随着人工智能的迅速发展及其广泛应用,人工智能安全也开始引起人们的关注,攻击者在正常样本中增加了细微的扰动,导致人工智能深度学习模型分类判断出现错误,这种行为称为对抗样本攻击。该文综述对抗样本攻击的研究现状,研究了对抗样本攻击的经典算法:FGSM、DeepFool、JSMA、CW,分析了这几种经典对抗算法的生成对抗样本的效率及其对深度学习模型的误导效果,为对抗样本检测和防御算法设计提供理论指导。 With the rapid development of artificial intelligence and its wide application, artificial intelligence security has also begun to attract people’s attention. Attackers have added subtle disturbances in normal samples, resulting in errors in the classification and judgment of artificial intelligence deep learning models. It is called adversarial sample attacks. This paper reviews the research status of adversarial sample attacks, and studies the classic algorithms on adversarial sample attacks: FGSM, DeepFool, JSMA, CW. And the paper analyzes the efficiency of these classic attack algorithms and their misleading effect on deep learning model, in order to provide theoretical guidance for the design of adversarial sample detection and defense algorithms.
人工智能安全,深度学习,对抗攻击, Artificial Intelligence Security Deep Learning Adversarial Attacks人工智能安全
参考文献ReferencesGoodfellow, I., Yoshua, B. and Aaron, C. (2016) Deep Learning. MIT Press, Boston.Webb, S. (2018) Deep Learning for Biology. Nature, 554, 555-557. <br>https://doi.org/10.1038/d41586-018-02174-zBranson, K. (2018) A Deep (Learning) Dive into a Cell. Nature Methods, 15, 253-254.
<br>https://doi.org/10.1038/nmeth.4658Deng, Y., Bao, F., Kong, Y.Y., et al. (2017) Deep Direct Reinforcement Learning for Financial Signal Representation and Trading. IEEE Transactions on Neural Networks and Learning Sys-tems, 28, 653-664.
<br>https://doi.org/10.1109/TNNLS.2016.2522401He, Y., Zhao, N. and Yin, H.X. (2018) Integrated Networking, Caching, and Computing for Connected Vehicles: A Deep Reinforcement Learning Approach. IEEE Transactions on Ve-hicular Technology, 67, 44-55.
<br>https://doi.org/10.1109/TVT.2017.2760281Goodfellow, I., Shlens, J. and Christian, S. (2015) Explaining and Harnessing Adversarial Examples.
<br>https://arxiv.org/abs/1412.6572Thys, S., Van Ranst, W. and Goedemé, T. (2019) Fooling Automated Sur-veillance Cameras: Adversarial Patches to Attack Person Detection. <br>https://arxiv.org/pdf/1904.08653.pdfTencent Keen Security Lab. (2019) Experimental Security Research of Tesla Autopi-lot.https://keenlab.tencent.com/en/whitepapers/Experimental_Security_Research_of_Tesla_Autopilot.pdf.Papernot, N., Mcdaniel, P., Goodfellow, I., et al. (2016) Practical Black-Box Attacks against Machine Learning.
<br>https://arxiv.org/abs/1602.02697Kurakin, A., Goodfellow, I. and Bengio, S. (2018) Adversarial Examples in the Physical World.
<br>https://arxiv.org/abs/1805.10997Huang, S., Papernot, N., Goodfellow, I., Duany, Y. and Abbeel, P. (2017) Adversarial Attacks on Neural Network Policies. <br>https://arxiv.org/abs/1702.02284v1Tramer, F., Goodfellow, I., Boneh, D., et al. (2017) Ensemble Adversarial Training: Attacks and Defenses.
<br>https://arxiv.org/abs/1705.07204Moosavidezfooli, S., Fawzi, A. and Frossard, P. (2015) DeepFool: A Sim-ple and Accurate Method to Fool Deep Neural Networks. <br>https://arxiv.org/abs/1511.04599Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., BerkayCelik, Z. and Swami, A. (2016) The Limitations of Deep Learning in Ad-versarial Settings. IEEE European Symposium on Security and Privacy, Saarbrücken, 21-24 March 2016, 372-387. <br>https://doi.org/10.1109/EuroSP.2016.36Nicholas, D.W. (2017) Towards Evaluating the Robustness of Neural Networks. <br>https://arxiv.org/pdf/1608.04644.pdfBaidu xlab. AdvBox. <br>https://github.com/baidu/AdvBoxStanford Vision Lab. ImageNet. http://www.image-net.orgFawzi, A., Fawzi, O. and Frossard, P. (2015) Fundamental Limits on Adversarial Robustness.
http://www.alhusseinfawzi.info/papers/workshop_dl.pdfGuo, C., Rana, M., Cisse, M. and Maaten, L. (2018) Countering Adversarial Images Using Input Transformations.
<br>https://arxiv.org/abs/1711.00117