[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fb7trnxzemf6UpyLy7-fnAXkUJXxLE9YohsSEjRLwX60":3},{"answer":4,"createTime":5,"id":6,"options":7,"origin":12,"question":16,"related":17,"source":27,"type":28},[],"2026-02-02 09:40:22",318235078,[8,9,10,11],"生成的解释与模型的最终决策无关","需要对原始模型进行大量的修改和重新训练","只能应用于线性模型和决策树","可以在不改变模型、只使用已训练好权重的情况下生成解释",{"courseId":13,"courseImg":14,"courseName":15},"53e1d2ef4961cca8eea3e23969ad2cb9","https:\u002F\u002Ftihai-oss-cloud.itihey.com\u002Fimg\u002F03a579384a6dc297c89809b582fcc767.png","默认课程","Grad-CAM是一种生成显著性图的有效方法,它的一个重要优势是? ( )",[18,29,38,47,56,65,68,77,86,95],{"answer":19,"createTime":5,"id":20,"options":21,"question":26,"source":27,"type":28},[],318235073,[22,23,24,25],"识别输入模型的结构,判断其是否与隐私模型一致","测量输入模型的运行速度,速度越快说明盗版可能性越高","直接对输入的图像进行分类,判断其风格","对输入模型的&quot;参数梯度&quot;进行分类,判断该模型是否含有被植入的外部特征","在基于嵌入外部特征的模型水印方法中,为了验证一个可疑模型是否为盗版,研究人员训练了一个特殊的元分类器(meta-classifier).这个元分类器的作用是? ( )","v1",0,{"answer":30,"createTime":5,"id":31,"options":32,"question":37,"source":27,"type":28},[],318235074,[33,34,35,36],"白盒攻击","基于分数的黑盒攻击","基于迁移性的黑盒攻击","基于标签的黑盒攻击","在实施对抗攻击时,如果攻击者完全不了解目标模型的内部结构和参数,只能通过向模型输入数据并观察其返回的最终预测类别(例如,只能得到&quot;猫&quot;或&quot;狗&quot;的标签,而没有具体的置信度分数)来实施攻击,这种攻击属于? ( )",{"answer":39,"createTime":5,"id":40,"options":41,"question":46,"source":27,"type":28},[],318235075,[42,43,44,45],"它完全不需要修改训练数据的标签","它使用了一种通用的、对所有样本都相同的对抗性噪声","它为每个输入的良性样本生成特定且不同的触发器","它生成的触发器对人类肉眼完全可见","与BadNets和LSB等使用固定触发器的攻击方法相比,ISSBA方法的主要创新之处在于? ( )",{"answer":48,"createTime":5,"id":49,"options":50,"question":55,"source":27,"type":28},[],318235076,[51,52,53,54],"从一个已经能够成功欺骗模型的对抗样本出发,然后逐步优化","从一个完全随机的噪声图像开始","从一个与目标模型结构相似的代理模型开始训练","从原始的、未被修改的干净图像开始","边界攻击(Boundary Attack)在执行其攻击算法时,有一个独特的起始(初始化)方式,它是如何开始的? ( )",{"answer":57,"createTime":5,"id":58,"options":59,"question":64,"source":27,"type":28},[],318235077,[60,61,62,63],"模型在标准测试集上的准确率","模型的参数总量和计算复杂度","针对该模型生成的通用对抗扰动(UAP)","模型训练所消耗的时间和计算资源","在模型指纹技术中,由于模型的决策边界是一个无法直接度量的抽象概念,研究人员选择使用什么作为其可度量的&quot;代理&quot;或&quot;替代品&quot;? ( )",{"answer":66,"createTime":5,"id":6,"options":67,"question":16,"source":27,"type":28},[],[8,9,10,11],{"answer":69,"createTime":5,"id":70,"options":71,"question":76,"source":27,"type":28},[],318235079,[72,73,74,75],"语义触发器","静态触发器","动态触发器","非语义触发器","在数据投毒攻击中,将图像中固有的&quot;绿色车身&quot;或文本中的特定短语作为触发器,这种触发器属于? ( )",{"answer":78,"createTime":5,"id":79,"options":80,"question":85,"source":27,"type":28},[],318235080,[81,82,83,84],"t-分布随机邻域嵌入(t-SNE)","梯度上升机制","对抗生成网络(GAN)","离散余弦变换(DCT)","研究发现,许多后门触发器在图像中会表现出严重的高频伪影,一种有效的检测思路是利用哪种技术将图像转换到频域进行分析? ( )",{"answer":87,"createTime":5,"id":88,"options":89,"question":94,"source":27,"type":28},[],318235081,[90,91,92,93],"使用一个非常显眼的补丁,让模型优先学习补丁特征","仅在模型训练的最后阶段注入后门,避免早期被发现","使得中毒样本在数据分布上向目标类别区域迁移,减少对决策边界的剧烈扰动","强制模型大幅度修改决策边界以适应异常数据","&quot;对抗性后门&quot;(Adversarial Backdoor)方法之所以难以被检测,是因为它的触发器设计思路是? ( )",{"answer":96,"createTime":5,"id":97,"options":98,"question":103,"source":27,"type":28},[],318235082,[99,100,101,102],"对所有疑似盗版的模型进行性能惩罚,使其无法正常工作","在模型中植入一个外部的、可见的版权标签","要求所有模型在输出结果时,必须附带一个由所有者签发的数字证书","每个深度学习模型因其训练过程的独特性,会形成独一无二的决策边界","模型指纹技术用于模型溯源和验证的核心思想是基于什么? ( )"]