A Review of Adversarial Robustness Evaluation for Image Classification
-
摘要: 近年来,以深度学习为代表的人工智能技术在金融安防、自动驾驶、医疗诊断等领域取得了较为成功的应用.然而,图像分类作为上述应用中的一项基础视觉任务,正遭受着对抗攻击等技术手段带来的巨大安全隐患.提高深度学习模型抵御对抗攻击的能力(即对抗鲁棒性)成为有效缓解该问题的可行技术途径.为了科学、全面地提升深度学习模型的对抗鲁棒性,众多学者从基准评估和指标评估2个角度围绕对抗鲁棒性评估开展了大量研究.该研究着重对上述指标评估相关研究进行综述:首先,介绍对抗样本相关概念以及存在的原因,总结提出进行对抗鲁棒性评估时需要遵循的评估准则;其次,从被攻击模型和测试数据2个维度,重点梳理和对比分析现有的主要对抗鲁棒性评估指标;而后,分析总结现阶段主流的图像分类数据集和对抗攻防集成工具,为后续开展对抗鲁棒性评估奠定基础;最后,探讨当前研究的优势和不足,以及未来潜在的研究方向.旨在为相关领域从业人员或学习者提供一个较为全面的、系统的和客观的面向图像分类的对抗鲁棒性评估指标综述.Abstract: In recent years, artificial intelligence algorithms represented by deep learning have been successfully used in the fields such as financial security, automatic driving, medical diagnosis. However, the emergence of adversarial attacks has brought huge security risks to the application of image classification, which is a basic visual task in the above fields. Improving the ability of deep learning model to resist adversarial attacks (i.e., the adversarial robustness) has become a feasible technique to effectively alleviate this problem. In order to evaluate the adversarial robustness of deep learning model scientifically and comprehensively, many scholars have carried out in-depth research on adversarial robustness evaluation from the perspectives of benchmark evaluation and index evaluation. This paper reviews the adversarial robustness mainly from the perspective of index evaluation. Firstly, we introduce the concepts related to adversarial examples and the reasons for their existence, and summarize the evaluation criteria that should be followed in the evaluation of adversarial robustness. Secondly, we focus on sorting out existing adversarial robustness evaluation indicators from two aspects of attacked model and test data. Then, the mainstream image classification datasets and the adversarial attack-defense integration tools are analyzed and summarized to lay a foundation for the follow-up relative research. Finally, the advantages and disadvantages of the current research and the potential future research direction are discussed. This paper aims to provide practitioners or learners in related fields with a comprehensive, systematic and objective overview of adversarial robustness evaluation index for image categorization.
-
-
期刊类型引用(11)
1. 安晓明,王忠勇,翟慧鹏,巩克现,王玮,孙鹏. 基于深度学习的二进制变种协议字段划分方法. 计算机工程与设计. 2024(04): 982-988 . 百度学术
2. 黄涛,王郅伟,刘家池,龙千禧,况博裕,付安民,张玉清. 工控协议安全研究综述. 通信学报. 2024(06): 60-74 . 百度学术
3. 许伟杰,邹洪,张佳发,曾子峰,江家伟. 基于模糊测试技术的工控协议安全性分析系统. 微型电脑应用. 2024(09): 250-253 . 百度学术
4. 赵起超,杨晓龙,赵文宇,刘经纬,贾磊,于潼. 基于语义级协议解析的工控网络安全监测方法. 信息安全与通信保密. 2024(09): 19-30 . 百度学术
5. 谭高升,李伟,裴彦纯,孙军,王诗蕊. 工控协议深度包解析与检测技术研究. 网络安全技术与应用. 2023(05): 1-4 . 百度学术
6. 付安民,毛安,黄涛,胡超,刘莹,张晓明,王占丰. 基于主动交互式学习的工控协议逆向分析. 西安电子科技大学学报. 2023(04): 22-33 . 百度学术
7. 况博裕,李雨泽,顾芳铭,苏铓,付安民. 车联网安全研究综述:威胁、对策与未来展望. 计算机研究与发展. 2023(10): 2304-2321 . 本站查看
8. 徐魁,海洋,李晓辉,朱承才,陶军. 未知二进制协议的报文分割方法. 计算机技术与发展. 2023(11): 119-125 . 百度学术
9. 屠雅春,许驰,杜昕宜,王倚天,夏长清,金曦. 基于字符距离聚类的未知工控协议分类方法. 计算机应用研究. 2023(12): 3696-3700+3705 . 百度学术
10. 孙彦斌,汪弘毅,田志宏,方滨兴. 工业控制系统安全防护技术发展研究. 中国工程科学. 2023(06): 126-136 . 百度学术
11. 李长连,余思阳,程驰. 基于设备流量行为的工业物联网指纹识别技术. 工业信息安全. 2022(10): 47-56 . 百度学术
其他类型引用(8)
计量
- 文章访问数: 458
- HTML全文浏览量: 12
- PDF下载量: 269
- 被引次数: 19