A Review of Adversarial Robustness Evaluation for Image Classification
-
摘要: 近年来,以深度学习为代表的人工智能技术在金融安防、自动驾驶、医疗诊断等领域取得了较为成功的应用.然而,图像分类作为上述应用中的一项基础视觉任务,正遭受着对抗攻击等技术手段带来的巨大安全隐患.提高深度学习模型抵御对抗攻击的能力(即对抗鲁棒性)成为有效缓解该问题的可行技术途径.为了科学、全面地提升深度学习模型的对抗鲁棒性,众多学者从基准评估和指标评估2个角度围绕对抗鲁棒性评估开展了大量研究.该研究着重对上述指标评估相关研究进行综述:首先,介绍对抗样本相关概念以及存在的原因,总结提出进行对抗鲁棒性评估时需要遵循的评估准则;其次,从被攻击模型和测试数据2个维度,重点梳理和对比分析现有的主要对抗鲁棒性评估指标;而后,分析总结现阶段主流的图像分类数据集和对抗攻防集成工具,为后续开展对抗鲁棒性评估奠定基础;最后,探讨当前研究的优势和不足,以及未来潜在的研究方向.旨在为相关领域从业人员或学习者提供一个较为全面的、系统的和客观的面向图像分类的对抗鲁棒性评估指标综述.Abstract: In recent years, artificial intelligence algorithms represented by deep learning have been successfully used in the fields such as financial security, automatic driving, medical diagnosis. However, the emergence of adversarial attacks has brought huge security risks to the application of image classification, which is a basic visual task in the above fields. Improving the ability of deep learning model to resist adversarial attacks (i.e., the adversarial robustness) has become a feasible technique to effectively alleviate this problem. In order to evaluate the adversarial robustness of deep learning model scientifically and comprehensively, many scholars have carried out in-depth research on adversarial robustness evaluation from the perspectives of benchmark evaluation and index evaluation. This paper reviews the adversarial robustness mainly from the perspective of index evaluation. Firstly, we introduce the concepts related to adversarial examples and the reasons for their existence, and summarize the evaluation criteria that should be followed in the evaluation of adversarial robustness. Secondly, we focus on sorting out existing adversarial robustness evaluation indicators from two aspects of attacked model and test data. Then, the mainstream image classification datasets and the adversarial attack-defense integration tools are analyzed and summarized to lay a foundation for the follow-up relative research. Finally, the advantages and disadvantages of the current research and the potential future research direction are discussed. This paper aims to provide practitioners or learners in related fields with a comprehensive, systematic and objective overview of adversarial robustness evaluation index for image categorization.
-
-
期刊类型引用(4)
1. 杨志勇,卢超,王俊杰. Wi-HFM:基于WiFi信道特征的人流量监测方法. 计算机研究与发展. 2025(03): 720-732 . 
本站查看
2. 刘影,胡梦圆,钱志鸿. 基于Wi-Fi子载波互信息的人体呼吸感知系统. 通信学报. 2024(02): 240-253 . 百度学术
3. 曹晨阳,杨晓东,段鹏松. WiDoor:一种近距离非接触式身份识别方法. 计算机科学. 2023(04): 388-396 . 百度学术
4. 丁晓慧,周磊. Wi-Fi动作识别在室内入侵检测中的应用. 科技创新与应用. 2023(24): 64-67 . 百度学术
其他类型引用(13)
计量
- 文章访问数: 458
- HTML全文浏览量: 12
- PDF下载量: 269
- 被引次数: 17
下载:
