| CPC G06F 21/554 (2013.01) [G06F 18/214 (2023.01); G06F 18/217 (2023.01); G06F 18/24137 (2023.01); G06F 21/55 (2013.01); G06N 3/045 (2023.01); G06N 3/047 (2023.01); G06N 5/04 (2013.01); G06V 10/454 (2022.01); G06V 10/761 (2022.01); G06V 10/763 (2022.01); G06V 10/7796 (2022.01); G06V 10/82 (2022.01)] | 15 Claims |
|
1. An information processing system that improves an ability of a neural network to withstand and detect latent attacks, comprising:
a communication interface that is communicatively coupled to the neural network, wherein the neural network includes a plurality of hidden layers;
a latent space database for storing position information in a latent space in which first output vectors, which are output vectors of a predetermined hidden layer included in the neural network, are embedded with input data used for learning of the neural network;
a processor that is communicatively coupled to the latent space database and the communication interface, wherein the processor is configured to:
infer the input data to generate an inference based on a positional relationship between a second output vector, which is an output vector of a predetermined hidden layer concerning input data to be inferred, and the first output vectors in the latent space,
detect an attack by Adversarial Example via at least one of a plurality of attack detection modes which compare the inference made by the neural network with the inference based on the positional relationship between the second output vector and the first output vectors in the latent space; and
display an attack alert notification when the attack by an Adversarial Example is detected.
|