Adversarial Attacks and Defenses for Deep Learning Models

Li Minghui; Jiang Peipei; Wang Qian; Shen Chao; Li Qi

doi:10.7544/issn1000-1239.2021.20200920

Journal of Computer Research and Development > 2021 > 58(5): 909-926. > DOI: 10.7544/issn1000-1239.2021.20200920 CSTR: 32373.14.issn1000-1239.2021.20200920

Li Minghui, Jiang Peipei, Wang Qian, Shen Chao, Li Qi. Adversarial Attacks and Defenses for Deep Learning Models[J]. Journal of Computer Research and Development, 2021, 58(5): 909-926. DOI: 10.7544/issn1000-1239.2021.20200920

Citation:

PDF (1576 KB)

Adversarial Attacks and Defenses for Deep Learning Models

Li Minghui^1,2,
Jiang Peipei^1,2,
Wang Qian^1,2,
Shen Chao^3,4,
Li Qi⁵

¹(Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education (Wuhan University), Wuhan 430072)
²(School of Cyber Science and Engineering, Wuhan University, Wuhan 430072)
³(Key Laboratory for Intelligent Networks and Network Security (Xi’an Jiaotong University), Ministry of Education, Xi’an 710049)
⁴(Faculty of Electronic and Information Engineering, Xi’an Jiaotong University, Xi’an 710049)
⁵(Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084)

Funds: This work was supported by the National Key Research and Development Program of China (2020AAA0107700), the National Natural Science Foundation of China for Excellent Young Scientists (61822207), and the Key Program of the National Natural Science Foundation of China (U20B2049).

More Information

Published Date: April 30, 2021

Graphical Abstract

Abstract

Abstract

Deep learning is one of the main representatives of artificial intelligence technology, which is quietly enhancing our daily lives. However, the deployment of deep learning models has also brought potential security risks. Studying the basic theories and key technologies of attacks and defenses for deep learning models is of great significance for a deep understanding of the inherent vulnerability of the models, comprehensive protection of intelligent systems, and widespread deployment of artificial intelligence applications. This paper discusses the development and future challenges of the adversarial attacks and defenses for deep learning models from the perspective of confrontation. In this paper, we first introduce the potential threats faced by deep learning at different stages. Afterwards, we systematically summarize the progress of existing attack and defense technologies in artificial intelligence systems from the perspectives of the essential mechanism of adversarial attacks, the methods of adversarial attack generation, defensive strategies against the attacks, and the framework of the attacks and defenses. We also discuss the limitations of related research and propose an attack framework and a defense framework for guidance in building better adversarial attacks and defenses. Finally, we discuss several potential future research directions and challenges for adversarial attacks and defenses against deep learning model.
- artificial intelligence security,
- deep learning,
- adversarial attack,
- defense strategy,
- privacy protection

FullText(HTML)

References (0)

[1]	Deng Xiangtian, Qian Haifeng. Flexible Fine-Grained Authorization Public Key Encryption with Equality Test Under Standard Model[J]. Journal of Computer Research and Development, 2021, 58(10): 2222-2237. DOI: 10.7544/issn1000-1239.2021.20210596
[2]	Wu Liqiang, Yang Xiaoyuan, Zhang Minqing. Identity-Based Threshold Decryption Scheme from Lattices under the Standard Model[J]. Journal of Computer Research and Development, 2018, 55(10): 2164-2173. DOI: 10.7544/issn1000-1239.2018.20180446
[3]	Chen Ming, Yuan Shaoliang. Provably Secure Identity-Based Multi-Proxy Signature Scheme in Standard Model[J]. Journal of Computer Research and Development, 2016, 53(8): 1879-1892. DOI: 10.7544/issn1000-1239.2016.20150197
[4]	Zhang Minqing, Du Weidong, Yang Xiaoyuan, HanYiliang. A Fully Secure KP-ABE Scheme in the Standard Model[J]. Journal of Computer Research and Development, 2015, 52(8): 1893-1901. DOI: 10.7544/issn1000-1239.2015.20140605
[5]	Lu Yang and Li Jiguo. Efficient and Provably-Secure Certificate-Based Key Encapsulation Mechanism in the Standard Model[J]. Journal of Computer Research and Development, 2014, 51(7): 1497-1505.
[6]	Ge Lirong, Yu Jia, Cheng Xiangguo, Hao Rong, Zhao Huiyan, Li Meng. Strong Key-Insulated Signature Scheme Supporting Multi-Helpers in the Standard Model[J]. Journal of Computer Research and Development, 2014, 51(5): 1081-1088.
[7]	Wang Zhiwei and Zhang Wei. ID Based Signature Scheme from Strong RSA Assumption in the Standard Model[J]. Journal of Computer Research and Development, 2013, 50(2): 302-306.
[8]	Pan Jiaxin and Wang Libin. A Modular Approach Towards Design and Analysis of Authenticated Key Exchange Protocol Based on Extended Canetti-Krawczyk Model[J]. Journal of Computer Research and Development, 2011, 48(8): 1390-1399.
[9]	Wu Qing, Zhang Leyou, Hu Yupu. A New Construction of Short Hierarchical Identity-Based Signature in the Standard Model[J]. Journal of Computer Research and Development, 2011, 48(8): 1357-1362.
[10]	Ren Yongjun, Wang Jiandong, Wang Jian, Xu Dazhuan, and Zhuang Yi. Identity-Based Authenticated Key Agreement Protocols in the Standard Model[J]. Journal of Computer Research and Development, 2010, 47(9): 1604-1610.

Cited By

Cited by

Periodical cited type(9)

1.	薛庆水，时雪磊，王俊华，薛震，王晨阳. 基于属性加密的个人医疗数据共享方案. 计算机应用研究. 2023(02): 589-594+600 .
2.	刘源，柳欣，李超会，王思雨，邢玉杰. 隐私保护的电子健康档案安全共享系统. 信息技术与信息化. 2023(04): 111-114 .
3.	李雨霏，梁妍景，吴媚，陈卫宏，侯黎莉. 移动医疗在口腔癌病人延续性康复护理中的应用进展. 护理研究. 2023(11): 1961-1965 .
4.	王浩，胡艳珂，郜勇. 医院移动电子签名的应用研究. 中国卫生信息管理杂志. 2023(03): 471-474+481 .
5.	牛淑芬，宋蜜，方丽芝，王彩芬. 智慧医疗中基于属性加密的云存储数据共享. 电子与信息学报. 2022(01): 107-117 .
6.	朱文，裴小芹，徐慧. 移动医疗在压力性损伤患者中的应用进展. 中华现代护理杂志. 2022(04): 433-437 .
7.	陈春燕. 医院内网在线档案云存储隐私信息加密技术研究. 自动化技术与应用. 2022(06): 51-54+61 .
8.	韩普，顾亮，张嘉明. 隐私保护视角下医疗数据共享意愿研究——基于三方演化博弈分析. 现代情报. 2021(03): 148-158 .
9.	邓安远，史姣丽，黄定，何凯. 支持关键词隐私保护的密文共享系统. 软件导刊. 2020(10): 228-232 .