[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5KdBaVrQKyf3IzSlnvKgVpOkHXsSuZYiIA4J4X4k7wQ":3},{"id":4,"source":5,"question":6,"options":7,"answer":12,"related":13,"type":24,"origin":111,"createTime":26},248514385,"v1","在模型指纹技术中,由于模型的决策边界是一个无法直接度量的抽象概念,研究人员选择使用什么作为其可度量的\"代理\"或\"替代品\"? ( )",[8,9,10,11],"模型的参数总量和计算复杂度","模型训练所消耗的时间和计算资源","模型在标准测试集上的准确率","针对该模型生成的通用对抗扰动(UAP)",[],[14,27,37,41,51,61,71,81,91,101],{"id":15,"source":5,"question":16,"options":17,"answer":22,"related":23,"type":24,"origin":25,"createTime":26},248514383,"在设计能够抵抗社交平台图像压缩操作的隐私保护方法时,研究人员在噪声生成模型的训练流程中引入了一个关键模块.这个模块是? ( )",[18,19,20,21],"一个模拟社交平台压缩过程的\"可微分JPEG算法\"模块","一个用于放大图像分辨率的超分辨率模块","一个在图像上传前自动移除所有元数据(Metadata)的工具","一个用于检测图像中是否含有压缩痕迹的分类器",[],[],0,null,"2025-12-03T07:12:36+08:00",{"id":28,"source":5,"question":29,"options":30,"answer":35,"related":36,"type":24,"origin":25,"createTime":26},248514384,"投影梯度下降法(PGD)攻击常被用作评估模型对抗鲁棒性的基准,其主要原因是? ( )",[31,32,33,34],"因为它是一种黑盒攻击,不需要任何模型内部信息","因为它被认为是\"最强的一阶攻击方法\",若模型能抵御PGD,通常也能抵御其他类似的一阶攻击","因为它是所有攻击方法中计算速度最快的","因为它生成的对抗样本在视觉上与原图差异最大",[],[],{"id":4,"source":5,"question":6,"options":38,"answer":39,"related":40,"type":24,"origin":25,"createTime":26},[8,9,10,11],[],[],{"id":42,"source":5,"question":43,"options":44,"answer":49,"related":50,"type":24,"origin":25,"createTime":26},248514386,"在知识增强机器学习(KEMLP)这一后处理防御方法中,如果主任务是识别一个\"停止\"交通标志牌,那么\"预防模型\"(Preclusion Model)最可能负责识别哪一项特征? ( )",[45,46,47,48],"识别出标志牌上出现的\"STOP\"这个单词","识别出标志牌出现在道路场景中","识别出标志牌的形状是八边形","识别出标志牌的颜色是红色",[],[],{"id":52,"source":5,"question":53,"options":54,"answer":59,"related":60,"type":24,"origin":25,"createTime":26},248514387,"边界攻击(Boundary Attack)在执行其攻击算法时,有一个独特的起始(初始化)方式,它是如何开始的? ( )",[55,56,57,58],"从一个完全随机的噪声图像开始","从一个已经能够成功欺骗模型的对抗样本出发,然后逐步优化","从一个与目标模型结构相似的代理模型开始训练","从原始的、未被修改的干净图像开始",[],[],{"id":62,"source":5,"question":63,"options":64,"answer":69,"related":70,"type":24,"origin":25,"createTime":26},248514388,"当前人工智能技术发展面临的一个重要挑战是在哪两个方面进行权衡? ( )",[65,66,67,68],"模型的参数量和所需内存","模型的性能(准确率)和可解释性","模型的训练速度和推理速度","模型的能耗和硬件成本",[],[],{"id":72,"source":5,"question":73,"options":74,"answer":79,"related":80,"type":24,"origin":25,"createTime":26},248514389,"ISSBA攻击中使用的图像隐写网络(Encoder\u002FDecoder)具有一个显著的优点,即? ( )",[75,76,77,78],"只能对特定类型的数据集(如手写数字)生效","生成的触发器信息可以被任何解码器轻松读取","每次攻击都需要从头开始训练一个全新的网络,以保证安全","具有普适性,在某数据集上训练好的网络可以复用于其他图像大小相同的数据集",[],[],{"id":82,"source":5,"question":83,"options":84,"answer":89,"related":90,"type":24,"origin":25,"createTime":26},248514390,"在控制训练过程的后门攻击中,如果数据投毒和模型训练这两个子任务是分开进行的,即并非同时优化,这种攻击被称为? ( )",[85,86,87,88],"一阶段训练的后门攻击","全透明训练的后门攻击","半透明训练的后-门攻击","两阶段训练的后门攻击",[],[],{"id":92,"source":5,"question":93,"options":94,"answer":99,"related":100,"type":24,"origin":25,"createTime":26},248514391,"在进行白盒模型反演攻击时,攻击者通常将问题形式化为一个优化问题,其核心的优化目标是? ( )",[95,96,97,98],"最大化反演数据与真实数据之间的差异","最小化反演模型的参数数量","最大化攻击模型的分类准确率","最小化反演数据在目标模型上的输出与真实数据输出之间的差异",[],[],{"id":102,"source":5,"question":103,"options":104,"answer":109,"related":110,"type":24,"origin":25,"createTime":26},248514392,"在数据投毒攻击中,\"可见触发器\"的主要特征是? ( )",[105,106,107,108],"触发器虽然肉眼可见,但通常不影响人类对图像原始类别的正确判断","触发器必须是一个尺寸很大的贴纸,才能被模型学习到","触发器完全透明,对图像没有任何改变","触发器是一种随机噪声,人类和模型都无法识别",[],[],{"courseName":112,"courseImg":113,"workName":114,"workId":115,"count":116,"courseId":117},"默认课程","https:\u002F\u002Ftihai-oss-cloud.itihey.com\u002Fimg\u002F03a579384a6dc297c89809b582fcc767.png","人工智能安全与伦理","exam_168310563",85,"53e1d2ef4961cca8eea3e23969ad2cb9"]