[1] |
SIMONVAN K , ZISSERMAN A . Very deep convolutional networks for large-scale image recognition[C]// Proceedings of 3rd International Conference on Learning Representations (ICLR 2015). 2015.
|
[2] |
EYKHOLT K , EVTIMOV I , FERNANDES E ,et al. Robust physical-world attacks on deep learning visual classification[C]// Proceedings of 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2018.
|
[3] |
SZEGEDY C , ZAREMBA W , SUTSKEVER I ,et al. Intriguing properties of neural networks[C]// Proceedings of 2nd International Conference on Learning Representations (ICLR 2014). 2014.
|
[4] |
SHARIF M , BHAGAVATULA S , BAUER L ,et al. Accessorize to a crime:Real and stealthy attacks on state-of-the-art face recognition[C]// Proceedings of the 2016 ACM SIGSAC Conference. 2016.
|
[5] |
PRASAD A , SUGGALA A S , BALAKRISHNAN S ,et al. Robust estimation via robust gradient estimation[J]. Journal of the Royal Statistical Society Series B, 2020,82(3): 601-627.
|
[6] |
宋蕾, 马春光, 段广晗 . 机器学习安全及隐私保护研究进展[J]. 网络与信息安全学报, 2018,4(8): 1-11.
|
|
SONG L , MA C G , DUAN G H . Machine learning security and privacy:a survey[J]. Chinese Journal of Network and Information Security, 2018,4(8): 1-11.
|
[7] |
GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples[C]// Proceedings of 3rd International Conference on Learning Representations (ICLR 2015). 2015.
|
[8] |
KURAKIN A , GOODFELLOW I J , BENGIO S . Adversarial examples in the physical world[C]// Proceedings of 5th International Conference on Learning Representations (ICLR 2017). 2017.
|
[9] |
MOOSAVI-DEZFOOLI S , FAWZI A , FROSSARD P . DeepFool:a simple and accurate method to fool deep neural networks[C]// Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition. 2016: 2574-2582.
|
[10] |
CARLINI N , WAGNER D . Towards evaluating the robustness of neural networks[C]// Proceedings of 2017 IEEE Symposium on Security and Privacy (SP). 2017.
|
[11] |
LECUN Y , BOTTOU L . Gradient-based learning applied to document recognition[C]// Proceedings of the IEEE. 1998: 2278-2324.
|
[12] |
SZEGEDY C , LIU W , JIA Y ,et al. Going deeper with convolutions[C]// Proceedings of IEEE Conference on Computer Vision and Pattern Recognition (CVPR 2015). 2015.
|
[13] |
刘西蒙, 谢乐辉, 王耀鹏 ,等. 深度学习中的对抗攻击与防御[J]. 网络与信息安全学报, 2020,6(5): 36-53.
|
|
LIU X M , XIE L H , WANG Y P ,et al. Adversarial at tacks and defenses in deep learning[J]. Chinese Journal of Network and Information Security, 2020,6(5): 36-53.
|
[14] |
DZIUGAITE G K , GHAHRAMANI Z , ROY D M . A study of the effect of JPG compression on adversarial images[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 2016.
|
[15] |
严飞, 张铭伦, 张立强 . 基于边界值不变量的对抗样本检测方法[J]. 网络与信息安全学报, 2020,6(1): 38-45.
|
|
YAN F , ZHANG M L , ZHANG L Q . Adversarial examples detection method based on boundary values invariants[J]. Chinese Journal of Network and Information Security, 2020,6(1): 38-45.
|
[16] |
LU J . No need to worry about adversarial examples in object detection in autonomous vehicles[EB].
|
[17] |
GUO C , RANA M , CISSE M ,et al. Countering adversarial images using input transformations[C]// The 6th International Conference on Learning Representations (ICLR 2018). 2018.
|
[18] |
EFROS A A , FREEMAN W T . Image quilting for texture synthesis and transfer[C]// Proceedings of the ACM SIGGRAPH Conference on Computer Graphics. 2001: 341-346.
|
[19] |
BOYKOV Y , VEKSLER O , ZABIH R . Fast approximate energy minimization via graph cuts[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2001,23(11): 1222-1239.
|