Survey on Detecting and Defending Adversarial Examples for Image Data

Zhang Tian; Yang Kuiwu; Wei Jianghong; Liu Yang; Ning Yuanlong

doi:10.7544/issn1000-1239.20200777

Journal of Computer Research and Development > 2022 > 59(6): 1315-1328. > DOI: 10.7544/issn1000-1239.20200777 CSTR: 32373.14.issn1000-1239.20200777

Zhang Tian, Yang Kuiwu, Wei Jianghong, Liu Yang, Ning Yuanlong. Survey on Detecting and Defending Adversarial Examples for Image Data[J]. Journal of Computer Research and Development, 2022, 59(6): 1315-1328. DOI: 10.7544/issn1000-1239.20200777

Citation:

PDF (1609 KB)

Survey on Detecting and Defending Adversarial Examples for Image Data

(Strategic Support Force Information Engineering University, Zhengzhou 450001)

Funds: This work was supported by the National Natural Science Foundation of China (61702549), the Science and Technology Program of Henan Province (172102210017), and the Frontier Foundation of Information Engineering University.

More Information

Published Date: May 31, 2022

Graphical Abstract

Abstract

Abstract

Adversarial examples, formed by adding small perturbation to the clean examples, are the current hotspot of deep neural network as a powerful security threat. At present, the researches on adversarial examples mainly focus on two points: generating adversarial examples to attack deep neural network and detecting and defending adversarial examples. So far, the researches on generating adversarial examples for images have been comprehensive while researches on detecting and defending adversarial examples haven’t yet. For the first time, we summarize and analyze the technology of detecting and defending adversarial examples based on an overview of the technology of generating adversarial examples. According to the summary of various methods of the detection and defense of adversarial examples, they can be classified from six aspects: feature learning, distribution statistics, input dissociation, adversarial training, knowledge transferring and noise reduction. We explore different technologies of detection and defense of adversarial examples, explain the principles and analyzing the application scenarios of each. Besides this, this survey researches on the relationship among different methods to introduce the evolution of detection and defense technologies of adversarial examples, analyzes the characteristics and performance of each technique, lists the advantages and disadvantages of various approaches. Also, the comprehensive evaluations of detection and defense methods are given. Finally, the current research on the detection and defense of adversarial examples is summarized and prospected.
- deep learning,
- neural network,
- adversarial examples detection,
- adversarial examples defense,
- denoising

FullText(HTML)

References (0)

[1]	Li Song, Cao Wenqi, Hao Xiaohong, Zhang Liping, Hao Zhongxiao. Collective Spatial Keyword Query Based on Time-Distance Constrained and Cost Aware[J]. Journal of Computer Research and Development, 2025, 62(3): 808-819. DOI: 10.7544/issn1000-1239.202330815
[2]	Liu Leyuan, Dai Yurou, Cao Yanan, Zhou Fan. Survey of User Geographic Location Prediction Based on Online Social Network[J]. Journal of Computer Research and Development, 2024, 61(2): 385-412. DOI: 10.7544/issn1000-1239.202220417
[3]	Zong Ming, Wang Xiaodong, and Zhou Xingming. Cost-Optimizing Adaptive Location Service Protocol in MANET[J]. Journal of Computer Research and Development, 2012, 49(12): 2515-2528.
[4]	Zheng Mingcai, Zhang Dafang, Luo Jian, Li Wenwei. Adaptive Controlling Mechanism for Data Duplicates Based on Prediction in WSN[J]. Journal of Computer Research and Development, 2011, 48(2): 296-305.
[5]	Yao Guohui, Zhu Daming, and Ma Shaohan. Approximating the Directed Minimum Degree Spanning Tree of Directed Acyclic Graph[J]. Journal of Computer Research and Development, 2009, 46(6): 1052-1057.
[6]	Xiao Fangxiong, Huang Zhiqiu, Cao Zining, Yuan Min, and Zhang Junhua. Describing and Cost Analyzing of Web Services Composition Using PPA[J]. Journal of Computer Research and Development, 2009, 46(5): 832-840.
[7]	Li Miqing, Zheng Jinhua, and Luo Biao. A Multi-Objective Evolutionary Algorithm Based on Minimum Spanning Tree[J]. Journal of Computer Research and Development, 2009, 46(5): 803-813.
[8]	Hu Caiping and Qin Xiaolin. Spatial Classification and Prediction Based on Fuzzy cmeans[J]. Journal of Computer Research and Development, 2008, 45(7): 1183-1188.
[9]	Qian Jiangbo, Xu Hongbing, Dong Yisheng, Wang Yongli, Liu Xuejun, Yang Xuemei. A Window Join Optimization Algorithm Based on Minimum Spanning Tree[J]. Journal of Computer Research and Development, 2007, 44(6): 1000-1007.
[10]	He Xiaoyang and Wang Yasha. Model-Based Methods for Software Cost Estimation[J]. Journal of Computer Research and Development, 2006, 43(5): 777-783.

Cited By

Cited by

Periodical cited type(13)

1.	张鑫，张晗，牛曼宇，姬莉霞. 计算机视觉领域对抗样本检测综述. 计算机科学. 2025(01): 345-361 .
2.	张少杰，赵李强，周静波，陈国坤，焦宗寒，杨伟，王欣，刘荣海. 电力行业无人机巡检可见光图像与激光点云数据配准方法研究. 云南电力技术. 2024(02): 70-73+80 .
3.	顾芳铭，况博裕，许亚倩，付安民. 面向自动驾驶感知系统的对抗样本攻击研究综述. 信息安全研究. 2024(09): 786-794 .
4.	武阳，刘靖. 面向图像分析领域的黑盒对抗攻击技术综述. 计算机学报. 2024(05): 1138-1178 .
5.	郭凯威，杨奎武，张万里，胡学先，刘文钊. 面向文本识别的对抗样本攻击综述. 中国图象图形学报. 2024(09): 2672-2691 .
6.	徐宇晖，潘志松，徐堃. 面向三种形态图像的对抗攻击研究综述. 计算机科学与探索. 2024(12): 3080-3099 .
7.	秦书晨，王娟，朱倪宏，陈杨. 图像对抗样本检测与防御方法研究进展. 智能安全. 2024(04): 81-95 .
8.	罗鑫，夏学知. 面向图像识别的对抗样本与攻击研究. 舰船电子工程. 2023(02): 22-29+33 .
9.	杨宏宇，杨帆. 基于图像去噪和图像生成的对抗样本检测方法. 湖南大学学报(自然科学版). 2023(08): 72-81 .
10.	张万里，陈越，杨奎武，张田，胡学先. 一种局部遮挡人脸识别的对抗样本生成方法. 计算机研究与发展. 2023(09): 2067-2079 . 本站查看
11.	刘瑞祺，李虎，王东霞，赵重阳，李博宇. 图像对抗样本防御技术研究综述. 计算机科学与探索. 2023(12): 2827-2839 .
12.	梁杰，彭长根，谭伟杰，何兴. 基于梯度惩罚WGAN的人脸对抗样本生成方法. 计算机与数字工程. 2023(11): 2659-2665 .
13.	李前，蔺琛皓，杨雨龙，沈超，方黎明. 云边端全场景下深度学习模型对抗攻击和防御. 计算机研究与发展. 2022(10): 2109-2129 . 本站查看