAI SONG; WANG JIANYU; REN ZHOU; YUILLE ALAN L: "Improving Transferability of Adversarial Examples with Input Diversity", CVPR 2019. ARXIV:180306978V4, 1 June 2019 (2019-06-01), XP033686513, Retrieved from the Internet [retrieved on 20200731]
RYU, GWONSANG ET AL.: "A Deceptive Attack on the Limit of the Modulation Area on a Face Recognition Model based on Deep Learning", REVIEW OF KOREA INSTITUTE OF INFORMATION SECURITY & CTYPTOLOGY, 30 June 2019 (2019-06-30), pages 44 - 50, XP055826381, Retrieved from the Internet [retrieved on 20200731]
PARK, HOSUNG ET AL.: "Retraining Substitute Model for Practical Black-box Attacks against Deep Neural Networks", THE 20TH WISA-WORKSHOP 2019, vol. 20, 21 August 2019 (2019-08-21), Korea, Retrieved from the Internet [retrieved on 20200731]

Attorney, Agent or Firm:

AJU INTERNATIONAL LAW & PATENT GROUP (KR)

Download PDF:

View/Download PDF PDF Help

Previous Patent: BUTTON-TYPE FITTING APPARATUS FOR HOSE CONNECTION

Next Patent: METHOD FOR SUPPLEMENTING CLASS-IMBALANCED DATA, AND METHOD FOR PREDICTING LOAN DEFAULT USING SAME