图像对抗样本检测与防御方法研究进展
Research Progress of Detection and Defense Methods for Adversarial Examples in Images
秦书晨 1王娟 2朱倪宏 1陈杨1
作者信息
- 1. 成都信息工程大学网络空间安全学院(芯谷产业学院),成都 610225
- 2. 成都信息工程大学网络空间安全学院(芯谷产业学院),成都 610225;先进微处理器技术国家工程研究中心(工业控制与安全分中心),成都 610225
- 折叠
摘要
深度神经网络在图像识别等领域取得了显著成就,但其对对抗性攻击的脆弱性对模型的安全性和可靠性构成了严重威胁.为了应对这一挑战,研究者们提出了众多图像对抗样本的检测与防御方法.将现有的方法归纳为检测方法、防御方法及检测与防御结合方法三类,并从域分类视角出发,对各类方法进行了细致的子类划分.分析了这些方法的原理、优势及局限性,为相关领域的研究者提供了比较全面的技术概览.最后,总结了对抗样本检测与防御领域当前面临的挑战,并在跨域检测防御联合框架的构建、自动化技术的引入等方面提出了具体的建议与展望.
Abstract
Deep neural networks have achieved remarkable success in fields such as image recognition.However,their vul-nerability to adversarial attacks poses a significant threat to the security and reliability of these models.To address this challenge,researchers have proposed numerous methods for the detection and defense against adversarial examples in images.This study cat-egorizes the existing methods into three main categories:detection methods,defense methods,and combined detection and defense methods.Additionally,a detailed subclassification is provided from the perspective of domain classification.The principles,advan-tages,and limitations of these methods are analyzed to offer a comprehensive technical overview for researchers in related fields.Finally,the current challenges in the field of adversarial example detection and defense are summarized,and specific sug-gestions and prospects are proposed in areas such as the construction of cross-domain detection and defense configuration and the introduction of automation technologies.
关键词
深度神经网络/图像识别/对抗样本检测与防御Key words
deep neural networks/image recognition/adversarial example detection and defense引用本文复制引用
出版年
2024
NETL
NSTL
维普
万方数据