ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2021, Vol. 58 ›› Issue (5): 909-926.doi: 10.7544/issn1000-1239.2021.20200920

Special Issue: 2021人工智能安全与隐私保护技术专题

Previous Articles     Next Articles

Adversarial Attacks and Defenses for Deep Learning Models

Li Minghui1,2, Jiang Peipei1,2, Wang Qian1,2, Shen Chao3,4, Li Qi5   

  1. 1(Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education (Wuhan University), Wuhan 430072);2(School of Cyber Science and Engineering, Wuhan University, Wuhan 430072);3(Key Laboratory for Intelligent Networks and Network Security (Xi’an Jiaotong University), Ministry of Education, Xi’an 710049);4(Faculty of Electronic and Information Engineering, Xi’an Jiaotong University, Xi’an 710049);5(Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084)
  • Online:2021-05-01
  • Supported by: 
    This work was supported by the National Key Research and Development Program of China (2020AAA0107700), the National Natural Science Foundation of China for Excellent Young Scientists (61822207), and the Key Program of the National Natural Science Foundation of China (U20B2049).

Abstract: Deep learning is one of the main representatives of artificial intelligence technology, which is quietly enhancing our daily lives. However, the deployment of deep learning models has also brought potential security risks. Studying the basic theories and key technologies of attacks and defenses for deep learning models is of great significance for a deep understanding of the inherent vulnerability of the models, comprehensive protection of intelligent systems, and widespread deployment of artificial intelligence applications. This paper discusses the development and future challenges of the adversarial attacks and defenses for deep learning models from the perspective of confrontation. In this paper, we first introduce the potential threats faced by deep learning at different stages. Afterwards, we systematically summarize the progress of existing attack and defense technologies in artificial intelligence systems from the perspectives of the essential mechanism of adversarial attacks, the methods of adversarial attack generation, defensive strategies against the attacks, and the framework of the attacks and defenses. We also discuss the limitations of related research and propose an attack framework and a defense framework for guidance in building better adversarial attacks and defenses. Finally, we discuss several potential future research directions and challenges for adversarial attacks and defenses against deep learning model.

Key words: artificial intelligence security, deep learning, adversarial attack, defense strategy, privacy protection

CLC Number: