US 12,242,941 B2
Method and system for creating an ensemble of machine learning models to defend against adversarial examples
Alejandro E. Brito, Mountain View, CA (US); Bashir Sadeghi, East Lansing, MI (US); and Shantanu Rane, Palo Alto, CA (US)
Assigned to Xerox Corporation, Norwalk, CT (US)
Filed by Palo Alto Research Center Incorporated, Palo Alto, CA (US)
Filed on Jun. 11, 2021, as Appl. No. 17/345,996.
Prior Publication US 2022/0398502 A1, Dec. 15, 2022
Int. Cl. G06N 20/20 (2019.01); G06F 18/21 (2023.01); G06F 18/241 (2023.01); G06N 7/01 (2023.01); G06N 20/10 (2019.01)
CPC G06N 20/20 (2019.01) [G06F 18/2163 (2023.01); G06F 18/2193 (2023.01); G06F 18/241 (2023.01); G06N 7/01 (2023.01); G06N 20/10 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A computer-executable method for facilitating construction of an ensemble of machine learning models, the method comprising:
determining an entire training set of data objects, wherein each data object in the entire training set is associated with one of a plurality of classes;
dividing the entire training set of data objects into a number of partitions;
generating a respective machine learning model for each respective partition using a universal kernel function, which processes the data objects divided into a respective partition to obtain the ensemble of machine learning models;
increasing effectiveness of the ensemble of machine learning models by training the respective machine learning model based on all the data objects of the entire training set;
predicting an outcome for a testing data object based on the ensemble of machine learning models and an ensemble decision rule, wherein the testing data object is modified based on adversarial examples;
displaying, on a device associated with a user, information related to ensemble results on the entire training set of data objects, wherein the information includes a type of data, a type of attack, a type of partition, a type of the universal kernel, a Gaussian variance, and a number corresponding to a class;
receiving, based on an interaction by the user with the displayed information, a request to change a configuration or setting related to one or more of the type of data, the type of attack, the type of partition, the type of the universal kernel, the Gaussian variance, and the number corresponding to a class;
changing the configuration or setting in response to receiving the request to change the configuration or setting;
updating the ensemble of machine learning models based on the changed configuration or setting; and
increasing accuracy of predicting the outcome for the testing data object based on the updated ensemble of machine learning models and the ensemble decision rule.