Search

EP-4736087-A1 - METHOD AND APPARATUS FOR DEEP LEARNING MODEL

EP4736087A1EP 4736087 A1EP4736087 A1EP 4736087A1EP-4736087-A1

Abstract

A computer-implemented method for a deep learning model comprises providing the deep learning model with a set of inputs each perturbed with a perturbation level; obtaining a plurality of groups of prompts for the set of inputs, wherein each of the set of inputs is associated with a corresponding group of the plurality of groups of prompts based on the perturbation level of that input; and optimizing the plurality of groups of prompts by minimizing a loss function of the deep learning model including the plurality of groups of prompts over the set of inputs.

Inventors

  • SU, Hang
  • CHENG, Ze
  • DONG, Yinpeng
  • LIU, CHANG
  • XIANG, Wenzhao

Assignees

  • Robert Bosch GmbH
  • Tsinghua University

Dates

Publication Date
20260506
Application Date
20230628

Claims (12)

  1. A computer-implemented method for a deep learning model, comprising: providing the deep learning model with a set of inputs each perturbed with a perturbation level; obtaining a plurality of groups of prompts for the set of inputs, wherein each of the set of inputs is associated with a corresponding group of the plurality of groups of prompts based on the perturbation level of that input; and optimizing the plurality of groups of prompts by minimizing a loss function of the deep learning model including the plurality of groups of prompts over the set of inputs.
  2. The computer-implemented method of claim 1, wherein the obtaining the plurality of groups of prompts for the set of inputs comprises: selecting, from a prompt pool, a group of prompts for one of the set of inputs based on a match of a key for the group of prompts and the perturbation level of the one of the set of inputs.
  3. The computer-implemented method of claim 2, wherein the prompt pool comprises a set of keys with each key in association with a group of prompts, and wherein the set of keys are trained to match different perturbation levels of the set of inputs.
  4. The computer-implemented method of claim 2, wherein the deep learning model comprises a transformer having a backbone and a head.
  5. The computer-implemented method of claim 4, wherein in the optimizing the plurality of groups of prompts by minimizing the loss function of the deep learning model including the plurality of groups of prompts, parameters of the backbone are frozen.
  6. The computer-implemented method of claim 4, further comprising: adjusting the head in response to the optimizing the plurality of groups of prompts by minimizing a loss function of the deep learning model including the plurality of groups of prompts.
  7. The computer-implemented method of claim 4, wherein the selected group of prompts are input to all layers or partial layers of the backbone when the one of the set of inputs is provided to the transformer.
  8. The computer-implemented method of claim 7, wherein the selected group of prompts are concatenated into original input embedding vectors for each layer of the all layers or the partial layers of the backbone.
  9. A computer-implemented method for a deep learning model, comprising: providing the deep learning model with a set of images each perturbed with a perturbation level, wherein the deep learning model have been trained for image classification; obtaining a plurality of groups of prompts for the set of images, wherein each of the set of images is associated with a corresponding group of the plurality of groups of prompts based on the perturbation level of that image; and optimizing the plurality of groups of prompts by minimizing a loss function of the deep learning model including the plurality of groups of prompts over the set of images.
  10. An apparatus for a deep learning model, comprising: a memory; and at least one processor coupled to the memory and configured to perform the method of one of claims 1-8.
  11. A computer program product for a deep learning model, comprising: processor executable computer code for performing the method of one of claims 1-8.
  12. A computer readable medium, storing computer code for a deep learning model, the computer code when executed by a processor, causing the processor to perform the method of one of claims 1-8.

Description

METHOD AND APPARATUS FOR DEEP LEARNING MODEL FIELD Aspects of the present disclosure relate generally to artificial intelligence (AI) , and more particularly, to a method and a network for a deep learning model. BACKGROUND Recently, deep learning models have achieved remarkable success in a variety of applications, including, not limited to, autonomous driving, chatbots, healthcare, and so on. However, these deep learning models are vulnerable to adversarial attacks, which pose a major challenge for their deployment in security-sensitive domains. To address this issue, robustness against adversarial attacks has become a crucial focus of AI safety research. Therefore, it may be desirable to provide a method or a technique to improve the robustness of the deep learning models or algorithms against adversarial attacks. SUMMARY The following presents a simplified summary of one or more aspects according to the present disclosure in order to provide a basic understanding of such aspects. This summary is not an extensive overview of all contemplated aspects, and is intended to neither identify key or critical elements of all aspects nor delineate the scope of any or all aspects. Its sole purpose is to present some concepts of one or more aspects in a simplified form as a prelude to the more detailed description that is presented later. In an aspect of the disclosure, a computer-implemented method for a deep learning model is provided, comprising providing the deep learning model with a set of inputs each perturbed with a perturbation level; obtaining a plurality of groups of prompts for the set of inputs, wherein each of the set of inputs is associated with a corresponding group of the plurality of groups of prompts based on the perturbation level of that input; and optimizing the plurality of groups of prompts by minimizing a  loss function of the deep learning model including the plurality of groups of prompts over the set of inputs. In another aspect of the disclosure, a computer-implemented method for a deep learning model is provided, comprising providing the deep learning model with a set of images each perturbed with a perturbation level, wherein the deep learning model have been trained for image classification; obtaining a plurality of groups of prompts for the set of images, wherein each of the set of images is associated with a corresponding group of the plurality of groups of prompts based on the perturbation level of that image; and optimizing the plurality of groups of prompts by minimizing a loss function of the deep learning model including the plurality of groups of prompts over the set of images. In another aspect of the disclosure, apparatus for diffusion model is provided, comprising a memory and at least one processor coupled to the memory. The at least one processor is configured to provide the deep learning model with a set of inputs each perturbed with a perturbation level; obtain a plurality of groups of prompts for the set of inputs, wherein each of the set of inputs is associated with a corresponding group of the plurality of groups of prompts based on the perturbation level of that input; and optimize the plurality of groups of prompts by minimizing a loss function of the deep learning model including the plurality of groups of prompts over the set of inputs. In another aspect of the disclosure, a computer program product for a deep learning model is provided, comprising processor executable computer code for providing the deep learning model with a set of inputs each perturbed with a perturbation level; obtaining a plurality of groups of prompts for the set of inputs, wherein each of the set of inputs is associated with a corresponding group of the plurality of groups of prompts based on the perturbation level of that input; and optimizing the plurality of groups of prompts by minimizing a loss function of the deep learning model including the plurality of groups of prompts over the set of inputs. In another aspect of the disclosure, a computer readable medium stores computer code for a deep learning model. The computer code when executed by a processor causes the processor to provide the deep learning model with a set of inputs each perturbed with a perturbation level; obtain a plurality of groups of prompts for  the set of inputs, wherein each of the set of inputs is associated with a corresponding group of the plurality of groups of prompts based on the perturbation level of that input; and optimize the plurality of groups of prompts by minimizing a loss function of the deep learning model including the plurality of groups of prompts over the set of inputs. The proposed methods for adversarial training according to one or more aspects of the present disclosure may be used for various applications and/or fields, such as autonomous cars, face recognition, malware detection, and the like. Although the following disclosure may be described with reference to classifica