| CPC G06N 3/08 (2013.01) [G06N 3/045 (2023.01); G06V 10/454 (2022.01); G06V 10/764 (2022.01); G06V 10/82 (2022.01); G06V 20/56 (2022.01); H04L 63/1441 (2013.01)] | 18 Claims |
|
1. A method for identifying and classifying adversarial attacks on an automated detection system, comprising:
providing a reference signal and a potentially manipulated signal, wherein each signal includes at least one of an image signal, a video signal, or an audio signal,
calculating a set of n metrics which quantify differences between the reference signal and the potentially manipulated signal in different ways, with n being a natural number greater than one
creating an n-dimensional feature space based on the calculated metrics,
classifying the type of adversarial attack on the basis of the calculated metrics in the n-dimensional feature space, and
outputting the class of the adversarial attack,
wherein the automated detection system comprises at least one trained neural network, and the reference signal and the potentially manipulated signal are provided following completion of a training phase of the at least one neural network, and
wherein subsets are created from the n metrics in order to extract most relevant m metrics, with m being a natural number less than n and, wherein the classification of the type of the adversarial attack is effected on the basis of the calculated metrics in the m-dimensional feature space.
|