[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9c85BjQwB723vCGSYU61UodsJRBRYN-LH0XOOKZF1LQ":3},{"answer":4,"createTime":5,"id":6,"options":7,"origin":12,"question":16,"related":17,"source":27,"type":28},[],"2026-04-21 16:19:36",347222803,[8,9,10,11],"强制所有Deepfake模型使用统一的、公开的架构","放弃使用对抗噪声,转而采用图像加密技术","要求用户在上传图片时,手动选择需要防御的Deepfake模型类型","生成一种&quot;通用对抗噪声&quot;,该噪声可以被应用于多张不同的图像,并能抵抗多种不同的Deepfake模型",{"courseId":13,"courseImg":14,"courseName":15},"53e1d2ef4961cca8eea3e23969ad2cb9","https:\u002F\u002Ftihai-oss-cloud.itihey.com\u002Fimg\u002F03a579384a6dc297c89809b582fcc767.png","默认课程","早期的特定隐私保护方法虽然有效,但存在一个显著的局限性,即需要针对每一张待保护的图像反复优化计算一个特定的对抗噪声.为了解决这个问题,后续研究提出的核心思路是? ( )",[18,29,38,47,56,65,74,77,86,95],{"answer":19,"createTime":5,"id":20,"options":21,"question":26,"source":27,"type":28},[],347222797,[22,23,24,25],"可以在不改变模型、只使用已训练好权重的情况下生成解释","只能应用于线性模型和决策树","需要对原始模型进行大量的修改和重新训练","生成的解释与模型的最终决策无关","Grad-CAM是一种生成显著性图的有效方法,它的一个重要优势是? ( )","v1",0,{"answer":30,"createTime":5,"id":31,"options":32,"question":37,"source":27,"type":28},[],347222798,[33,34,35,36],"部分过程可控的后门攻击","半透明训练的后门攻击","全过程可控的后门攻击","全透明训练的后门攻击","根据对训练过程的掌控程度,如果攻击者对模型的训练过程并非全部透明,这种攻击属于哪一类? ( )",{"answer":39,"createTime":5,"id":40,"options":41,"question":46,"source":27,"type":28},[],347222799,[42,43,44,45],"主动防御和被动防御","修改数据和修改模型","静态防御和动态防御","预处理防御和后处理防御","根据操作对象的不同,处理中防御方法主要可以分为哪两大类",{"answer":48,"createTime":5,"id":49,"options":50,"question":55,"source":27,"type":28},[],347222800,[51,52,53,54],"语义触发器","静态触发器","非语义触发器","动态触发器","在数据投毒攻击中,将图像中固有的&quot;绿色车身&quot;或文本中的特定短语作为触发器,这种触发器属于? ( )",{"answer":57,"createTime":5,"id":58,"options":59,"question":64,"source":27,"type":28},[],347222801,[60,61,62,63],"观察模型在中毒样本和干净样本上训练损失的下降速度","测量将一个类别的样本错误分类到目标类别所需的最小扰动量","训练一个二元分类器来区分中毒和干净样本的频谱图","利用自监督学习来解耦特征提取和分类过程","&quot;神经清洗&quot;(Neural Cleanse)方法的核心思想是,后门触发器相当于在特征空间中创建了一条从其他类别到目标类别的&quot;捷径&quot;.因此,可以通过什么方式来检测这种异常? ( )",{"answer":66,"createTime":5,"id":67,"options":68,"question":73,"source":27,"type":28},[],347222802,[69,70,71,72],"这种水印对模型性能的损害最大,能有效惩罚侵权者","鲁棒特征在模型窃取或知识迁移过程中不易丢失,保证了水印的有效传递","这种水印是可见的,任何人都能轻易识别出受保护的模型","必须修改原始数据的标签才能植入这种水印,从而增强攻击性","与传统的参数水印或后门水印相比,一种改进的模型水印方法选择将外部的&quot;鲁棒特征&quot;(如梵高艺术风格)嵌入模型中.这种方法的主要优势在于? ( )",{"answer":75,"createTime":5,"id":6,"options":76,"question":16,"source":27,"type":28},[],[8,9,10,11],{"answer":78,"createTime":5,"id":79,"options":80,"question":85,"source":27,"type":28},[],347222804,[81,82,83,84],"基于优化的攻击","基于梯度的攻击","基于决策的攻击","基于分数的攻击","哪一类黑盒攻击是在信息获取最受限的条件下进行的,它仅仅依赖模型最终输出的类别标签(如&quot;猫&quot;或&quot;狗&quot;),而不需要具体的置信度分数? ( )",{"answer":87,"createTime":5,"id":88,"options":89,"question":94,"source":27,"type":28},[],347222805,[90,91,92,93],"将秘密信息编码成一个独立的图像文件","对图像的整体色调和亮度进行微小调整","使用一个复杂的神经网络将文本信息压缩到图像中","替换图像像素二进制表示中的最低有效位(Least Significant Bit)来嵌入信息","LSB隐写技术被用于生成不可见触发器,其核心原理是? ( )",{"answer":96,"createTime":5,"id":97,"options":98,"question":103,"source":27,"type":28},[],347222806,[99,100,101,102],"差分进化算法","神经辐射场 (NeRF)","循环神经网络 (RNN)","对抗生成网络 (GAN)","ViewFool是一种系统性生成对抗性视角图像的攻击方法,它通过寻找让模型识别出错的特定观察角度来实施攻击.该方法依赖于哪项核心技术来对三维物体进行建模,并渲染出任意新视角的图像? ( )"]