图像对抗样本研究综述  被引量：12

作　　者：陈梦轩 张振永 纪守领 魏贵义 邵俊[1] CHEN Meng-xuan;ZHANG Zhen-yong;JI Shou-ling;WEI Gui-yi;SHAO Jun(School of Computer and Information Engineering,Zhejiang Gongshang University,Hangzhou 310018,China;College of Computer Science and Technology,Zhejiang University,Hangzhou 310058,China;School of Information and Electronic Engineering,Zhejiang Gongshang University,Hangzhou 310018,China;Sussex Artificial Intelligence Institute,Zhejiang Gongshang University,Hangzhou 310018,China)

机构地区：[1]浙江工商大学计算机与信息工程学院,杭州310018 [2]浙江大学计算机科学与技术学院,杭州310058 [3]浙江工商大学信息与电子工程学院,杭州310018 [4]浙江工商大学萨塞克斯人工智能学院,杭州310018

出　　处：《计算机科学》2022年第2期92-106,共15页Computer Science

基　　金：国家重点研发计划(2019YFB1804500);国家自然科学基金(U1709217)。

摘　　要：随着深度学习理论的发展,深度神经网络取得了一系列突破性进展,相继在多个领域得到了应用。其中,尤其以图像领域中的应用(如图像分类)最为普及与深入。然而,研究表明深度神经网络存在着诸多安全隐患,尤其是来自对抗样本的威胁,严重影响了图像分类的应用效果。因此,图像对抗样本的研究近年来越来越受到重视,研究者们从不同的角度对其进行了研究,相关研究成果也层出不穷,呈井喷之态。首先介绍了图像对抗样本的相关概念和术语,回顾并梳理了图像对抗样本攻击和防御方法的相关研究成果。特别是,根据攻击者的能力以及防御方法的基本思路对其进行了分类,并给出了不同类别的特点及存在的联系。接着,对图像对抗攻击在物理世界中的情况进行了简要阐述。最后,总结了图像对抗样本领域仍面临的挑战,并对未来的研究方向进行了展望。With the development of deep learning theory,deep neural network has made a series of breakthrough progress and has been widely applied in various fields.Among them,applications in the image field such as image classification are the most popular.However,research suggests that deep neural network has many security risks,especially the threat from adversarial examples,which seriously hinder the application of image classification.To address this challenge,many research efforts have recently been dedicated to adversarial examples in images,and a large number of research results have come out.This paper first introduces the relative concepts and terms of adversarial examples in images,reviews the adversarial attack methodsand defense me-thods based on the existing research results.In particular,it classifies them according to the attacker’s ability and the train of thought in defense methods.This paper also analyzes the characteristics and the connections of different categories.Secondly,it briefly describes the adversarial attacks in the physical world.In the end,it discusses the challenges of adversarial examples in images and the potential future research directions.

关 键 词：深度学习 图像领域 对抗样本 对抗攻击 防御方法 物理世界 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]