| CPC G06F 21/554 (2013.01) [G06N 3/04 (2013.01); G06N 3/045 (2023.01); G06N 3/084 (2013.01); G06N 3/094 (2023.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01); G06F 2221/034 (2013.01); G06N 7/01 (2023.01)] | 17 Claims |
|
1. An apparatus, comprising:
circuitry; and
memory coupled to the circuitry, the memory storing instructions, which when executed by the circuitry cause the circuitry to:
receive input data from an input device;
generate output data based in part on executing an inference model with the input data, the output data comprising an indication of a visible class of a plurality of visible classes or an indication of a hidden class of a plurality of hidden classes, wherein the visible class is a type of category the inference model is trained to classify when the input data is expected input data and the hidden class is a type of category the inference model is trained to classify when the input data is adversarial input data designed to cause the inference model to misclassify the adversarial input data into the visible class;
determine whether the output data comprises an indication of the hidden class from the plurality of hidden classes, wherein at least one of the plurality of hidden classes corresponds to blacklisted inputs;
provide the generated output to an output consumer based on a determination that the output data does not comprise an indication of the hidden class; and
provide obfuscated output to the output consumer based on a determination that the output data does comprise an indication of the hidden class, the obfuscated output comprising an indication of a visible class associated with the hidden class instead of the hidden class.
|