US 11,818,163 B2
Automatic machine learning vulnerability identification and retraining
Nitin S. Sharma, San Jose, CA (US); and Mozhdeh Rouhsedaghat, Los Angeles, CA (US)
Assigned to PayPal, Inc., San Jose, CA (US)
Filed by PayPal, Inc., San Jose, CA (US)
Filed on Dec. 15, 2020, as Appl. No. 17/122,643.
Claims priority of provisional application 63/080,522, filed on Sep. 18, 2020.
Prior Publication US 2022/0094709 A1, Mar. 24, 2022
Int. Cl. H04L 9/40 (2022.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01); G06F 18/213 (2023.01); G06F 18/21 (2023.01); G06F 18/214 (2023.01); G06F 18/2415 (2023.01)
CPC H04L 63/1441 (2013.01) [G06F 18/213 (2023.01); G06F 18/217 (2023.01); G06F 18/2148 (2023.01); G06F 18/2415 (2023.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method, comprising:
perturbing, by a computer system using a set of adversarial attack methods, a set of training examples used to train a machine learning model;
identifying, by the computer system from among the perturbed set of training examples, a set of sparse perturbed training examples that are usable to train machine learning models to identify adversarial attacks, wherein the set of sparse perturbed training examples includes examples whose perturbations are below a perturbation threshold and whose classifications satisfy a classification difference threshold; and
retraining, by the computer system using the set of sparse perturbed training examples, the machine learning model.