A Review of Adversarial Robustness Evaluation for Image Classification
-
摘要: 近年来,以深度学习为代表的人工智能技术在金融安防、自动驾驶、医疗诊断等领域取得了较为成功的应用.然而,图像分类作为上述应用中的一项基础视觉任务,正遭受着对抗攻击等技术手段带来的巨大安全隐患.提高深度学习模型抵御对抗攻击的能力(即对抗鲁棒性)成为有效缓解该问题的可行技术途径.为了科学、全面地提升深度学习模型的对抗鲁棒性,众多学者从基准评估和指标评估2个角度围绕对抗鲁棒性评估开展了大量研究.该研究着重对上述指标评估相关研究进行综述:首先,介绍对抗样本相关概念以及存在的原因,总结提出进行对抗鲁棒性评估时需要遵循的评估准则;其次,从被攻击模型和测试数据2个维度,重点梳理和对比分析现有的主要对抗鲁棒性评估指标;而后,分析总结现阶段主流的图像分类数据集和对抗攻防集成工具,为后续开展对抗鲁棒性评估奠定基础;最后,探讨当前研究的优势和不足,以及未来潜在的研究方向.旨在为相关领域从业人员或学习者提供一个较为全面的、系统的和客观的面向图像分类的对抗鲁棒性评估指标综述.Abstract: In recent years, artificial intelligence algorithms represented by deep learning have been successfully used in the fields such as financial security, automatic driving, medical diagnosis. However, the emergence of adversarial attacks has brought huge security risks to the application of image classification, which is a basic visual task in the above fields. Improving the ability of deep learning model to resist adversarial attacks (i.e., the adversarial robustness) has become a feasible technique to effectively alleviate this problem. In order to evaluate the adversarial robustness of deep learning model scientifically and comprehensively, many scholars have carried out in-depth research on adversarial robustness evaluation from the perspectives of benchmark evaluation and index evaluation. This paper reviews the adversarial robustness mainly from the perspective of index evaluation. Firstly, we introduce the concepts related to adversarial examples and the reasons for their existence, and summarize the evaluation criteria that should be followed in the evaluation of adversarial robustness. Secondly, we focus on sorting out existing adversarial robustness evaluation indicators from two aspects of attacked model and test data. Then, the mainstream image classification datasets and the adversarial attack-defense integration tools are analyzed and summarized to lay a foundation for the follow-up relative research. Finally, the advantages and disadvantages of the current research and the potential future research direction are discussed. This paper aims to provide practitioners or learners in related fields with a comprehensive, systematic and objective overview of adversarial robustness evaluation index for image categorization.
-
-
期刊类型引用(13)
1. 张鑫,张晗,牛曼宇,姬莉霞. 计算机视觉领域对抗样本检测综述. 计算机科学. 2025(01): 345-361 . 百度学术
2. 张少杰,赵李强,周静波,陈国坤,焦宗寒,杨伟,王欣,刘荣海. 电力行业无人机巡检可见光图像与激光点云数据配准方法研究. 云南电力技术. 2024(02): 70-73+80 . 百度学术
3. 顾芳铭,况博裕,许亚倩,付安民. 面向自动驾驶感知系统的对抗样本攻击研究综述. 信息安全研究. 2024(09): 786-794 . 百度学术
4. 武阳,刘靖. 面向图像分析领域的黑盒对抗攻击技术综述. 计算机学报. 2024(05): 1138-1178 . 百度学术
5. 郭凯威,杨奎武,张万里,胡学先,刘文钊. 面向文本识别的对抗样本攻击综述. 中国图象图形学报. 2024(09): 2672-2691 . 百度学术
6. 徐宇晖,潘志松,徐堃. 面向三种形态图像的对抗攻击研究综述. 计算机科学与探索. 2024(12): 3080-3099 . 百度学术
7. 秦书晨,王娟,朱倪宏,陈杨. 图像对抗样本检测与防御方法研究进展. 智能安全. 2024(04): 81-95 . 百度学术
8. 罗鑫,夏学知. 面向图像识别的对抗样本与攻击研究. 舰船电子工程. 2023(02): 22-29+33 . 百度学术
9. 杨宏宇,杨帆. 基于图像去噪和图像生成的对抗样本检测方法. 湖南大学学报(自然科学版). 2023(08): 72-81 . 百度学术
10. 张万里,陈越,杨奎武,张田,胡学先. 一种局部遮挡人脸识别的对抗样本生成方法. 计算机研究与发展. 2023(09): 2067-2079 . 本站查看
11. 刘瑞祺,李虎,王东霞,赵重阳,李博宇. 图像对抗样本防御技术研究综述. 计算机科学与探索. 2023(12): 2827-2839 . 百度学术
12. 梁杰,彭长根,谭伟杰,何兴. 基于梯度惩罚WGAN的人脸对抗样本生成方法. 计算机与数字工程. 2023(11): 2659-2665 . 百度学术
13. 李前,蔺琛皓,杨雨龙,沈超,方黎明. 云边端全场景下深度学习模型对抗攻击和防御. 计算机研究与发展. 2022(10): 2109-2129 . 本站查看
其他类型引用(15)
计量
- 文章访问数: 446
- HTML全文浏览量: 12
- PDF下载量: 262
- 被引次数: 28