WO2025130470A1 - Procédé et appareil pour déterminer une politique d'exécution de tâche - Google Patents

Procédé et appareil pour déterminer une politique d'exécution de tâche Download PDF

Info

Publication number
WO2025130470A1
WO2025130470A1 PCT/CN2024/132767 CN2024132767W WO2025130470A1 WO 2025130470 A1 WO2025130470 A1 WO 2025130470A1 CN 2024132767 W CN2024132767 W CN 2024132767W WO 2025130470 A1 WO2025130470 A1 WO 2025130470A1
Authority
WO
WIPO (PCT)
Prior art keywords
sample
task
model
module
indicates
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2024/132767
Other languages
English (en)
Chinese (zh)
Inventor
刘银萍
刘宗惠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2025130470A1 publication Critical patent/WO2025130470A1/fr
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/4881Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning

Definitions

  • the present application relates to the field of artificial intelligence (AI) technology, and in particular to a method and device for determining a task execution strategy.
  • AI artificial intelligence
  • AI artificial intelligence
  • ML machine learning
  • the present application provides a method and device for determining a task execution strategy, which can reduce the error rate of model reasoning.
  • a method for determining a task execution strategy is provided, which can be executed by a trusted module.
  • the trusted module here can refer to the trusted module itself, or a processor, module, logical node, chip, or chip system that implements the method in the trusted module.
  • the method includes: receiving first request information; the first request information is used to indicate a first model corresponding to a first task and a first sample corresponding to the first task; when the first sample is an adversarial sample of the first model, sending an execution strategy of the first task, the execution strategy of the first task is used to indicate a method of changing the first sample to a non-adversarial sample.
  • this method can improve the problem of model reasoning errors caused by adversarial samples, thereby reducing the model reasoning error rate.
  • changing the first sample to a non-adversarial sample includes: replacing the first model; or, replacing the first sample; or, performing a first operation on the first sample.
  • the method of changing the first sample into a non-adversarial sample includes replacing the first model, and the first sample can be changed into a non-adversarial sample by replacing the first model;
  • the method of changing the first sample into a non-adversarial sample includes replacing the first sample, and the first sample can be changed into a non-adversarial sample by replacing the first sample;
  • the method of changing the first sample into a non-adversarial sample includes performing a first operation on the first sample, and the first sample can be changed into a non-adversarial sample by performing the first operation on the first sample.
  • the method further includes: obtaining first indication information, the first indication information being used to indicate whether the first task has a backup sample, and/or the first indication information being used to indicate whether the first task has a backup model; and determining an execution strategy for the first task based on the first indication information.
  • the execution strategy of the first task may be determined according to the first indication information, that is, the execution strategy of the first task may be determined according to whether there are backup samples and/or whether there are backup models for the first task.
  • determining an execution strategy for the first task based on first indication information includes: the first indication information indicates that the first task has a backup sample, and the execution strategy of the first task indicates replacing the first sample; or, the first indication information indicates that the first task has a backup model, and the execution strategy of the first task indicates replacing the first model; the first indication information indicates that the first task has neither a backup sample nor a backup model, and the execution strategy of the first task indicates performing a first operation on the first sample.
  • the first model when the first indication information indicates that the first task has a backup sample and the execution strategy of the first task indicates to replace the first sample, the first model can obtain an output result based on the backup sample to avoid the first model outputting an erroneous result based on the first sample; when the first indication information indicates that the first task has a backup model and the execution strategy of the first task indicates to replace the first model, the backup model of the first task can obtain an output result based on the first sample to avoid the first model outputting an erroneous result based on the first sample; when the first indication information indicates that the first task has no backup sample and no backup model and the execution strategy of the first task indicates to perform a first operation on the first sample, the first model can obtain an output result based on the sample obtained after performing the first operation to avoid the first model outputting an erroneous result based on the first sample.
  • the first operation includes at least one of the following: feature compression, sample denoising, or data smoothing.
  • the sample data that causes the first model reasoning error can be eliminated by performing feature compression, sample denoising or data smoothing on the first sample, so that the sample obtained after executing the first operation is changed to a non-adversarial sample of the first model.
  • the execution strategy of the first task indicates replacing the first sample
  • the method further includes: obtaining a second sample corresponding to the first task; and determining whether the second sample is an adversarial sample according to the first model.
  • a second sample corresponding to the first task can also be obtained, and it can be determined whether the second sample is an adversarial sample according to the first model, so as to reduce the error rate of reasoning of the first model.
  • the execution strategy of the first task indicates replacing the first model
  • the method further includes: acquiring a second model corresponding to the first task; and determining whether the first sample is an adversarial sample according to the second model.
  • the method further includes: receiving first strategy information, where the first strategy information indicates an execution strategy of the first task.
  • the trusted module may determine a method for changing the first sample into a non-adversarial sample according to the first policy information.
  • the method further includes: obtaining a robustness requirement of the first task, where the robustness requirement of the first task indicates that it is necessary to detect whether a first sample corresponding to the first task is an adversarial sample; and determining whether the first sample is an adversarial sample according to the first model.
  • the trusted module can determine whether it is necessary to detect whether the first sample is an adversarial sample of the first model according to the robustness requirement of the first task.
  • the robustness requirement of the first task indicates to detect whether the first sample corresponding to the first task is an adversarial sample
  • the trusted module can determine that it is necessary to detect whether the first sample is an adversarial sample of the first model.
  • the robustness requirement of the first task indicates not to detect whether the first sample corresponding to the first task is an adversarial sample
  • the trusted module can determine that it is not necessary to detect whether the first sample is an adversarial sample of the first model.
  • the robustness requirement of the first task also indicates the robustness requirement of the output result of the first model corresponding to the first task; determining whether the first sample is an adversarial sample according to the first model includes: determining whether the first sample is an adversarial sample according to the first model and the robustness requirement.
  • a method for determining a task execution strategy is provided, which can be executed by an inference module.
  • the inference module here can refer to the inference module itself, or to a processor, module, logic node, chip, or chip system that implements the method in the inference module.
  • the method includes: obtaining a first sample of a first task; sending a first request message; the first request message indicates the first sample of the first task and the first model of the first task; receiving an execution strategy of the first task, wherein the execution strategy of the first task indicates a method for changing the first sample into a non-adversarial sample.
  • this method can improve the problem of model reasoning errors caused by adversarial samples, thereby reducing the model reasoning error rate.
  • changing the first sample to a non-adversarial sample includes: replacing the first model; or, replacing the first sample; or, performing a first operation on the first sample.
  • the method of changing the first sample into a non-adversarial sample includes replacing the first model, and the reasoning module can change the first sample into a non-adversarial sample by replacing the first model;
  • the method of changing the first sample into a non-adversarial sample includes replacing the first sample, and the reasoning module can change the first sample into a non-adversarial sample by replacing the first sample;
  • the method of changing the first sample into a non-adversarial sample includes performing a first operation on the first sample, and the reasoning module can perform reasoning based on the sample after performing the first operation on the first sample.
  • the method further includes: sending first indication information, the first indication information being used to indicate whether the first task has a backup sample, and/or, the first indication information being used to indicate whether the first task has a backup model, and the first indication information being used to determine an execution strategy for the first task.
  • a device that receives the first indication information can determine an execution strategy for the first task according to the first indication information.
  • the first indication information indicates that the first task has a backup sample, and the execution strategy of the first task indicates replacing the first sample; or, the first indication information indicates that the first task has a backup model, and the execution strategy of the first task indicates replacing the first model; the first indication information indicates that the first task has neither a backup sample nor a backup model, and the execution strategy of the first task indicates performing a first operation on the first sample.
  • the first model when the first indication information indicates that the first task has a backup sample and the execution strategy of the first task indicates to replace the first sample, the first model can obtain an output result according to the backup sample, thereby preventing the first model from outputting an erroneous result according to the first sample; when the first indication information indicates that the first task has a backup model and the execution strategy of the first task indicates to replace the first model, the backup model of the first task can obtain an output result according to the first sample, thereby preventing the first model from outputting an erroneous result according to the first sample; when the first indication information indicates that the first task has no backup sample and no backup model, the execution strategy of the first task indicates to perform a first operation on the first sample, thereby preventing the first model from outputting an erroneous result according to the first sample.
  • the first operation includes at least one of the following: feature compression, sample denoising, or data smoothing.
  • sample data that causes inference errors of the first model can be eliminated, so that the sample obtained after executing the first operation is changed to a non-adversarial sample of the first model.
  • the execution strategy of the first task indicates replacing the first model
  • the method further includes: receiving second indication information from the communication node, where the second indication information is used to indicate a backup model for the first task.
  • the backup model of the first task can be obtained according to the second indication information.
  • the method when the execution strategy of the first task indicates replacing the first model, the method further includes: sending a first sample to a communication node; receiving an inference result from the communication node, wherein the inference result is used to indicate a result obtained by reasoning based on the first sample and the backup model of the first task.
  • the first sample may be sent to the communication node to obtain a result obtained by reasoning based on the first sample and the backup model.
  • the method further includes: receiving a robustness requirement of the first task, where the robustness requirement of the first task indicates that it is necessary to detect whether a sample corresponding to the first task is an adversarial sample.
  • the reasoning module may determine whether to send the first request information according to the robustness requirement of the first task.
  • the robustness requirement of the first task also indicates the robustness requirement of the output result of the model of the first task.
  • the robustness requirements for the output results of the model of the first task may be determined.
  • the execution strategy of the first task is further used to indicate that the first sample is an adversarial sample.
  • a method for changing the first sample to a non-adversarial sample may be determined according to an execution strategy of the first task.
  • a communication device for implementing the above method.
  • the communication device may be the trusted module in the above first aspect; or, the communication device may be the reasoning module in the above second aspect.
  • the communication device includes a module, unit, or means corresponding to the above method, which may be implemented by hardware, software, or by executing corresponding software implementation by hardware.
  • the hardware or software includes one or more modules or units corresponding to the above functions.
  • the communication device may include a processing module and an interface module.
  • the processing module may be used to implement the processing functions in any of the above aspects and any possible implementations thereof.
  • the processing module may be, for example, a processor.
  • the interface module which may also be referred to as an interface unit, is used to implement the sending and/or receiving functions in any of the above aspects and any possible implementations thereof.
  • the interface module may be composed of an interface circuit, a transceiver, a transceiver or a communication interface.
  • the interface module includes a sending module and a receiving module, which are respectively used to implement the sending and receiving functions in any of the above aspects and any possible implementations thereof.
  • a communication device comprising: a processor; the processor is coupled to a memory, and after reading an instruction in the memory, executes the method as described in any of the above aspects according to the instruction.
  • the communication device may be the trusted module in the first aspect; or the communication device may be the reasoning module in the second aspect.
  • the communication device further includes a memory, the memory being used to store program instructions and data.
  • the memory is integrated with the processor; or, the memory is independent of the processor.
  • the communication device is a chip or a chip system.
  • the communication device when it is a chip system, it can be composed of a chip, or it can include a chip and other discrete devices.
  • a communication device comprising: a processor and an interface circuit; the interface circuit is used to receive a computer program or instruction and transmit it to the processor; the processor is used to execute the computer program or instruction so that the communication device performs the method as described in any of the above aspects.
  • the communication device can be the trusted module in the above first aspect; or, the communication device can be the reasoning module in the above second aspect.
  • the communication device is a chip or a chip system.
  • the communication device when it is a chip system, it can be composed of a chip, or it can include a chip and other discrete devices.
  • a computer-readable storage medium wherein instructions are stored in the computer-readable storage medium, and when the computer-readable storage medium is run on a computer, the computer can execute the method described in any of the above aspects.
  • a computer program product comprising instructions, which, when executed on a computer, enables the computer to execute the method described in any one of the above aspects.
  • a communication system which includes a trusted module for executing the method described in the first aspect and a reasoning module for executing the method described in the second aspect.
  • the technical effects brought about by any possible implementation method in the third to eighth aspects can refer to the technical effects brought about by any aspect in the first to second aspects or different possible implementation methods in any aspect, and will not be repeated here.
  • FIG1A is a schematic diagram of a stable region and an unstable region of a classification model provided by the present application.
  • FIG1B is a schematic diagram of an image classification model provided by the present application being attacked by an adversarial sample
  • FIG1C is a schematic diagram of a regression model provided by the present application being attacked by an adversarial sample
  • FIG1D is a schematic diagram of the AI process of the beam management use case provided in this application.
  • FIG1E is a schematic diagram of a beam management model provided by the present application being attacked by an adversarial sample
  • FIG2A is a schematic diagram of a communication system architecture provided by the present application.
  • FIG2B is a second schematic diagram of a communication system architecture provided by the present application.
  • FIG2C is a third schematic diagram of the communication system architecture provided by the present application.
  • FIG2D is a schematic diagram of an AI workflow of a radio access network (RAN) domain provided by the present application.
  • RAN radio access network
  • FIG2E is a schematic diagram of an AI workflow in the operations, administration and maintenance (OAM) domain provided by the present application;
  • FIG2F is a fourth schematic diagram of the communication system architecture provided by the present application.
  • FIG2G is a fifth schematic diagram of a communication system architecture provided by the present application.
  • FIG3 is a schematic diagram of the hardware structure of the communication device provided by the present application.
  • FIG4 is a flow chart of a communication method provided by the present application.
  • FIG5 is a second flow chart of the communication method provided by the present application.
  • FIG6 is a schematic diagram of the structure of the communication device provided in the present application.
  • the inference phase of the model i.e., the phase where the output results are obtained based on the inference samples input to the model
  • the model is not robust enough, under the influence of various factors such as noise, measurement errors, malicious modifications, etc., the inference samples may become adversarial samples of the model, causing the model's inference errors.
  • "robustness" can be understood as the performance that enables the model to resist certain malicious attacks. The purpose of making the model robust is to ensure that the output results of the model are not affected by attacks to the greatest extent.
  • the adversarial sample mentioned above refers to a sample specially designed for the model during the inference phase of the model, such as by adding small but carefully designed perturbations to the original sample to mislead the model and cause the model to obtain incorrect output results.
  • FIG. 1A a schematic diagram of the stable and unstable areas of a classification model is shown.
  • each circle and square corresponds to the output results of the model according to different inputs, where the circle can correspond to the point where the classification result output by the model is "A”, and the square can correspond to the point where the classification result output by the model is "B".
  • the area near the classification boundary can be called an unstable area (also called a non-robust area), and the area far from the classification boundary can be called a stable area.
  • an unstable area also called a non-robust area
  • the area far from the classification boundary can be called a stable area.
  • Example 1 uses Example 1 and Example 2 as examples to illustrate.
  • Example 1 takes an example of an image classification model being attacked by an adversarial sample.
  • the original image is a panda. If the original image is used as the input of the image classification model, the classification result of the image classification model based on the original image output is "panda" (confidence is 57.7%). If some carefully designed noise invisible to the naked eye is superimposed on the original image (for example, the noise can be weighted by 0.007), an adversarial sample image is obtained, and the classification result of the image classification model based on the adversarial sample image output is "gibbon" (confidence is 99.3%).
  • Example 2 takes a regression model attacked by an adversarial sample as an example.
  • the regression model can be a mathematical model that quantitatively describes a statistical relationship.
  • the regression model can be represented by the expression f(x).
  • the regression model When the input data is x, the regression model outputs y. If some interference is applied to x, the input data becomes (x+ ⁇ x1), and the regression model outputs y’. If some other interference is applied to x, the input data may also become (x+ ⁇ x2), and the regression model outputs y’. y” and y’ are incorrect output data.
  • an adversarial attack can be understood as a process of applying slight perturbations to the original input reasoning samples of the target machine learning model to generate adversarial samples and deceive the target model.
  • the EU AI Act (ACT ARTICLE 15) provides requirements for AI robustness: AI-specific vulnerabilities should be addressed, including taking measures, where appropriate, to prevent, detect, respond, resolve, and control attacks that attempt to manipulate training data sets ("data poisoning"), or pre-trained components used for training (“model poisoning”), designed to cause model errors ("adversarial samples” or “model evasion”), confidentiality leaks (confidentiality attacks) or other model defects, all of which may lead to harmful decisions.
  • S101 The RAN node in the NR sends a full-beam scanning instruction to the terminal.
  • the terminal receives the full-beam scanning instruction.
  • full beam refers to an omnidirectional beam
  • the angle value specifically indicated by the omnidirectional can be set by the RAN node.
  • the omnidirectional can be an angle of 180° or 360°.
  • Full beam scanning can be a beam scanning of 32 beams, 64 beams, or 256 beams. The specific number of beams is configured by the RAN node. This example takes 64 beams as a full beam as an example for explanation.
  • S102 The terminal obtains data of a training model for beam scanning.
  • the terminal can measure all beams to obtain the inference samples of the beam scanning training model, and obtain the reference signal receiving power (RSRP) of each beam.
  • RSRP reference signal receiving power
  • the identity (ID) of all beams and the corresponding RSRP can be used as the data of the training model.
  • the terminal sends the training model data to the RAN node.
  • the RAN node receives the training model data from the terminal.
  • S104 The RAN node generates or trains a model.
  • the RAN node uses the data of the training model from the terminal to generate or train the model, and the output data is the probability of occurrence of 5 optimal beams among 64 beams.
  • the RAN node sends a sparse beam scanning instruction to the terminal.
  • the terminal receives the sparse beam scanning instruction from the RAN node.
  • 16 beams are used as the number of beams of the sparse beam.
  • the terminal sends the RSRP corresponding to the sparse beam to the RAN node.
  • the RAN node receives the RSRP corresponding to the sparse beam from the terminal.
  • steps S105 to S106 can be performed multiple times, so that the RAN node can obtain samples corresponding to multiple sparse beams, and these samples can be used as training samples to train the model.
  • the RAN node uses the model to infer five optimal beams.
  • the RAN node uses the model generated in S104 to infer 5 optimal beams among the 64 beams and obtains the beam IDs of the 5 optimal beams.
  • the number of optimal beams can be set by presetting or the like. This example takes 5 optimal beams as an example for explanation. The number of optimal beams can also be other numbers without limitation.
  • a schematic diagram of 5 optimal beams inferred from 64 beams by the RAN node can be seen in the grid diagram next to S107. The 5 optimal beams can be indicated by 5 black squares in the grid diagram.
  • the RAN node sends an instruction to the terminal to perform a two-stage scan based on five optimal beams.
  • the terminal receives the instruction from the RAN node to perform a two-stage scan based on five optimal beams.
  • S109 The terminal measures beam RSRP.
  • the terminal measures RSRP and selects the best beam from the five best beams.
  • the terminal sends an indication of the optimal beam to the RAN node.
  • the RAN node receives the indication of the optimal beam from the terminal.
  • the indication of the optimal beam may include the ID of the optimal beam.
  • the RAN node sends a signal based on the optimal beam.
  • the terminal receives the signal sent from the RAN node based on the optimal beam.
  • the RAN node can obtain sparse beam scanning results from multiple terminals respectively, thereby obtaining multiple samples (see the first left figure in Figure 1E), and train a model through multiple samples.
  • the reasoning process of the model can be expressed by the expression f(x), and the output of the model is the 5 best beams among the 64 beams.
  • the model outputs the correct result (see the first right figure in Figure 1E).
  • a trusted module can receive a first request message, wherein the first request message is used to indicate a first model corresponding to a first task and a first sample corresponding to the first task, and determine whether the first sample is an adversarial sample based on the first model.
  • the trusted module can determine the execution strategy of the first task, and the execution strategy of the first task is used to indicate a method for changing the first sample to a non-adversarial sample.
  • the trusted module can determine whether the first sample is an adversarial sample. If the first sample is an adversarial sample, the trusted module can determine a method for changing the first sample to a non-adversarial sample, thereby avoiding model reasoning errors caused by adversarial samples, and the model reasoning error rate will be improved.
  • FIG2A is only a schematic diagram and does not constitute a limitation on the applicable scenarios of the technical solution provided in this application.
  • the AI system 20 may include a trusted module 201 and a reasoning module 202 connected to the trusted module 201.
  • the AI system 20 also includes a management module 203.
  • the trusted module 201 can be used to obtain the first model corresponding to the first task and the first sample corresponding to the first task, determine whether the first sample is an adversarial sample according to the first model, and determine the execution strategy of the first task when the first sample is an adversarial sample.
  • the execution strategy of the first task is used to indicate at least one way to change the first sample to a non-adversarial sample.
  • the trusted module 201 is also used to send the execution strategy of the first task to the reasoning module 202, so that the reasoning module 202 executes the first task according to the execution strategy.
  • the management module 203 may be configured to send the robustness requirement of the first task to the trusted module 201 , so that the trusted module 201 determines whether it is necessary to detect whether the sample corresponding to the first task is an adversarial sample according to the robustness requirement of the first task.
  • the AI system 20 shown in FIG. 2A can be applied to a 3GPP network or an open radio access network (ORAN) architecture, etc., which is not specifically limited in the embodiments of the present application.
  • ORAN open radio access network
  • the AI system 20 shown in FIG. 2A can be applied to the communication network architecture shown in FIG. 2B .
  • the communication network shown in FIG. 2B can be divided into a RAN domain and a RAN domain/cross-domain management service (MnS) consumer according to functions.
  • the RAN domain includes a domain management function (for example, the domain management function can be OAM) and a RAN node.
  • the RAN node has an AI/ML reasoning function and a trusted AI/ML management function.
  • the AI/ML reasoning function can have the function of a reasoning module 202
  • the trusted AI/ML management function can have the function of a trusted module 201
  • the domain management function can have the function of a management module 203.
  • the RAN domain is also called an access network domain.
  • the RAN domain sends data to the RAN domain/cross-domain MnS consumers through the northbound interface, and the RAN domain/cross-domain management service consumers send data to the RAN domain through the southbound interface.
  • the AI system 20 shown in FIG. 2A can also be applied to the communication network architecture shown in FIG. 2C.
  • FIG. 2C differs from FIG. 2B in that, in FIG. 2C, the domain management function has an AI/ML reasoning function and a trusted AI/ML management function.
  • the AI/ML reasoning function may have the function of the reasoning module 202
  • the trusted AI/ML management function may have the function of the trusted module 201
  • the domain management function may have the function of the management module 203. It can be understood that in addition to the two communication system architectures described in FIG. 2B or FIG.
  • the RAN node may have an AI/ML reasoning function
  • the domain management function may have a trusted AI/ML management function
  • the RAN node may have a trusted AI/ML management function
  • the domain management function may have an AI/ML reasoning function. This application does not limit the location where the AI/ML reasoning function and the trusted AI/ML management function are deployed in the 3GPP network.
  • AI/ML reasoning functions and trusted AI/ML management functions can be flexibly deployed. Both AI/ML reasoning functions and trusted AI/ML management functions can provide various services for different interfaces to meet the requirements of service-oriented interface definition.
  • the following introduces the AI workflows related to RAN nodes and domain management functions respectively.
  • the AI workflow of the RAN node is mainly divided into data collection, training, inference, and actor stages, as shown in Figure 2D.
  • the RAN node can collect data, and the collected data can be used as training data for model training, or as input data for the trained model for model inference.
  • the output data of the model can be applied to the corresponding scenario, and other data obtained during the use of the model that is different from the input data can also be fed back to the data collection module.
  • the above process can be repeated and will not be repeated.
  • the AI workflow of OAM (i.e., the domain management function in Figure 2C) can be divided into three stages: training, deployment, and reasoning, as shown in Figure 2E.
  • OAM can train the model and test the model after training.
  • OAM can re-train the model.
  • OAM can deploy the model to the RAN node.
  • OAM can use these models for reasoning. If an abnormality occurs during the reasoning process, OAM can also train the model for further correction of the model. It can be understood that the above-mentioned corrected model (or the model of other situations) can be used for model reasoning without deployment (or other models that have been deployed) after completing the model testing.
  • the AI system 20 shown in FIG2A can also be applied to an ORAN network.
  • the AI system 20 can also be applied to the communication system architecture shown in FIG2F or FIG2G.
  • the ORAN network is an open RAN architecture with open standardized interfaces, which can independently build each module so that cellular network equipment developed according to different standards can interoperate with each other.
  • wireless network equipment providers can focus on providing specific components instead of building the entire RAN, thereby making the mobile communication network software-based, virtualized, flexible, intelligent and energy-efficient.
  • the communication system architecture of the ORAN network may include: non-real-time radio intelligent controller (Non-RT RIC), near real-time radio intelligent controller (Near-RT RIC), ORAN architecture central unit (ORAN-central unit, O-CU) and ORAN architecture distributed unit (ORAN-distributed unit, O-DU).
  • Non-RT RIC non-real-time radio intelligent controller
  • Near-RT RIC near real-time radio intelligent controller
  • ORAN architecture central unit ORAN-central unit, O-CU
  • ORAN architecture distributed unit ORAN-distributed unit
  • O-CU and O-DU are both nodes of ORAN.
  • O-CU is the centralized unit (CU) under the ORAN system, which is mainly responsible for non-real-time L2 and radio resource control (RRC) functions.
  • O-DU is the distributed unit (DU) under the ORAN system, which is mainly responsible for real-time L2 functions, baseband signal processing and other functions.
  • Near real-time RIC is an enhancement based on radio resource management (RRM), integrating RRM, slice management, service level agreement, AI/ML, mobile edge cloud computing and other technologies to provide near real-time intelligent control of RAN (the access network part of ORAN).
  • RRM radio resource management
  • Near real-time RIC is connected to O-CU, O-DU and non-real-time RIC through ORAN standardized interfaces.
  • the non-real-time RIC is located in the network management platform of ORAN and performs policy management, RAN analysis, and AI/ML-based function management.
  • the non-real-time RIC is connected to the near-real-time RIC through an ORAN standardized interface.
  • Both near-real-time RIC and non-real-time RIC belong to real-time radio intelligent controller (RT RIC).
  • RT RIC real-time radio intelligent controller
  • One possible implementation method is that near-real-time RIC implements near-real-time control and optimization of ORAN nodes (O-CU/O-DU), and non-real-time RIC implements non-real-time control of ORAN nodes (O-CU/O-DU).
  • model training can be completed in the non-real-time RIC platform and deployed to the near-real-time RIC platform for reasoning.
  • Non-real-time RIC can also send execution strategies to near-real-time RIC.
  • the O-CU or O-DU may have AI/ML reasoning functions
  • the non-real-time RIC or near real-time RIC may have trusted AI/ML management functions
  • Figure 2F shows a schematic diagram of a non-real-time RIC with trusted AI/ML management functions
  • Figure 2G shows a schematic diagram of a near-real-time RIC with trusted AI/ML management functions.
  • the O-CU or O-DU may have AI/ML reasoning functions.
  • the trusted AI/ML management function may have the functions of the above-mentioned trusted module 201
  • the AI/ML reasoning function may have the functions of the above-mentioned reasoning module 202.
  • a RAN node may be a device with wireless transceiver functions, which can help a terminal achieve wireless access.
  • the RAN node in this application may also be referred to as a node in the RAN, a RAN node, or an access network device.
  • RAN nodes include, but are not limited to: evolved base stations (NodeB or eNB or e-NodeB, evolutional Node B) in LTE, evolved base stations (next generation eNB, ng-eNB) in next generation LTE, base stations (gNodeB or gNB) in NR, next generation RAN nodes (next generation radio access network, NG-RAN), transmitting points (transmitting points, TP) or transmission receiving points (transmission receiving points/transmission reception points, TRP), base stations of subsequent evolution of 3GPP, next generation base stations (next generation NodeB, gNB), next generation base stations in 6G mobile communication systems, base stations in future mobile communication systems, satellites, access nodes in WiFi systems, wireless relay nodes, wireless backhaul nodes, integrated access and backhaul (IAB) nodes, RAN nodes in mobile switching center non-terrestrial network (NTN) communication systems, that is, RAN nodes that can be deployed on high-altitude platforms or satellites, etc.
  • the base station can be: a macro base station, a micro base station, a pico base station, a small station, a relay station, or a balloon station, etc. Multiple base stations can support the same technology mentioned above, or they can support the networks of different technologies mentioned above.
  • the base station can include one or more co-sited or non-co-sited TRPs.
  • the RAN node can also be a device that acts as a base station in D2D communication, Internet of Vehicles communication, drone communication, and machine communication.
  • the RAN node can also be a wireless controller in a cloud radio access network (CRAN) scenario.
  • CRAN cloud radio access network
  • the RAN node can also be a centralized unit (CU), a distributed unit (DU), a CU-control plane (CP), a CU-user plane (UP), a radio unit (RU), a roadside unit (RSU) with base station function, a wired access gateway or a core network element, etc.
  • the RAN node can also be a server, a wearable device, a machine communication device or a vehicle-mounted device, etc.
  • the RAN node in the V2X technology can be an RSU.
  • the following takes the RAN node as a base station as an example for explanation.
  • the multiple RAN nodes may be base stations of the same type or different types.
  • the base station may communicate with the terminal or communicate with the terminal through a relay station.
  • the terminal may communicate with multiple base stations of different technologies.
  • the terminal may communicate with a base station supporting an LTE network or a base station supporting a 5G network, and may also support dual connections with a base station of an LTE network and a base station of a 5G network.
  • the CU and DU may be separately configured or may be included in the same network element, such as a baseband unit (BBU).
  • the RU may be included in a radio frequency device or a radio frequency unit, such as a remote radio unit (RRU), an active antenna unit (AAU) or a remote radio head (RRH).
  • RRU remote radio unit
  • AAU active antenna unit
  • RRH remote radio head
  • the CU may be divided into a RAN node in an access network, or may be divided into a RAN node in a core network, without limitation herein.
  • the form of the RAN node is not limited.
  • the device for implementing the function of the RAN node can be a RAN node; it can also be a device that can support the RAN node to implement the function, such as a chip system.
  • the device can be installed in the RAN node or used in conjunction with the RAN node.
  • each module in FIG. 2A of the present application may also be referred to as a communication device, which may be a general device or a dedicated device, and the present application does not make any specific limitation on this.
  • each module in FIG. 2A of the present application can be implemented by one device, or by multiple devices together, or by one or more functional modules in one device, and the present application does not make specific restrictions on this. It is understandable that the above functions can be network elements in hardware devices, software functions running on dedicated hardware, or a combination of hardware and software, or virtualization functions instantiated on a platform (for example, a cloud platform).
  • each module in FIG. 2A of the present application can adopt the composition structure shown in FIG. 3, or include the components shown in FIG. 3.
  • FIG. 3 is a schematic diagram of the hardware structure of a communication device applicable to the present application.
  • the communication device 30 includes at least one processor 301 and at least one communication interface 304, which are used to implement the method provided by the present application.
  • the communication device 30 may also include a communication line 302 and a memory 303.
  • Processor 301 can be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the program of the present application.
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • the communication link 302 may include a path to transmit information between the above-mentioned components, such as a bus.
  • the communication interface 304 is used to communicate with other devices or communication networks.
  • the communication interface 304 can be any transceiver-like device, such as an Ethernet interface, a radio access network (RAN) interface, a wireless local area network (WLAN) interface, a transceiver, a pin, a bus, an interface circuit, or a transceiver circuit.
  • RAN radio access network
  • WLAN wireless local area network
  • the memory 303 may be a read-only memory (ROM) or other types of static storage devices that can store static information and instructions, a random access memory (RAM) or other types of dynamic storage devices that can store information and instructions, or an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compressed optical disc, laser disc, optical disc, digital versatile disc, Blu-ray disc, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store the desired program code in the form of instructions or data structures and can be accessed by a computer, but is not limited thereto.
  • the memory may be independent and coupled to the processor 301 through the communication line 302.
  • the memory 303 may also be integrated with the processor 301.
  • the memory provided in the present application may generally be non-volatile.
  • the memory 303 is used to store the computer execution instructions involved in executing the solution provided by this application, and the execution is controlled by the processor 301.
  • the processor 301 is used to execute the computer execution instructions stored in the memory 303, so as to implement the method provided by this application.
  • the processor 301 may also perform the processing-related functions in the method provided below in this application, and the communication interface 304 is responsible for communicating with other devices or communication networks, which is not specifically limited in this application.
  • the computer-executable instructions in the present application may also be referred to as application code, which is not specifically limited in the present application.
  • the coupling in this application is an indirect coupling or communication connection between devices, units or modules, which can be electrical, mechanical or other forms, and is used for information exchange between devices, units or modules.
  • the processor 301 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 3 .
  • the communication device 30 may include multiple processors, such as the processor 301 and the processor 307 in FIG3. Each of these processors may be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor.
  • the processor here may refer to one or more devices, circuits, and/or processing cores for processing data (such as computer program instructions).
  • the communication device 30 may further include an output device 305 and/or an input device 306.
  • the output device 305 is coupled to the processor 301 and can display information in a variety of ways.
  • the output device 305 may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector.
  • the input device 306 is coupled to the processor 301 and can receive user input in a variety of ways.
  • the input device 306 may be a mouse, a keyboard, a touch screen device, or a sensor device.
  • composition structure shown in FIG. 3 does not constitute a limitation on the communication device.
  • the communication device may include more or fewer components than shown in the figure, or combine certain components, or arrange the components differently.
  • sending a first request information to... can be understood as the destination end of the information being a trusted module, which can include directly or indirectly sending information to the trusted module.
  • receiving a first request information from... can be understood as the source end of the information being an inference module, which can include directly or indirectly receiving information from an inference module.
  • the information may be processed as necessary between the source end and the destination end of the information transmission, such as format changes, etc., but the destination end can understand the valid information from the source end. Similar expressions in this application can be understood similarly and will not be repeated here.
  • A/B can indicate A or B
  • a and/or B can indicate: A exists alone, A and B exist at the same time, and B exists alone, where A and B can be singular or plural.
  • expressions similar to "at least one of A, B and C" or "at least one of A, B or C” are usually used to indicate any of the following: A exists alone; B exists alone; C exists alone; A and B exist at the same time; A and C exist at the same time; B and C exist at the same time; A, B and C exist at the same time.
  • the above uses A, B and C as an example to illustrate the optional items of the item.
  • words such as “first” and “second” may be used to distinguish between technical features with the same or similar functions.
  • the words such as “first” and “second” do not limit the quantity and execution order, and the words such as “first” and “second” do not necessarily limit them to be different.
  • words such as “exemplary” or “for example” are used to indicate examples, illustrations or explanations, and any embodiment or design described as “exemplary” or “for example” should not be interpreted as being more preferred or more advantageous than other embodiments or designs.
  • the use of words such as “exemplary” or “for example” is intended to present related concepts in a concrete way for easy understanding.
  • used for indication can include direct indication and indirect indication, and can also include explicit indication and implicit indication.
  • indication information can include that the indication information directly indicates A or indirectly indicates A, but it does not mean that the indication information must carry A.
  • the information indicated by a certain information (such as the first indication information described below) is called information to be indicated.
  • information to be indicated there are many ways to indicate the information to be indicated, such as but not limited to, directly indicating the information to be indicated, such as the information to be indicated itself or the index of the information to be indicated.
  • the information to be indicated can also be indirectly indicated by indicating other information, wherein there is an association relationship between the other information and the information to be indicated.
  • the indication of specific information can also be achieved by means of the arrangement order of each information agreed in advance (such as specified by the protocol), thereby reducing the indication overhead to a certain extent.
  • the trusted module, and/or the reasoning module, and/or the management module can perform some or all of the steps in the present application, and these steps are only examples, and the present application can also perform other steps or variations of various steps.
  • the various steps can be performed in different orders presented in the present application, and it is possible that not all of the steps in the present application need to be performed.
  • the method provided below in the present application uses the trusted module, reasoning module and management module as the execution subject of the interactive illustration as an example to illustrate the method, but the present application does not limit the execution subject of the interactive illustration.
  • the trusted module in the method provided in the following embodiment of the present application may also be a chip, chip system, or processor that supports the trusted module to implement the method, or a logical node, logic module or software that can implement all or part of the trusted module;
  • the reasoning module in the method provided below in the present application may also be a chip, chip system, or processor that supports the reasoning module to implement the method, or a logical node, logic module or software that can implement all or part of the reasoning module;
  • the management module in the method provided below in the present application may also be a chip, chip system, or processor that supports the management module to implement the method, or a logical node, logic module or software that can implement all or part of the management module.
  • a method for determining a task execution strategy may include the following steps:
  • the reasoning module obtains a first sample of a first task.
  • the reasoning module may be the reasoning module 202 shown in FIG2A.
  • the first task is a task to be performed by the reasoning module.
  • the first task may correspond to at least one sample, and the at least one sample includes the first sample.
  • the reasoning module obtains the first sample of the first task from the corresponding RAN node. It is understandable that if the reasoning module is deployed on the RAN node, the reasoning module obtains the first sample of the first task using the interface inside the RAN node. If the reasoning module is located in the domain management function (such as OAM), the reasoning module can obtain the first sample of the first task through the interface between OAM and the RAN node. The following takes the deployment of the reasoning module on the RAN node as an example to illustrate the process of the reasoning module obtaining the first sample of the first task.
  • the first task is a beam management use case.
  • the RAN node initiates the collection of the first sample by instructing the terminal to perform a sparse beam scan.
  • the terminal obtains the beam measurement results of 16 beams out of 64 beams (such as the RSRP of 16 beams) as the result of the sparse beam scan, and sends the result of the sparse beam scan to the RAN node.
  • the RAN node receives the result of the sparse beam scan from the terminal, it indicates the result of the sparse beam scan to the reasoning module, and the reasoning module can use the result of the sparse beam scan as the first sample of the first task.
  • the first task is a cell load balancing use case as an example for explanation.
  • cell load balancing is for multiple cells managed by a RAN node. If the number of terminals accessing some of the multiple cells is about to reach or has exceeded the load capacity of the cell, the service quality of the terminals accessing these cells will be reduced, while the number of terminals accessing other cells in the multiple cells may be very small. In this case, in order to ensure the service quality of the terminal, the number of terminals accessed between the cells can be adjusted.
  • the reasoning module can instruct the RAN node to obtain terminal information accessing multiple cells managed by the RAN node, and the terminal information may include the location, mobility and some measurement index information of the terminal.
  • the measurement index information may include RSRP, and/or reference signal receiving quality (RSRQ), and/or signal to interference plus noise ratio, etc.
  • the reasoning module obtains terminal information accessing multiple cells managed by the RAN node from the RAN node, and the terminal information can be used as the first sample of the first task.
  • the management module sends a third indication message to the reasoning module.
  • the reasoning module receives the third indication message from the management module.
  • the third indication message may indicate the first task.
  • the third indication message may include the name or identifier of the first task.
  • the third indication message may also include the name or identifier of the model corresponding to the first task (such as the first model in S402).
  • the reasoning module may obtain the first sample of the first task according to the third indication message.
  • the management module may be the management module 203 shown in FIG. 2A.
  • the first task may also be preset in the reasoning module. In this way, the management module may not need to send the third indication information to the reasoning module.
  • the reasoning module sends first request information to the trusted module.
  • the trusted module receives the first request information from the reasoning module.
  • the first request information is used to indicate the first model corresponding to the first task and the first sample corresponding to the first task.
  • the first request information includes the name of the first model or the identifier of the first model, and the first sample.
  • the trusted module may be the trusted module 201 shown in FIG. 2A .
  • the trusted module determines whether the first sample is an adversarial sample based on the first model. Specifically, the trusted module can perturb the input within a certain range and determine whether the first sample is an adversarial sample based on the degree of change in the output result of the first model. Specifically, if the change in the output of the first model exceeds a preset threshold, the trusted module determines that the first sample is in an unstable area of the model and determines the first sample as an adversarial sample; if the sample is in a stable area of the first model, the trusted module determines that the first sample is a non-adversarial sample.
  • the trusted module obtains the robustness requirement of the first task, and the robustness requirement of the first task indicates the need to detect whether the sample corresponding to the first task is an adversarial sample. In this way, the trusted module can determine whether it is necessary to detect whether the sample corresponding to the first task is an adversarial sample based on the acquired robustness requirement of the first task.
  • the management module sends the robustness requirement of the first task to the trusted module.
  • the trusted module can receive the robustness requirement of the first task from the management module. It should be understood that different models can have different unstable areas, so the robustness requirements corresponding to different models of the same task can be the same or different. The robustness requirements corresponding to different tasks can be the same or different.
  • the robustness requirement of the first task may also indicate that there is no need to detect whether the first sample corresponding to the first task is an adversarial sample, and the trusted module does not detect whether the first sample is an adversarial sample.
  • the robustness requirement of the first task also indicates the robustness requirement of the output result of the first model corresponding to the first task.
  • the robustness requirement of the first task may include a first threshold.
  • the first threshold is a threshold for determining whether the first sample is in an unstable region of the first model. In this way, the trusted module can determine whether the first sample is an adversarial sample based on the first model and the robustness requirement.
  • the robustness requirement of the output result of the first model corresponding to the first task can be quantified by the above-mentioned first threshold.
  • the above-mentioned trusted module perturbs the input of the first sample, and determines whether the first sample is an adversarial sample based on whether the change in the output of the first model is greater than or equal to the first threshold.
  • the lower the robustness requirement the larger the first threshold, that is, the lower the standard for the trusted module to judge the first sample as an adversarial sample; the higher the robustness requirement, the smaller the first threshold, that is, the higher the standard for the trusted module to judge the first sample as an adversarial sample, the easier it is for the first sample to fall into the unstable area of the first model, and the easier it is for the first sample to be judged as an adversarial sample compared to the scenario with low robustness requirements.
  • the trusted module sends the execution strategy of the first task to the reasoning module.
  • the reasoning module receives the execution strategy of the first task from the trusted module.
  • the execution strategy of the first task is used to indicate a method of changing the first sample to a non-adversarial sample.
  • the method includes: replacing the first model; or, replacing the first sample; or, performing a first operation on the first sample.
  • the first operation includes at least one of the following: feature compression, sample denoising, or data smoothing.
  • the trusted module obtains first indication information.
  • the first indication information is used to indicate whether the first task has a backup sample, and/or the first indication information is used to indicate whether the first task has a backup model.
  • the reasoning module sends the first indication information to the trusted module.
  • the trusted module receives the first indication information from the reasoning module. In this way, the trusted module can determine the execution strategy of the first task based on the first indication information.
  • the management module can send fourth indication information to the reasoning module.
  • the fourth indication information can indicate whether the first task has a backup model. In this way, the reasoning module can send the first indication information to the trusted module after receiving the fourth indication information.
  • the first indication information may include the ID of the backup model to indicate to the trusted module that the first task has a backup model.
  • the backup model may be a different version of the first model, or the input or output of the backup model is similar to that of the first model, but the internal implementation of the backup model and the first model may be different.
  • the input of the backup model and the input of the first model (such as the first sample) may both include RAN node resource usage, terminal performance data, neighboring node resource usage and corresponding terminal performance, but the algorithm for load balancing of the backup model is different from that of the first model.
  • a RAN node may obtain models of load balancing use cases deployed by other RAN nodes from other RAN nodes except the RAN node, and use the obtained models as the backup models for the first task.
  • the content indicated by the first instruction information is different, and the execution strategy of the first task indicates a different way of changing the first sample to a non-adversarial sample.
  • Design 1 If the first indication information indicates that the first task has a backup sample, the execution strategy of the first task indicates to replace the first sample. In other words, if the first indication information indicates that the first task has a backup sample, the trusted module can instruct the reasoning module to change the first sample to a non-adversarial sample by replacing the first sample.
  • Design 2 If the first indication information indicates that the first task has a backup model, the execution strategy of the first task indicates to replace the first model. In other words, if the first indication information indicates that the first task has a backup model, the trusted module can instruct the reasoning module to change the first sample to a non-adversarial sample by replacing the first model.
  • the execution strategy of the first task may indicate all or part of the multiple backup models to indicate that model reasoning can be performed through these backup models.
  • the execution strategy of the first task may also include: a method for merging the reasoning results of multiple backup models, such as voting, weighted averaging, and other methods.
  • voting method is illustrated by taking the first task as a classification task as an example: voting may refer to the confidence of the result output after performing sample reasoning on the first sample according to multiple backup models, and selecting the result with the highest confidence as the classification result of the first sample.
  • weighted average may refer to the numerical value of the result output after performing sample reasoning on the first sample according to multiple backup models, and the numerical value after weighted averaging is used as the output result of the first task.
  • weight corresponding to the result output by each backup model may be preset, or the same, and this application does not limit it.
  • the reasoning module when the execution strategy of the first task indicates the replacement of the first model, receives second indication information from the communication node, wherein the second indication information is used to indicate the backup model of the first task.
  • the communication node may be a RAN node adjacent to the RAN node on which the first model is deployed, etc., without limitation.
  • the second indication information includes the backup model of the first task.
  • the second indication information includes the ID of the backup model of the first task, and the reasoning module may obtain the backup model corresponding to the ID of the backup model from the management module according to the ID of the backup model.
  • the reasoning module may request the communication node for the backup model of the first task, and the communication node sends the second indication information to the reasoning module based on the request of the reasoning module.
  • the reasoning module receives the second indication information from the communication node.
  • the reasoning module sends a first sample to a communication node.
  • the communication node stores a backup model for the first task.
  • the communication node can input the first sample into the backup model for the first task to obtain a reasoning result, and send the reasoning result to the reasoning module.
  • the reasoning module receives the reasoning result from the communication node.
  • the reasoning result is used to indicate a result obtained by reasoning based on the first sample and the backup model for the first task.
  • the communication node is a RAN node adjacent to the RAN node where the first model is deployed.
  • the first task can correspond to one or more backup models.
  • the reasoning module sends a first sample to this communication node to request the communication node to obtain the reasoning result of the backup model deployed on the communication node based on the first sample.
  • the reasoning module can also send the first sample to the above-mentioned different communication nodes respectively to request each of the above-mentioned different communication nodes to obtain the reasoning result of the backup model deployed on each communication node respectively based on the first sample.
  • the method of changing the first sample to a non-adversarial sample includes performing a first operation on the first sample.
  • the trusted module can change the first sample to a non-adversarial sample by performing the first operation on the first sample.
  • the trusted module can perform a first operation on the first sample to eliminate sample data that causes the first model to infer errors.
  • the trusted module can eliminate sample data that causes the first model to infer errors by performing feature compression, sample denoising, or data smoothing on the first sample, so that the sample obtained after performing the first operation is changed to a non-adversarial sample of the first model.
  • the specific method of the first operation i.e., feature compression, sample denoising, or data smoothing
  • the trusted module may select a suitable first operation according to the features of the first sample, or when the first task is a regression task, the first operation may be sample denoising or data smoothing, etc., without limitation.
  • sample denoising is to remove the noise in the sample.
  • Noise is an error or anomaly in the first sample.
  • Removing noise can avoid misleading the first model.
  • Feature compression can be a method of removing redundant information by selecting classification information or discriminant features in the data.
  • Data smoothing can process the first sample with severe data jitter to obtain a data sample with relatively stable values.
  • Design 1 to 3 are only examples of the correspondence between the first indication information and the execution strategy of the first task.
  • the first indication information and the execution strategy of the first task may have other correspondences.
  • the method of changing the first sample to a non-adversarial sample may also be replaced by performing the first operation on the first sample.
  • the priorities of the execution strategies may be arranged in order from high to low as follows: replacing the first sample, replacing the first model, and performing the first operation on the first sample.
  • the trusted module may determine the execution strategy of the first task according to the first strategy information. For example, the management module sends the first strategy information to the trusted module, and correspondingly, the trusted module receives the first strategy information from the management module.
  • the first strategy information indicates replacing the first model; or replacing the first sample; or performing the first operation on the first sample.
  • the trusted module when the management module indicates to the trusted module through the first policy information that the execution strategy of the first task indicates replacing the first model, the trusted module receives the first indication information from the reasoning module which also indicates that the first task has a backup model. The trusted module can determine the execution strategy of the first task to be replacing the first model.
  • the trusted module may send the strategy to the reasoning module so that the reasoning module performs corresponding operations according to the strategy.
  • the execution strategy of the first task further indicates that the first sample is an adversarial sample.
  • the execution strategy of the first task further indicates a sample obtained by performing the first operation on the first sample. If the trusted module can obtain multiple samples by performing the first operation on the first sample, the execution strategy of the first task can also indicate a method for merging the results obtained by the first model respectively reasoning on the multiple samples.
  • the merging method can be voting, weighted averaging, etc., wherein the specific method of voting or weighted averaging can refer to the explanation of the voting or weighted averaging process in Design 2, which will not be repeated here.
  • the trusted module determines the first sample as a non-adversarial sample, it can also be indicated through the execution strategy of the first task.
  • the execution strategy of the first task can be an empty message so that the reasoning module knows that the first sample is a non-adversarial sample.
  • the reasoning module can know that the first sample is an adversarial sample and the way to change the adversarial sample to a non-adversarial sample according to the execution strategy of the first task.
  • the reasoning module can input the first sample into the backup model to perform model reasoning. If the execution strategy of the first task includes a method for merging the reasoning results of multiple backup models, the reasoning module can determine the reasoning results of multiple candidate models according to the method for merging the reasoning results of multiple backup models, and then determine the final output result according to the reasoning results of multiple candidate models.
  • the first task is a load balancing use case as an example for explanation.
  • the backup model includes backup model 1 and backup model 2, and the method for merging the reasoning results of backup model 1 and backup model 2 is voting
  • the reasoning module can input the first sample into backup model 1 and backup model 2 respectively for model reasoning, obtain the reasoning results of backup model 1 and the reasoning results of backup model 2, and take the cell load balancing solution with the least terminal scheduling as the final result.
  • the reasoning module can obtain the second model corresponding to the first task, and request the trusted module to determine whether the first sample is an adversarial sample of the second model.
  • the corresponding descriptions in S407 to S408 below and will not be repeated here.
  • the reasoning module can obtain the second sample corresponding to the first task, and request the trusted module to determine whether the second sample is an adversarial sample of the first model.
  • the reasoning module can obtain the second sample corresponding to the first task, and request the trusted module to determine whether the second sample is an adversarial sample of the first model.
  • the reasoning module can input the received sample into the first model for model reasoning. If multiple samples are obtained by performing the first operation on the first sample, and the execution strategy of the first task also indicates a method for merging the multi-sample reasoning results corresponding to the multiple samples, the reasoning module can input each sample into the first model and merge the results obtained by reasoning the multiple samples in this way.
  • the trusted module determines the execution strategy of the first task based on the first indication information, thereby changing the first sample to a non-adversarial sample, so that the model corresponding to the first task can output correct results, thereby reducing the error rate of model reasoning.
  • the trusted module may also obtain a second sample corresponding to the first task, and determine whether the second sample is an adversarial sample according to the first model, so as to reduce the error rate of the first model reasoning.
  • the method shown in FIG4 also includes the following steps:
  • the trusted module obtains a second sample corresponding to the first task.
  • the trusted module can obtain a second sample corresponding to the first task through the reasoning module.
  • the second sample is a backup sample for the first task.
  • the reasoning module learns that the first sample is an adversarial sample of the first model according to the execution strategy of the first task, and after replacing the first sample, instructs the RAN node to collect the sparse beam scanning results on the terminal side, and the RAN node indicates a set of sparse beam scanning results (i.e., the second sample) fed back by the terminal to the reasoning module. Subsequently, the reasoning module can send the scanning result to the trusted module.
  • S405 The trusted module determines whether the second sample is an adversarial sample according to the first model.
  • the trusted module determines whether the second sample is an adversarial sample of the first model. If the second sample is a non-adversarial sample of the first model, the trusted module can indicate the result to the reasoning module, and the reasoning module can reason on the first sample according to the second model to obtain the reasoning result. If the second sample is an adversarial sample of the first model, the trusted module can redetermine the execution strategy of the first task (for example, the strategy is to replace other spare samples) and send the strategy to the reasoning module to reduce the error rate of the first model.
  • the specific process can be referred to S403 and will not be repeated here.
  • the trusted module may also obtain the second model corresponding to the first task, and determine whether the first sample is an adversarial sample according to the second model, so as to reduce the error rate of the first model reasoning.
  • the method shown in FIG4 also includes the following steps:
  • the trusted module obtains a second model corresponding to the first task.
  • the trusted module may obtain the second model corresponding to the first task through the reasoning module, and the reasoning module may use the alternative model indicated by the management module in the fourth indication information as the second model.
  • the trusted module determines whether the first sample is an adversarial sample according to the second model.
  • the specific process of the trusted module determining whether the first sample is an adversarial sample of the second model can be referred to S403 and will not be described in detail.
  • the trusted module confirms that the first sample is a non-adversarial sample of the second model
  • the result can be indicated to the reasoning module, and the reasoning module can reason about the first sample according to the second model to obtain a reasoning result.
  • the trusted module confirms that the first sample is an adversarial sample of the second model and indicates the result to the reasoning module, if the reasoning module can obtain other backup models of the first task, it can continue to let the trusted module confirm whether the first sample is an adversarial sample of other backup models of the first task.
  • the trusted module can also instruct the reasoning module to perform the first operation on the first sample; or in the case of a backup sample of the second model, the trusted module can instruct to replace the first sample, without limitation.
  • the present application also provides a communication device, which can be a trusted module in the above method embodiment, or a device including the above trusted module, or a component that can be used for the trusted module; or, the communication device can be a reasoning module in the above method embodiment, or a device including the above reasoning module, or a component that can be used for the reasoning module.
  • the above trusted module or reasoning module, etc. includes a hardware structure and/or software module corresponding to each function.
  • the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a function is executed in the form of hardware or computer software driving hardware depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to exceed the scope of the present application.
  • the present application can divide the trusted module and the reasoning module into functional modules according to the above method examples.
  • each functional module can be divided according to each function, or two or more functions can be integrated into one processing module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It can be understood that the division of modules in the present application is schematic and is only a logical function division. There may be other division methods in actual implementation.
  • FIG6 shows a schematic diagram of the structure of a communication device 60.
  • the communication device 60 includes an interface module 601 and a processing module 602.
  • the interface module 601 which may also be referred to as an interface unit, is used to perform transceiver operations, such as an interface circuit, a transceiver, a transceiver or a communication interface.
  • the communication device 60 may further include a storage module (not shown in FIG. 6 ) for storing program instructions and data.
  • the communication device 60 is used to implement the function of the trusted module.
  • the communication device 60 is, for example, the trusted module of the embodiment shown in FIG. 4 or the embodiment shown in FIG. 5 .
  • the interface module 601 is used to receive first request information.
  • the first request information is used to indicate a first model corresponding to a first task and a first sample corresponding to the first task.
  • the interface module 601 can be used to execute S402.
  • the processing module 602 is used to control the interface module 601 to send the execution strategy of the first task when the first sample is an adversarial sample of the first model.
  • the execution strategy of the first task is used to indicate a method of changing the first sample to a non-adversarial sample.
  • the processing module 602 can be used to execute S403.
  • the manner of changing the first sample to a non-adversarial sample includes: replacing the first model; or replacing the first sample; or performing a first operation on the first sample.
  • the processing module 602 is also used to obtain first indication information, where the first indication information is used to indicate whether the first task has a backup sample and/or whether the first task has a backup model; and determine an execution strategy for the first task based on the first indication information.
  • the first indication information indicates that the first task has a backup sample, and the execution strategy of the first task indicates replacing the first sample; or, the first indication information indicates that the first task has a backup model, and the execution strategy of the first task indicates replacing the first model; the first indication information indicates that the first task has neither a backup sample nor a backup model, and the execution strategy of the first task indicates performing a first operation on the first sample.
  • the first operation includes at least one of the following: feature compression, sample denoising, or data smoothing.
  • the execution strategy of the first task indicates replacing the first sample
  • the processing module 602 is further used to obtain a second sample corresponding to the first task; and determine whether the second sample is an adversarial sample according to the first model.
  • the execution strategy of the first task indicates replacing the first model
  • the processing module 602 is further used to obtain a second model corresponding to the first task; and determine whether the first sample is an adversarial sample according to the second model.
  • the processing module 602 is further configured to receive first policy information, where the first policy information indicates an execution policy of the first task.
  • the processing module 602 is further used to obtain the robustness requirement of the first task, where the robustness requirement of the first task indicates that it is necessary to detect whether the first sample corresponding to the first task is an adversarial sample; the processing module 602 is further used to determine whether the first sample is an adversarial sample based on the first model.
  • the robustness requirement of the first task also indicates the robustness requirement of the output result of the first model corresponding to the first task; the processing module 602 is specifically used to determine whether the first sample is an adversarial sample based on the first model and the robustness requirement.
  • the communication device 60 is used to implement the function of the reasoning module.
  • the communication device 60 is, for example, the reasoning module of the embodiment shown in FIG4 or the embodiment shown in FIG5.
  • the processing module 602 is used to obtain a first sample of a first task.
  • the processing module 602 can be used to execute S401.
  • the interface module 601 is used to send a first request message, wherein the first request message indicates a first sample of a first task and a first model of the first task.
  • the interface module 601 can be used to execute S402.
  • the interface module 601 is further used to receive an execution strategy of the first task, where the execution strategy of the first task indicates a method for changing the first sample into a non-adversarial sample.
  • the interface module 601 can be used to execute S403.
  • changing the first sample to a non-adversarial sample includes: replacing the first model; or, replacing the first sample; or, performing a first operation on the first sample.
  • the interface module 601 is also used to send a first indication information, where the first indication information is used to indicate whether the first task has a backup sample, and/or the first indication information is used to indicate whether the first task has a backup model, and the first indication information is used to determine the execution strategy of the first task.
  • the first operation includes at least one of the following: feature compression, sample denoising, or data smoothing.
  • the execution strategy of the first task indicates replacing the first model
  • the interface module 601 is further used to receive second indication information from the communication node, where the second indication information is used to indicate a backup model for the first task.
  • the execution strategy of the first task indicates replacing the first model
  • the interface module 601 is also used to send the first sample to the communication node; the interface module 601 is also used to receive the inference result from the communication node, and the inference result is used to indicate the result obtained by reasoning based on the first sample and the backup model of the first task.
  • the interface module 601 is further configured to receive a robustness requirement of the first task, where the robustness requirement of the first task indicates that it is necessary to detect whether a sample corresponding to the first task is an adversarial sample.
  • the robustness requirement of the first task also indicates the robustness requirement of the output result of the model of the first task.
  • the execution strategy of the first task is further used to indicate that the first sample is an adversarial sample.
  • the communication device 60 may be in the form shown in Figure 3.
  • the processor 301 in Figure 3 may call the computer-executable instructions stored in the memory 303 to enable the communication device 60 to execute the method described in the above embodiment.
  • the functions/implementation processes of the interface module 601 and the processing module 602 in FIG6 can be implemented by the processor 301 in FIG3 calling the computer execution instructions stored in the memory 303.
  • the functions/implementation processes of the processing module 602 in FIG6 can be implemented by the processor 301 in FIG3 calling the computer execution instructions stored in the memory 303
  • the functions/implementation processes of the interface module 601 in FIG6 can be implemented by the communication interface 304 in FIG3.
  • one or more of the above modules or units can be implemented by software, hardware or a combination of the two.
  • the software exists in the form of computer program instructions and is stored in a memory, and the processor can be used to execute the program instructions and implement the above method flow.
  • the processor can be built into an SoC (system on chip) or an ASIC, or it can be an independent semiconductor chip.
  • SoC system on chip
  • ASIC application specific integrated circuit
  • it can further include necessary hardware accelerators, such as field programmable gate arrays (FPGA), PLDs (programmable logic devices), or logic circuits that implement dedicated logic operations.
  • FPGA field programmable gate arrays
  • PLDs programmable logic devices
  • the hardware can be any one or any combination of a CPU, a microprocessor, a digital signal processing (DSP) chip, a microcontroller unit (MCU), an artificial intelligence processor, an ASIC, a SoC, an FPGA, a PLD, a dedicated digital circuit, a hardware accelerator or a non-integrated discrete device, which can run the necessary software or not rely on the software to execute the above method flow.
  • DSP digital signal processing
  • MCU microcontroller unit
  • an artificial intelligence processor an ASIC
  • SoC SoC
  • FPGA field-programmable gate array
  • PLD programmable gate array
  • a dedicated digital circuit a hardware accelerator or a non-integrated discrete device
  • the present application also provides a chip system, including: at least one processor and an interface, the at least one processor is coupled to a memory through the interface, and when the at least one processor executes a computer program or instruction in the memory, the method in any of the above method embodiments is executed.
  • the chip system also includes a memory.
  • the chip system can be composed of a chip, or it can include a chip and other discrete devices, which is not specifically limited in the present application.
  • the present application also provides a computer-readable storage medium. All or part of the processes in the above method embodiments can be completed by a computer program to instruct the relevant hardware, and the program can be stored in the above computer-readable storage medium. When the program is executed, it can include the processes of the above method embodiments.
  • the computer-readable storage medium can be an internal storage unit of the communication device of any of the above embodiments, such as a hard disk or memory of the communication device.
  • the above computer-readable storage medium can also be an external storage device of the above communication device, such as a plug-in hard disk, a smart memory card (smart media card, SMC), a secure digital (secure digital, SD) card, a flash card (flash card), etc. equipped on the above communication device.
  • the above computer-readable storage medium can also include both the internal storage unit of the above communication device and an external storage device.
  • the above computer-readable storage medium is used to store the above computer program and other programs and data required by the above communication device.
  • the above computer-readable storage medium can also be used to temporarily store data that has been output or is to be output.
  • the present application also provides a computer program product. All or part of the processes in the above method embodiments can be completed by a computer program to instruct related hardware, and the program can be stored in the above computer program product. When the program is executed, it can include the processes of the above method embodiments.
  • the present application also provides a computer instruction. All or part of the processes in the above method embodiments can be completed by computer instructions to instruct related hardware (such as a computer, a processor, a trusted module or an inference module, etc.).
  • the program can be stored in the above computer-readable storage medium or in the above computer program product.
  • the present application further provides a communication system, comprising: the trusted module and the reasoning module in the above embodiment.
  • the communication system further comprises: a management module.
  • the disclosed devices and methods can be implemented in other ways.
  • the device embodiments described above are only schematic.
  • the division of the modules or units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another device, or some features can be ignored or not executed.
  • Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components shown as units may be one physical unit or multiple physical units, that is, they may be located in one place or distributed in multiple different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the present embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit may be implemented in the form of hardware or in the form of software functional units.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Mathematical Physics (AREA)
  • Artificial Intelligence (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente demande se rapporte au domaine technique de l'intelligence artificielle. La demande concerne un procédé et un appareil pour déterminer une politique d'exécution de tâche. Dans le procédé, un module de confiance peut recevoir des premières informations de demande pour indiquer un premier modèle correspondant à une première tâche et un premier exemple correspondant à la première tâche, et lorsque le premier exemple est un exemple contradictoire du premier modèle, le module de confiance peut envoyer une politique d'exécution pour la première tâche. La politique d'exécution pour la première tâche est utilisée pour indiquer un mode de conversion du premier exemple en un exemple non antagoniste. Étant donné que la politique d'exécution pour la première tâche peut indiquer le mode de conversion du premier exemple en l'exemple non antagoniste, le problème d'une erreur d'inférence de modèle provoquée par l'exemple contradictoire peut être amélioré, de telle sorte que le taux d'erreur dans l'inférence de modèle est réduit.
PCT/CN2024/132767 2023-12-20 2024-11-18 Procédé et appareil pour déterminer une politique d'exécution de tâche Pending WO2025130470A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202311769643.8A CN120179349A (zh) 2023-12-20 2023-12-20 确定任务执行策略的方法和装置
CN202311769643.8 2023-12-20

Publications (1)

Publication Number Publication Date
WO2025130470A1 true WO2025130470A1 (fr) 2025-06-26

Family

ID=96032483

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2024/132767 Pending WO2025130470A1 (fr) 2023-12-20 2024-11-18 Procédé et appareil pour déterminer une politique d'exécution de tâche

Country Status (2)

Country Link
CN (1) CN120179349A (fr)
WO (1) WO2025130470A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110741388A (zh) * 2019-08-14 2020-01-31 东莞理工学院 对抗样本检测方法、装置、计算设备及计算机存储介质
WO2021143478A1 (fr) * 2020-01-15 2021-07-22 上海风报信息科技有限公司 Procédé et appareil permettant d'identifier un échantillon antagoniste pour protéger la sécurité d'un modèle
CN115223127A (zh) * 2022-07-29 2022-10-21 重庆长安汽车股份有限公司 车辆的自动驾驶感知方法、装置、车辆及存储介质
CN115600107A (zh) * 2022-10-21 2023-01-13 浙江大华技术股份有限公司(Cn) 一种对抗攻击的防御方法、装置及电子设备
CN116304923A (zh) * 2023-02-24 2023-06-23 武汉大学 基于分治策略的对抗样本检测方法及设备

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110741388A (zh) * 2019-08-14 2020-01-31 东莞理工学院 对抗样本检测方法、装置、计算设备及计算机存储介质
WO2021143478A1 (fr) * 2020-01-15 2021-07-22 上海风报信息科技有限公司 Procédé et appareil permettant d'identifier un échantillon antagoniste pour protéger la sécurité d'un modèle
CN115223127A (zh) * 2022-07-29 2022-10-21 重庆长安汽车股份有限公司 车辆的自动驾驶感知方法、装置、车辆及存储介质
CN115600107A (zh) * 2022-10-21 2023-01-13 浙江大华技术股份有限公司(Cn) 一种对抗攻击的防御方法、装置及电子设备
CN116304923A (zh) * 2023-02-24 2023-06-23 武汉大学 基于分治策略的对抗样本检测方法及设备

Also Published As

Publication number Publication date
CN120179349A (zh) 2025-06-20

Similar Documents

Publication Publication Date Title
US11290344B2 (en) Policy-driven method and apparatus
US10966108B2 (en) Optimizing radio cell quality for capacity and quality of service using machine learning techniques
KR20240134018A (ko) 모델 구성 방법 및 장치
US20230344717A1 (en) Policy conflict management method, apparatus, and system
US12520168B2 (en) Network data analysis method, functional entity and electronic device
CN111586740B (zh) 最小化路测技术配置方法和基站
EP4250802A1 (fr) Optimisation d'attribution d'identifiant de cellule physique dans un réseau de communication sans fil
US20200029321A1 (en) Method for user equipment capability negotiation, user equipment and base station
KR20240134185A (ko) 근본 원인 오류 결정 방법 및 장치
WO2021233224A1 (fr) Procédé, appareil et système de traitement de défaillance
WO2021159415A1 (fr) Procédé, appareil et système de communication
WO2022170921A1 (fr) Procédé, appareil et système d'acquisition d'informations de problème de réseau
CN115866634B (zh) 一种网络性能异常分析方法、装置及可读存储介质
CN115915218A (zh) 一种意图冲突处理方法、装置及可读存储介质
WO2025130470A1 (fr) Procédé et appareil pour déterminer une politique d'exécution de tâche
US20250220458A1 (en) Systems and methods for dynamic local network policies based on access network metrics
CN116846733B (zh) 基于5g网络切片的实例级服务故障监控系统和方法
US10945155B2 (en) Method and apparatus for transmitting buffer status report
US20250371370A1 (en) Interruption avoidance during model training when using federated learning
CN115336311B (zh) 一种网络自动化管理方法及装置
EP4120075A1 (fr) Dispositifs et procédés de traitement des événements associés au réseau
US20260052423A1 (en) Intent monitoring method and monitoring apparatus
US20250337641A1 (en) Service provisioning anomaly detection in wireless communication networks
US11337082B2 (en) Wireless backhaul connection method and device
EP4539418A1 (fr) Procédé de communication et appareil

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24905955

Country of ref document: EP

Kind code of ref document: A1