公开(公告)号：US20240062042A1

公开(公告)日：2024-02-22

申请号：US18451692

申请日：2023-08-17

Applicant: SRI International

Inventor： Aswin Nadamuni Raghavan ,  Saurabh Farkya ,  Jesse Albert Hostetler ,  Avraham Joshua Ziskind ,  Michael Piacentino ,  Ajay Divakaran ,  Zhengyu Chen

IPC: G06N3/045 ,  G06F21/56 ,  G06N3/098

CPC classification number: G06N3/045 ,  G06F21/566 ,  G06N3/098 ,  G06F2221/033

Abstract: In general, the disclosure describes techniques for implementing an MI-based attack detector. In an example, a method includes training a neural network using training data, applying stochastic quantization to one or more layers of the neural network, generating, using the trained neural network, an ensemble of neural networks having a plurality of quantized members, wherein at least one of weights or activations of each of the plurality of quantized members have different bit precision, and combining predictions of the plurality of quantized members of the ensemble to detect one or more adversarial attacks and/or determine performance of the ensemble of neural networks.