DETECTION OF ADVERSARIAL EXAMPLE INPUT TO MACHINE LEARNING MODELS

Organization Name

dell products l.p.

Inventor(s)

Jinpeng Liu of Shanghai (CN)

Zijia Wang of WeiFang (CN)

Zhen Jia of Shanghai (CN)

Kenneth Durazzo of Morgan Hill CA (US)

DETECTION OF ADVERSARIAL EXAMPLE INPUT TO MACHINE LEARNING MODELS - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240104349 titled 'DETECTION OF ADVERSARIAL EXAMPLE INPUT TO MACHINE LEARNING MODELS

Simplified Explanation

The apparatus described in the abstract utilizes two machine learning models to determine classification and clustering outputs for a given input, and modifies subsequent processing if the input is deemed adversarial based on a comparison of these outputs.

• The apparatus uses a first machine learning model to determine the probability of the input belonging to each class in a set, and a second machine learning model to determine which cluster the input belongs to, with clusters corresponding to classes.
• If the input is identified as an adversarial example based on a comparison of classification and clustering outputs, subsequent processing of the input is modified by additional machine learning models.

Potential Applications

This technology could be applied in various fields such as cybersecurity, fraud detection, and anomaly detection where the identification of adversarial examples is crucial.

Problems Solved

This technology helps in identifying adversarial examples, which are inputs designed to mislead machine learning models, thereby improving the overall accuracy and reliability of the models.

Benefits

The use of multiple machine learning models enhances the robustness of the system by detecting and mitigating potential adversarial attacks, leading to more trustworthy and secure AI systems.

Potential Commercial Applications

One potential commercial application of this technology could be in the development of advanced security systems for industries like finance, healthcare, and e-commerce to protect against fraudulent activities and cyber threats.

Possible Prior Art

One possible prior art in this field is the use of ensemble learning techniques to improve the accuracy and robustness of machine learning models by combining multiple models to make predictions.

Unanswered Questions

How does the apparatus handle false positives in identifying adversarial examples?

The abstract does not specify how the system deals with false positives in detecting adversarial examples, which could lead to unnecessary modifications in subsequent processing.

What is the computational overhead of utilizing multiple machine learning models in real-time applications?

The abstract does not address the potential computational costs associated with using multiple machine learning models simultaneously, especially in real-time applications where speed is crucial.

Original Abstract Submitted

an apparatus comprises a processing device configured to utilize a first machine learning model to determine a classification output for a given input indicating probability of the given input belonging to each of a set of classes, and to utilize a second machine learning model to determine a clustering output for the given input indicating which of a set of clusters that the given input belongs to, the clusters corresponding to respective ones of the classes. the processing device is further configured, responsive to determining that the given input represents an adversarial example based at least in part on a comparison of the classification and clustering outputs for the given input, to modify subsequent processing of the given input by additional machine learning models.