US 11,948,054 B2
Masked projected gradient transfer attacks
Luke Edward Richards, Ellicott City, MD (US); Andre Tai Nguyen, Columbia, MD (US); Ryan Joseph Capps, Atlanta, GA (US); and Edward Simon Paster Raff, Jamesville, NY (US)
Assigned to BOOZ ALLEN HAMILTON INC., McLean, VA (US)
Filed by Booz Allen Hamilton Inc., McLean, VA (US)
Filed on Oct. 29, 2020, as Appl. No. 17/083,928.
Prior Publication US 2022/0141251 A1, May 5, 2022
Int. Cl. H04L 9/40 (2022.01); G06N 20/00 (2019.01)
CPC G06N 20/00 (2019.01) [H04L 63/1416 (2013.01); H04L 63/1466 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for generating a transfer adversarial attack, the system comprising:
an attack module configured to generate an adversarial attack on a target module, wherein the attack module is configured to:
generate a surrogate model having an architecture and a dataset that mirrors at least one aspect of a target model of the target module, the surrogate model including a plurality of classes;
generate a masked version of the surrogate model having fewer classes than the surrogate model by randomly selecting at least one class of the plurality of classes for removal;
attack the masked surrogate model to create a perturbed sample;
generalize the perturbed sample for use with the target module; and
transfer the perturbed sample to the target module to alter an operating parameter of the target model.