[1] |
SZEGEDY C , ZAREMBA W , SUTSKEVER I ,et al. Intriguing properties of neural networks[J]. arXiv preprint arXiv:1312.6199, 2013.
|
[2] |
XU K D , ZHANG G Y , LIU S J ,et al. Adversarial T-shirt evading person detectors in a physical world[C]// Proceedings of Computer Vision - ECCV 2020. 2020: 665-681.
|
[3] |
HE K M , ZHANG X Y , REN S Q ,et al. Deep residual learning for image recognition[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition. 2016: 770-778.
|
[4] |
SZEGEDY C , VANHOUCKE V , IOFFE S ,et al. Rethinking the inception architecture for computer vision[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition. 2016: 2818-2826.
|
[5] |
HINTON G E , VINYALS O , DEAN J . Distilling the knowledge in a neural network[J]. arXiv preprint arXiv:1503.02531, 2015.
|
[6] |
ZHOU B L , KHOSLA A , LAPEDRIZA A ,et al. Learning deep features for discriminative localization[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition. 2016: 2921-2929.
|
[7] |
易平, 王科迪, 黄程 ,等. 人工智能对抗攻击研究综述[J]. 上海交通大学学报, 2018,52(10): 1298-1306.
|
|
YI P , WANG K D , HUANG C ,et al. Adversarial attacks in artificial intelligence:a survey[J]. Journal of Shanghai Jiao Tong University, 2018,52(10): 1298-1306.
|
[8] |
王科迪, 易平 . 人工智能对抗环境下的模型鲁棒性研究综述[J]. 信息安全学报, 2020,5(3): 13-22.
|
|
WANG K D , YI P . A survey on model robustness under adversarial example[J]. Journal of Cyber Security, 2020,5(3): 13-22.
|
[9] |
GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples[J]. arXiv preprint arXiv:1412.6572, 2014.
|
[10] |
KURAKIN A , GOODFELLOW I , BENGIO S . Adversarial machine learning at scale[J]. arXiv preprint arXiv:1611.01236, 2016.
|
[11] |
DONG Y P , LIAO F Z , PANG T Y ,et al. Boosting adversarial attacks with momentum[C]// Proceedings of 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2018: 9185-9193.
|
[12] |
MADRY A , MAKELOV A , SCHMIDT L ,et al. Towards deep learning models resistant to adversarial attacks[J]. arXiv preprint arXiv:1706.06083, 2017.
|
[13] |
MOOSAVI-DEZFOOLI S M , FAWZI A , FROSSARD P . DeepFool:a simple and accurate method to fool deep neural networks[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition. 2016: 2574-2582.
|
[14] |
SU J W , VARGAS D V , SAKURAI K . One pixel attack for fooling deep neural networks[J]. IEEE Transactions on Evolutionary Computation, 2019,23(5): 828-841.
|
[15] |
CARLINI N , WAGNER D . Towards evaluating the robustness of neural networks[C]// Proceedings of 2017 IEEE Symposium on Security and Privacy. 2017: 39-57.
|
[16] |
KANNAN H , KURAKIN A , GOODFELLOW I . Adversarial logit pairing[J]. arXiv preprint arXiv:1803.06373, 2018.
|
[17] |
WANG Y , ZOU D , YI J ,et al. Improving adversarial robustness requires revisiting misclassified examples[C]// Proceedings of International Conference on Learning Representations. 2019.
|
[18] |
XIE C , WANG J , ZHANG Z ,et al. Mitigating adversarial effects through randomization[J]. arXiv preprint arXiv:1711.01991, 2017.
|
[19] |
XIE C H , WU Y X , VAN DER MAATEN L ,et al. Feature denoising for improving adversarial robustness[C]// Proceedings of 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2019: 501-509.
|
[20] |
XU W L , EVANS D , QI Y J . Feature squeezing:detecting adversarial examples in deep neural networks[J]. arXiv preprint arXiv:1704.01155, 2017.
|
[21] |
MA S Q , LIU Y Q , TAO G H ,et al. Nic:detecting adversarial samples with neural network invariant checking[C]// Proceedings of the 26th Network and Distributed System Security Symposium (NDSS 2019). 2019.
|
[22] |
GOLDBLUM M , FOWL L , FEIZI S ,et al. Adversarially robust distillation[J]. Proceedings of the AAAI Conference on Artificial Intelligence, 2020,34(4): 3996-4003.
|
[23] |
SHAFAHI A , SAADATPANAH P , ZHU C ,et al. Adversarially robust transfer learning[J]. arXiv preprint arXiv:1905.08232, 2019.
|
[24] |
SHAFAHI A , NAJIBI M , GHIASI A ,et al. Adversarial training for free![J]. arXiv preprint arXiv:1904.12843, 2019.
|
[25] |
SELVARAJU R R , COGSWELL M , DAS A ,et al. Grad-CAM:visual explanations from deep networks via gradient-based localization[J]. International Journal of Computer Vision, 2020,128(2): 336-359.
|
[26] |
CHATTOPADHAY A , SARKAR A , HOWLADER P ,et al. Grad-CAM++:generalized gradient-based visual explanations for deep convolutional networks[C]// Proceedings of 2018 IEEE Winter Conference on Applications of Computer Vision. 2018: 839-847.
|
[27] |
WANG Y D , ZHANG J , KAN M N ,et al. Self-supervised equivariant attention mechanism for weakly supervised semantic segmentation[C]// Proceedings of 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2020: 12272-12281.
|
[28] |
LIN M , CHEN Q , YAN S . Network in network[J]. arXiv preprint arXiv:1312.4400, 2013.
|
[29] |
BOTTOU L , . Large-scale machine learning with stochastic gradient descent[C]// Proceedings of COMPSTAT'2010. 2010.
|