[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMjG45tBMnSgQq13oe1ksbDRAblvx13xbtQu0p4vUAas":3},{"answer":4,"createTime":5,"id":6,"options":7,"origin":10,"question":14,"related":15,"source":25,"type":108},[],"2026-02-02 09:40:22",318235157,[8,9],"正确","错误",{"courseId":11,"courseImg":12,"courseName":13},"53e1d2ef4961cca8eea3e23969ad2cb9","https:\u002F\u002Ftihai-oss-cloud.itihey.com\u002Fimg\u002F03a579384a6dc297c89809b582fcc767.png","默认课程","高阶表示指导的去噪器(HGD)之所以比传统的像素级去噪器更有效,是因为它直接在模型的最终输出层(Softmax层)或高层特征图上定义损失函数,从而能更有效地防止对抗噪声在网络深层被放大",[16,27,36,45,54,63,72,81,90,99],{"answer":17,"createTime":5,"id":18,"options":19,"question":24,"source":25,"type":26},[],318235073,[20,21,22,23],"识别输入模型的结构,判断其是否与隐私模型一致","测量输入模型的运行速度,速度越快说明盗版可能性越高","直接对输入的图像进行分类,判断其风格","对输入模型的&quot;参数梯度&quot;进行分类,判断该模型是否含有被植入的外部特征","在基于嵌入外部特征的模型水印方法中,为了验证一个可疑模型是否为盗版,研究人员训练了一个特殊的元分类器(meta-classifier).这个元分类器的作用是? ( )","v1",0,{"answer":28,"createTime":5,"id":29,"options":30,"question":35,"source":25,"type":26},[],318235074,[31,32,33,34],"白盒攻击","基于分数的黑盒攻击","基于迁移性的黑盒攻击","基于标签的黑盒攻击","在实施对抗攻击时,如果攻击者完全不了解目标模型的内部结构和参数,只能通过向模型输入数据并观察其返回的最终预测类别(例如,只能得到&quot;猫&quot;或&quot;狗&quot;的标签,而没有具体的置信度分数)来实施攻击,这种攻击属于? ( )",{"answer":37,"createTime":5,"id":38,"options":39,"question":44,"source":25,"type":26},[],318235075,[40,41,42,43],"它完全不需要修改训练数据的标签","它使用了一种通用的、对所有样本都相同的对抗性噪声","它为每个输入的良性样本生成特定且不同的触发器","它生成的触发器对人类肉眼完全可见","与BadNets和LSB等使用固定触发器的攻击方法相比,ISSBA方法的主要创新之处在于? ( )",{"answer":46,"createTime":5,"id":47,"options":48,"question":53,"source":25,"type":26},[],318235076,[49,50,51,52],"从一个已经能够成功欺骗模型的对抗样本出发,然后逐步优化","从一个完全随机的噪声图像开始","从一个与目标模型结构相似的代理模型开始训练","从原始的、未被修改的干净图像开始","边界攻击(Boundary Attack)在执行其攻击算法时,有一个独特的起始(初始化)方式,它是如何开始的? ( )",{"answer":55,"createTime":5,"id":56,"options":57,"question":62,"source":25,"type":26},[],318235077,[58,59,60,61],"模型在标准测试集上的准确率","模型的参数总量和计算复杂度","针对该模型生成的通用对抗扰动(UAP)","模型训练所消耗的时间和计算资源","在模型指纹技术中,由于模型的决策边界是一个无法直接度量的抽象概念,研究人员选择使用什么作为其可度量的&quot;代理&quot;或&quot;替代品&quot;? ( )",{"answer":64,"createTime":5,"id":65,"options":66,"question":71,"source":25,"type":26},[],318235078,[67,68,69,70],"生成的解释与模型的最终决策无关","需要对原始模型进行大量的修改和重新训练","只能应用于线性模型和决策树","可以在不改变模型、只使用已训练好权重的情况下生成解释","Grad-CAM是一种生成显著性图的有效方法,它的一个重要优势是? ( )",{"answer":73,"createTime":5,"id":74,"options":75,"question":80,"source":25,"type":26},[],318235079,[76,77,78,79],"语义触发器","静态触发器","动态触发器","非语义触发器","在数据投毒攻击中,将图像中固有的&quot;绿色车身&quot;或文本中的特定短语作为触发器,这种触发器属于? ( )",{"answer":82,"createTime":5,"id":83,"options":84,"question":89,"source":25,"type":26},[],318235080,[85,86,87,88],"t-分布随机邻域嵌入(t-SNE)","梯度上升机制","对抗生成网络(GAN)","离散余弦变换(DCT)","研究发现,许多后门触发器在图像中会表现出严重的高频伪影,一种有效的检测思路是利用哪种技术将图像转换到频域进行分析? ( )",{"answer":91,"createTime":5,"id":92,"options":93,"question":98,"source":25,"type":26},[],318235081,[94,95,96,97],"使用一个非常显眼的补丁,让模型优先学习补丁特征","仅在模型训练的最后阶段注入后门,避免早期被发现","使得中毒样本在数据分布上向目标类别区域迁移,减少对决策边界的剧烈扰动","强制模型大幅度修改决策边界以适应异常数据","&quot;对抗性后门&quot;(Adversarial Backdoor)方法之所以难以被检测,是因为它的触发器设计思路是? ( )",{"answer":100,"createTime":5,"id":101,"options":102,"question":107,"source":25,"type":26},[],318235082,[103,104,105,106],"对所有疑似盗版的模型进行性能惩罚,使其无法正常工作","在模型中植入一个外部的、可见的版权标签","要求所有模型在输出结果时,必须附带一个由所有者签发的数字证书","每个深度学习模型因其训练过程的独特性,会形成独一无二的决策边界","模型指纹技术用于模型溯源和验证的核心思想是基于什么? ( )",3]