Adversarial Attacks and Defenses for Deep Learning Models

Li Minghui; Jiang Peipei; Wang Qian; Shen Chao; Li Qi

doi:10.7544/issn1000-1239.2021.20200920

Journal of Computer Research and Development > 2021 > 58(5): 909-926. > DOI: 10.7544/issn1000-1239.2021.20200920 CSTR: 32373.14.issn1000-1239.2021.20200920

Li Minghui, Jiang Peipei, Wang Qian, Shen Chao, Li Qi. Adversarial Attacks and Defenses for Deep Learning Models[J]. Journal of Computer Research and Development, 2021, 58(5): 909-926. DOI: 10.7544/issn1000-1239.2021.20200920

Citation:

PDF (1576 KB)

Adversarial Attacks and Defenses for Deep Learning Models

Li Minghui^1,2,
Jiang Peipei^1,2,
Wang Qian^1,2,
Shen Chao^3,4,
Li Qi⁵

¹(Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education (Wuhan University), Wuhan 430072)
²(School of Cyber Science and Engineering, Wuhan University, Wuhan 430072)
³(Key Laboratory for Intelligent Networks and Network Security (Xi’an Jiaotong University), Ministry of Education, Xi’an 710049)
⁴(Faculty of Electronic and Information Engineering, Xi’an Jiaotong University, Xi’an 710049)
⁵(Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084)

Funds: This work was supported by the National Key Research and Development Program of China (2020AAA0107700), the National Natural Science Foundation of China for Excellent Young Scientists (61822207), and the Key Program of the National Natural Science Foundation of China (U20B2049).

More Information

Published Date: April 30, 2021

Graphical Abstract

Abstract

Abstract

Deep learning is one of the main representatives of artificial intelligence technology, which is quietly enhancing our daily lives. However, the deployment of deep learning models has also brought potential security risks. Studying the basic theories and key technologies of attacks and defenses for deep learning models is of great significance for a deep understanding of the inherent vulnerability of the models, comprehensive protection of intelligent systems, and widespread deployment of artificial intelligence applications. This paper discusses the development and future challenges of the adversarial attacks and defenses for deep learning models from the perspective of confrontation. In this paper, we first introduce the potential threats faced by deep learning at different stages. Afterwards, we systematically summarize the progress of existing attack and defense technologies in artificial intelligence systems from the perspectives of the essential mechanism of adversarial attacks, the methods of adversarial attack generation, defensive strategies against the attacks, and the framework of the attacks and defenses. We also discuss the limitations of related research and propose an attack framework and a defense framework for guidance in building better adversarial attacks and defenses. Finally, we discuss several potential future research directions and challenges for adversarial attacks and defenses against deep learning model.
- artificial intelligence security,
- deep learning,
- adversarial attack,
- defense strategy,
- privacy protection

FullText(HTML)

References (0)

[1]	Ren Jiarui, Zhang Haiyan, Zhu Menghan, Ma Bo. Embedding Learning Algorithm for Heterogeneous Network Based on Meta-Graph Convolution[J]. Journal of Computer Research and Development, 2022, 59(8): 1683-1693. DOI: 10.7544/issn1000-1239.20220063
[2]	Liang Xinyan, Qian Yuhua, Guo Qian, Huang Qin. Multi-Granulation Fusion-Driven Method for Many-View Classification[J]. Journal of Computer Research and Development, 2022, 59(8): 1653-1667. DOI: 10.7544/issn1000-1239.20211112
[3]	Song Rui, LiTong, Dong Xin, Ding Zhiming. A User Requirements Preference Analysis Method of Mobile Applications Based on Meta-Path Embedding[J]. Journal of Computer Research and Development, 2021, 58(4): 749-762. DOI: 10.7544/issn1000-1239.2021.20200737
[4]	Zhang Yanyong, Zhang Sha, Zhang Yu, Ji Jianmin, Duan Yifan, Huang Yitong, Peng Jie, Zhang Yuxiang. Multi-Modality Fusion Perception and Computing in Autonomous Driving[J]. Journal of Computer Research and Development, 2020, 57(9): 1781-1799. DOI: 10.7544/issn1000-1239.2020.20200255
[5]	Fan Zhengguang, Qu Dan, Yan Honggang, Zhang Wenlin. Joint Acoustic Modeling of Multi-Features Based on Deep Neural Networks[J]. Journal of Computer Research and Development, 2017, 54(5): 1036-1044. DOI: 10.7544/issn1000-1239.2017.20160031
[6]	Wang Xianghai, Wei Tingting, Zhou Zhiguang, Song Chuanming. Research of Remote Sensing Image Fusion Method Based on the Contourlet Coefficients' Correlativity[J]. Journal of Computer Research and Development, 2013, 50(8): 1778-1786.
[7]	Wu Zhiyong and Cai Lianhong. Audio-Visual Bimodal Speaker Identification Using Dynamic Bayesian Networks[J]. Journal of Computer Research and Development, 2006, 43(3): 470-475.
[8]	Chen Tao, Yi Mo, Liu Zhongxuan, and Peng Silong. Image Fusion at Similar Scale[J]. Journal of Computer Research and Development, 2005, 42(12): 2126-2130.
[9]	Xu Wei, Huang Houkuan, Wang Yingjie. An Integrated Spatio-Temporal Forecasting Approach Based on Data Fusion and Method Fusion[J]. Journal of Computer Research and Development, 2005, 42(7): 1255-1260.
[10]	Bao Fumin, Li Aiguo, Qin Zheng. Image Fusion Using SGNN[J]. Journal of Computer Research and Development, 2005, 42(3).

Cited By

Cited by

Periodical cited type(6)

1.	周权，陈民辉，卫凯俊，郑玉龙. 基于SM9的支持策略隐藏的可追踪属性签名. 计算机研究与发展. 2025(04): 1065-1074 . 本站查看
2.	茅磊. 标准模型下同态聚合签名方案在车联网中的应用研究. 无线互联科技. 2024(09): 120-125 .
3.	茅磊. 标准模型下同态签名方案的研究. 电脑知识与技术. 2024(21): 86-88 .
4.	黄振杰，林志伟. 支持一般电路的高效安全基于属性签名. 计算机研究与发展. 2023(02): 351-361 . 本站查看
5.	朱留富，李继国，赖建昌，黄欣沂，张亦辰. 基于商密SM9的属性基在线/离线签名方案. 计算机研究与发展. 2023(02): 362-370 . 本站查看
6.	李继国，朱留富，沈剑，陆阳，张亦辰. 具有强指定验证者的属性基可净化签名方案. 计算机学报. 2023(09): 1806-1819 .