Review on black-box transfer attacks towards deep learning-based vision recognition models
With the rapid development of deep learning,numerous tasks in the field of vision have been effectively achieved.With the increasing performance,the emergence of adversarial samples has inspired reflections on the reliability and security of deep learning.Compared with the early white-box attacks,black-box transfer attacks do not need to gather sensitive information of a victim model such as its network architecture,weights,and so on,and therefore,they are not easy to perceive and relatively more challenging.It is noted that the current literature mainly concentrates on a comprehensive survey of adversarial attacks or both adversarial attacks and defenses,and a specific,detailed review on black-box transfer attacks is quite limited.Thus,this paper presents a comprehensive overview and summary of the latest progress on black-box transfer attacks.Firstly,the foundations of black-box transfer attacks are introduced from both optimization-based and learning-based perspectives.As to the optimization-based transfer attacks,the existing methods are categorized and analyzed in terms of three aspects:gradient perturbation update,sample neighborhood augmentation,and model decision agent.As to the learning-based transfer attacks,the existing methods are further reviewed and analyzed in terms of generic perturbation and generative perturbation.Finally,two cores of current black-box transfer attack methods are summarized,i.e.,smoothness of the optimal solution and the guidance of feature semantics.It is also pointed out that the crucial direction of future work should be the interpretability and generalization of transfer perturbations.
transfer attackadversarial attackblack-box attackdeep learningoptimization attacklearning attack
万方数据
维普
