网络与信息安全学报2024,Vol.10Issue(2) :1-21.DOI:10.11959/j.issn.2096-109x.2024026

基于光学的物理域对抗攻防综述

Survey of optical-based physical domain adversarial attacks and defense

陈晋音 赵晓明 郑海斌 郭海锋
网络与信息安全学报2024,Vol.10Issue(2) :1-21.DOI:10.11959/j.issn.2096-109x.2024026
  • 国家科技期刊平台
  • NETL
  • NSTL
  • 万方数据

基于光学的物理域对抗攻防综述

Survey of optical-based physical domain adversarial attacks and defense

陈晋音 1赵晓明 2郑海斌 1郭海锋1
扫码查看

作者信息

  • 1. 浙江工业大学网络空间安全研究院,浙江 杭州 310023;浙江工业大学信息工程学院,浙江 杭州 310023
  • 2. 浙江工业大学信息工程学院,浙江 杭州 310023
  • 折叠

摘要

对抗攻击是指通过在原始输入中植入人眼无法察觉的微小扰动,误导深度学习模型做出错误预测的攻击.与数字域对抗攻击相比,物理域对抗攻击可实现对抗性输入被采集设备捕获并转换为视觉系统内的二值图像之前,将扰动引入输入,对基于深度学习的计算机视觉系统构成了实际安全威胁.基于光学的物理域对抗攻击技术(如使用投影照射)作为一种典型的非侵入性攻击,由于其扰动与现实世界中自然环境产生的影响非常相似,更容易被忽略,从而疏于防护.鉴于它们具有高度的不可见性和可执行性,可对实际系统构成重大甚至致命的威胁.基于现有研究工作,重点介绍和讨论了计算机视觉系统中基于光学的物理域对抗攻击技术,并对现有技术在攻击场景、攻击手段、攻击目标、攻击效果等方面展开详细分析,最后探讨了基于光学的物理域对抗攻击未来潜在研究方向.

Abstract

Deep learning models are misled into making false predictions by adversarial attacks that implant tiny perturbations into the original input,which are imperceptible to the human eye.This poses a huge security threat to computer vision systems that are based on deep learning.Compared to digital-domain adversarial attacks,physical-domain adversarial attacks are enabled to introduce perturbations into the input before the adversarial input is captured by the acquisition device and converted into a binary image within the vision system,posing a real security threat to deep learning-based computer vision systems.Optical-based physical-domain adversarial attack techniques,such as those using projected irradiation as a typical example,are more likely to be overlooked and provided negligible protection due to their perturbations being very similar to effects produced by natural environments in the real world.Given their high degree of invisibility and executability,they could pose a significant or even fatal threat to real systems.Based on existing research work,the introduction and discussion of optical-based physical-domain adversarial attack techniques within computer vision systems were presented.The attack scenarios,tools,goals,and performances of these techniques were compared and analyzed.Potential future research directions for optical-based physical-domain adversarial attacks were also discussed.

关键词

对抗攻击/深度学习/安全威胁/光学物理域对抗攻击

Key words

adversarial attack/deep learning/security threat/optical physical domain adversarial attack

引用本文复制引用

基金项目

国家自然科学基金(62072406)

浙江省自然科学基金(LDQ23F020001)

出版年

2024
网络与信息安全学报
人民邮电出版社

网络与信息安全学报

CSTPCD
ISSN:2096-109X
参考文献量115
段落导航相关论文