A Review of Adversarial Robustness Evaluation for Image Classification
-
摘要: 近年来,以深度学习为代表的人工智能技术在金融安防、自动驾驶、医疗诊断等领域取得了较为成功的应用.然而,图像分类作为上述应用中的一项基础视觉任务,正遭受着对抗攻击等技术手段带来的巨大安全隐患.提高深度学习模型抵御对抗攻击的能力(即对抗鲁棒性)成为有效缓解该问题的可行技术途径.为了科学、全面地提升深度学习模型的对抗鲁棒性,众多学者从基准评估和指标评估2个角度围绕对抗鲁棒性评估开展了大量研究.该研究着重对上述指标评估相关研究进行综述:首先,介绍对抗样本相关概念以及存在的原因,总结提出进行对抗鲁棒性评估时需要遵循的评估准则;其次,从被攻击模型和测试数据2个维度,重点梳理和对比分析现有的主要对抗鲁棒性评估指标;而后,分析总结现阶段主流的图像分类数据集和对抗攻防集成工具,为后续开展对抗鲁棒性评估奠定基础;最后,探讨当前研究的优势和不足,以及未来潜在的研究方向.旨在为相关领域从业人员或学习者提供一个较为全面的、系统的和客观的面向图像分类的对抗鲁棒性评估指标综述.Abstract: In recent years, artificial intelligence algorithms represented by deep learning have been successfully used in the fields such as financial security, automatic driving, medical diagnosis. However, the emergence of adversarial attacks has brought huge security risks to the application of image classification, which is a basic visual task in the above fields. Improving the ability of deep learning model to resist adversarial attacks (i.e., the adversarial robustness) has become a feasible technique to effectively alleviate this problem. In order to evaluate the adversarial robustness of deep learning model scientifically and comprehensively, many scholars have carried out in-depth research on adversarial robustness evaluation from the perspectives of benchmark evaluation and index evaluation. This paper reviews the adversarial robustness mainly from the perspective of index evaluation. Firstly, we introduce the concepts related to adversarial examples and the reasons for their existence, and summarize the evaluation criteria that should be followed in the evaluation of adversarial robustness. Secondly, we focus on sorting out existing adversarial robustness evaluation indicators from two aspects of attacked model and test data. Then, the mainstream image classification datasets and the adversarial attack-defense integration tools are analyzed and summarized to lay a foundation for the follow-up relative research. Finally, the advantages and disadvantages of the current research and the potential future research direction are discussed. This paper aims to provide practitioners or learners in related fields with a comprehensive, systematic and objective overview of adversarial robustness evaluation index for image categorization.
-
-
期刊类型引用(13)
1. 孙文举,李清勇,张靖,王丹羽,王雯,耿阳李敖. 基于深度神经网络的增量学习研究综述. 数据分析与知识发现. 2025(01): 1-30 . 
百度学术
2. 谢家晨,刘波,林伟伟,郑剑文. 联邦增量学习研究综述. 计算机科学. 2025(03): 377-384 . 百度学术
3. 徐岸,吴永明,郑洋. 自适应特征整合与参数优化的类增量学习方法. 计算机工程与应用. 2024(03): 220-227 . 百度学术
4. 马旭淼,徐德. 机器人增量学习研究综述. 控制与决策. 2024(05): 1409-1423 . 百度学术
5. 姚红革,邬子逸,马姣姣,石俊,程嗣怡,陈游,喻钧,姜虹. 避免近期偏好的自学习掩码分区增量学习. 软件学报. 2024(07): 3428-3453 . 百度学术
6. 徐岸,吴永明,郑洋. 基于自监督与蒸馏约束的正则化类增量学习方法. 计算机辅助设计与图形学学报. 2024(05): 775-785 . 百度学术
7. 朱觐镳,吴一帆,王东署. 智能体记忆引导的学习与决策:海马体记忆回放的视角. 控制理论与应用. 2024(10): 1753-1764 . 百度学术
8. 王伟,张志莹,郭杰龙,兰海,俞辉,魏宪. 基于脑启发的类增量学习. 计算机应用研究. 2023(03): 671-675+688 . 百度学术
9. 朱飞,张煦尧,刘成林. 类别增量学习研究进展和性能评价. 自动化学报. 2023(03): 635-660 . 百度学术
10. 吴楚,王士同. 任务相似度引导的渐进深度神经网络及其学习. 计算机科学与探索. 2023(05): 1126-1138 . 百度学术
11. 孙家辉,马骊溟. 持续学习算法在车辆目标识别上的应用. 汽车实用技术. 2023(15): 73-81 . 百度学术
12. 孙泽群,崔员宁,胡伟. 基于链接实体回放的多源知识图谱终身表示学习. 软件学报. 2023(10): 4501-4517 . 百度学术
13. 郭广慧,钟世华,李三忠,丰成友,戴黎明,索艳慧,刘嘉情,牛警徽,黄宇,薛梓萌. 运用机器学习和锆石微量元素构建花岗岩成矿潜力判别图解:以东昆仑祁漫塔格为例. 西北地质. 2023(06): 57-70 . 百度学术
其他类型引用(16)
计量
- 文章访问数: 458
- HTML全文浏览量: 12
- PDF下载量: 269
- 被引次数: 29
下载:
