网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (5): 36-53.doi: 10.11959/j.issn.2096-109x.2020071

• 学术论文 • 上一篇    

深度学习中的对抗攻击与防御

刘西蒙1,2(),谢乐辉1,王耀鹏1,李旭如3   

  1. 1 福州大学数学与计算机科学学院,福建 福州 350108
    2 广东省数据安全与隐私保护重点实验室,广东 广州 510632
    3 华东师范大学计算机与科学学院,上海 200241
  • 修回日期:2020-05-12 出版日期:2020-10-01 发布日期:2020-10-19
  • 作者简介:刘西蒙(1988- ),男,陕西西安人,博士,福州大学研究员、博士生导师,主要研究方向为隐私计算、密文数据挖掘、大数据隐私保护、可搜索加密|谢乐辉(1997- ),男,福建建瓯人,福州大学硕士生,主要研究方向为人工智能安全|王耀鹏(1995- ),男,福建泉州人,福州大学硕士生,主要研究方向为人工智能安全|李旭如(1995- ),女,安徽宣城人,华东师范大学博士生,主要研究方向为无线通信网络、网络空间安全
  • 基金资助:
    国家自然科学基金(U1804263);国家自然科学基金(61702105);广东省数据安全与隐私保护重点实验室开放项目(2017B030301004-12);陕西省重点研发项目(2019KW-053)

Adversarial attacks and defenses in deep learning

Ximeng LIU1,2(),Lehui XIE1,Yaopeng WANG1,Xuru LI3   

  1. 1 College of Mathematics and Computer Science,Fuzhou University,Fuzhou 350108,China
    2 Guangdong Provincial Key Laboratory of Data Security and Privacy Protection,Guangzhou 510632,China
    3 School of Computer Science and Technology,East China Normal University,Shanghai 200241,China
  • Revised:2020-05-12 Online:2020-10-01 Published:2020-10-19
  • Supported by:
    The National Natural Science Foundation of China(U1804263);The National Natural Science Foundation of China(61702105);Opening Project of Guangdong Provincial Key Laboratory of Data Security and Privacy Protection(2017B030301004-12);The Key Research and Development Program of Shaanxi Province,China(2019KW-053)

摘要:

对抗样本是被添加微小扰动的原始样本,用于误导深度学习模型的输出决策,严重威胁到系统的可用性,给系统带来极大的安全隐患。为此,详细分析了当前经典的对抗攻击手段,主要包括白盒攻击和黑盒攻击。根据对抗攻击和防御的发展现状,阐述了近年来国内外的相关防御策略,包括输入预处理、提高模型鲁棒性、恶意检测。最后,给出了未来对抗攻击与防御领域的研究方向。

关键词: 对抗样本, 对抗攻击, 对抗防御, 深度学习安全

Abstract:

The adversarial example is a modified image that is added imperceptible perturbations,which can make deep neural networks decide wrongly.The adversarial examples seriously threaten the availability of the system and bring great security risks to the system.Therefore,the representative adversarial attack methods were analyzed,including white-box attacks and black-box attacks.According to the development status of adversarial attacks and defenses,the relevant domestic and foreign defense strategies in recent years were described,including pre-processing,improving model robustness,malicious detection.Finally,future research directions in the field of adversarial attacks and adversarial defenses were given.

Key words: adversarial examples, adversarial attacks, adversarial defenses, deep learning security

中图分类号: 

No Suggested Reading articles found!