[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fif2kdvGyUh45eEQWRFbr3V9lMuTRERcuYDeok8Npb2Y":3},{"answer":4,"createTime":5,"id":6,"options":7,"origin":12,"question":16,"related":17,"source":27,"type":28},[],"2025-12-15 19:51:09",266882763,[8,9,10,11],"具有普适性,在某数据集上训练好的网络可以复用于其他图像大小相同的数据集","生成的触发器信息可以被任何解码器轻松读取","每次攻击都需要从头开始训练一个全新的网络,以保证安全","只能对特定类型的数据集(如手写数字)生效",{"courseId":13,"courseImg":14,"courseName":15},"53e1d2ef4961cca8eea3e23969ad2cb9","https:\u002F\u002Ftihai-oss-cloud.itihey.com\u002Fimg\u002F03a579384a6dc297c89809b582fcc767.png","默认课程","ISSBA攻击中使用的图像隐写网络(Encoder\u002FDecoder)具有一个显著的优点,即? ( )",[18,29,38,46,55,58,67,76,85,94],{"answer":19,"createTime":5,"id":20,"options":21,"question":26,"source":27,"type":28},[],266882759,[22,23,24,25],"仅在训练数据中注入固定的触发器","专门为抵抗模型微调而设计","采用交替优化的方式,同时对后门模型和触发器生成函数进行求解","攻击者对训练过程只有部分控制权","Lira是一种典型的一阶段训练攻击方法,其核心特点是? ( )","v1",0,{"answer":30,"createTime":5,"id":31,"options":32,"question":37,"source":27,"type":28},[],266882760,[33,34,35,36],"半透明训练的后-门攻击","全透明训练的后门攻击","一阶段训练的后门攻击","两阶段训练的后门攻击","在控制训练过程的后门攻击中,如果数据投毒和模型训练这两个子任务是分开进行的,即并非同时优化,这种攻击被称为? ( )",{"answer":39,"createTime":5,"id":40,"options":41,"question":45,"source":27,"type":28},[],266882761,[42,43,44,34],"半透明训练的后门攻击","全过程可控的后门攻击","部分过程可控的后门攻击","根据对训练过程的掌控程度,如果攻击者对模型的训练过程并非全部透明,这种攻击属于哪一类? ( )",{"answer":47,"createTime":5,"id":48,"options":49,"question":54,"source":27,"type":28},[],266882762,[50,51,52,53],"必须修改原始数据的标签才能植入这种水印,从而增强攻击性","这种水印是可见的,任何人都能轻易识别出受保护的模型","这种水印对模型性能的损害最大,能有效惩罚侵权者","鲁棒特征在模型窃取或知识迁移过程中不易丢失,保证了水印的有效传递","与传统的参数水印或后门水印相比,一种改进的模型水印方法选择将外部的&quot;鲁棒特征&quot;(如梵高艺术风格)嵌入模型中.这种方法的主要优势在于? ( )",{"answer":56,"createTime":5,"id":6,"options":57,"question":16,"source":27,"type":28},[],[8,9,10,11],{"answer":59,"createTime":5,"id":60,"options":61,"question":66,"source":27,"type":28},[],266882764,[62,63,64,65],"数据隐私","模型鲁棒性","算法公平性","模型隐私","一种攻击手段旨在通过利用模型的梯度等信息,反向推演出该模型的网络结构和具体参数,从而实现对模型的非法复制.这种攻击主要侵犯了什么? ( )",{"answer":68,"createTime":5,"id":69,"options":70,"question":75,"source":27,"type":28},[],266882765,[71,72,73,74],"批次大小","学习率","蒸馏温度","正则化系数","在防御蒸馏方法中,控制教师模型预测分布软化程度的关键参数是什么",{"answer":77,"createTime":5,"id":78,"options":79,"question":84,"source":27,"type":28},[],266882766,[80,81,82,83],"它是第一个完全不需要模型信息的黑盒攻击方法","它将复杂的优化问题简化为单步梯度计算,以追求极致的速度","它重新设计了更有效的优化目标函数,并将扰动映射到tanh空间以使用如Adam等更先进的优化器","它放弃了对扰动大小的限制,允许生成任意强度的噪声","C&amp;W攻击是对L-BFGS等早期优化攻击方法的重大改进.下列哪项是C&amp;W攻击的关键创新点? ( )",{"answer":86,"createTime":5,"id":87,"options":88,"question":93,"source":27,"type":28},[],266882767,[89,90,91,92],"迭代最小可能类攻击 (ILLC)","基本迭代法 (BIM)","快速梯度符号法 (FGSM)","动量迭代法 (MIM)","在基于梯度的攻击方法中,哪一种是专门为&quot;有目标攻击&quot;(Targeted Attack)设计的,即旨在将输入样本误导为某个预先设定的错误类别? ( )",{"answer":95,"createTime":5,"id":96,"options":97,"question":102,"source":27,"type":28},[],266882768,[98,99,100,101],"它侧重于修改神经网络的内部架构和训练方式以增强鲁棒性","它只能用于防御物理世界的对抗补丁攻击","它在不改变原有模型或其训练过程的前提下,对模型的输出结果进行额外的处理或验证","它需要在模型训练前对数据进行大规模的清洗和去噪","后处理防御方法的主要特点是什么? ( )"]