深度学习模型的后门攻击研究综述  被引量：1

作　　者：应宗浩 吴槟 YING Zonghao;WU Bin(State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100085,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China)

机构地区：[1]中国科学院信息工程研究所信息安全国家重点实验室,北京100085 [2]中国科学院大学网络空间安全学院,北京100049

出　　处：《计算机科学》2023年第3期333-350,共18页Computer Science

基　　金：国家自然科学基金(U1936119,62272007);海南省重大科技计划(ZDKJ2019003);中国国家铁路集团有限公司科技研究开发计划项目(N2021W003,N2021W004)。

摘　　要：近年来,以深度学习为代表的人工智能在理论与技术上取得了重大进展,在数据、算法、算力的强力支撑下,深度学习受到空前的重视,并被广泛应用于各领域。与此同时,深度学习自身的安全问题也引起了广泛的关注。研究者发现深度学习存在诸多安全隐患,其中在深度学习模型安全方面,研究者对后门攻击这种新的攻击范式进行广泛探索,深度学习模型在全生命周期中都可能面临后门攻击威胁。首先分析了深度学习面临的安全威胁,在此基础上给出后门攻击技术的相关背景及原理,并对与之相近的对抗攻击、数据投毒攻击等攻击范式进行区分。然后对近年来有关后门攻击的研究工作进行总结与分析,根据攻击媒介将攻击方案分为基于数据毒化、基于模型毒化等类型,随后详细介绍了后门攻击针对各类典型任务及学习范式的研究现状,进一步揭示后门攻击对深度学习模型的威胁。随后梳理了将后门攻击特性应用于积极方面的研究工作。最后总结了当前后门攻击领域面临的挑战,并给出未来有待深入研究的方向,旨在为后续研究者进一步推动后门攻击和深度学习安全的发展提供有益参考。In recent years,artificial intelligence represented by deep learning has made breakthroughs in theories and technologies.With the strong support of data,algorithms and computing power,deep learning has received unprecedented attention and has been widely used in various fields,bringing great improvements to the corresponding fields.With the wide application of deep learning technology in various fields including security critical ones,the security issue of deep learning has attracted more and more attention.Researchers have found many security risks in deep learning systems.In terms of the security of deep learning models,researchers have extensively explored the new attack paradigm of backdoor attack.Backdoor attack can threaten deep learning models throughout their whole life cycle.A large number of researchers have proposed series of attack scheme from different angles.This paper takes the security threats of deep learning system as a starting point,introduces the current attack paradigms.On this basis,it gives the back-ground and principle of backdoor attack,distinguishes the similar attack paradigms such as adversarial attack and data poisoning attack,then continues to elaborate on the attack principle and outstanding features of the classic methods of backdoor attack to date.According to the working principle,the attack schemes are divided into data poisoning based attack and model poisoning based attack and others,the paper systematically summarizes them and clarify the advantages and disadvantages of current research.Then,this paper surveys the state-of-the-art works of backdoor attack against various typical applications and popular deep learning paradigms,which further reveal the threat of backdoor attack towards deep learning models.Finally,this paper summarizes the research work on applying backdoor attack characteristics to positive applications and explores the current challenges of backdoor attack,as well as discusses future research directions worthy of in-depth exploration,aiming to provide guida

关 键 词：深度学习 模型安全 后门攻击 攻击范式 数据毒化 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]