期刊文献+

对抗样本生成技术综述 被引量:51

Survey on Generating Adversarial Examples
在线阅读 下载PDF
导出
摘要 如今,深度学习已被广泛应用于图像分类和图像识别的问题中,取得了令人满意的实际效果,成为许多人工智能应用的关键所在.在对于模型准确率的不断探究中,研究人员在近期提出了“对抗样本”这一概念.通过在原有样本中添加微小扰动的方法,成功地大幅度降低原有分类深度模型的准确率,实现了对于深度学习的对抗目的,同时也给深度学习的攻方提供了新的思路,对如何开展防御提出了新的要求.在介绍对抗样本生成技术的起源和原理的基础上,对近年来有关对抗样本的研究和文献进行了总结,按照各自的算法原理将经典的生成算法分成两大类——全像素添加扰动和部分像素添加扰动.之后,以目标定向和目标非定向、黑盒测试和白盒测试、肉眼可见和肉眼不可见的二级分类标准进行二次分类.同时,使用MNIST数据集对各类代表性的方法进行了实验验证,以探究各种方法的优缺点.最后总结了生成对抗样本所面临的挑战及其可以发展的方向,并就该技术的发展前景进行了探讨. Recently,deep learning has been widely used in image classification and image recognition,which has achieved satisfactory results and has become the important part of AI applications.During the continuous exploration of the accuracy of models,recent studies have proposed the concept of“adversarial examples”.By adding small perturbations to the original samples,it can greatly reduce the accuracy of the original classifier and achieve the purpose of anti-deep learning,which provides new ideas for deep learning attackers,and also puts forward new requirements for defenders.On the basis of introducing the origin and principle of generating adversarial examples,this paper summarizes the research and papers on generating adversarial examples in recent years,and divides these algorithms into two categories:entire pixel perturbation and partial pixel perturbation.Then,the secondary classification criteria(targeted and not targeted,black-box test and white-box test,visible and invisible)were used for secondary classification.At the same time,the MNIST data set is used to validate the methods,which proves the advantages and disadvantages of the various methods.Finally,this paper summarizes the challenges of generating adversarial examples and the direction of their development,and also discusses the future of them.
作者 潘文雯 王新宇 宋明黎 陈纯 PAN Wen-Wen;WANG Xin-Yu;SONG Ming-Li;CHEN Chun(School of Computer Science and Technology,Zhejiang University,Hangzhou 310027,China)
出处 《软件学报》 EI CSCD 北大核心 2020年第1期67-81,共15页 Journal of Software
基金 国家自然科学基金(61572426,61572428)。
关键词 深度学习 对抗样本生成 扰动 目标定向 目标非定向 黑盒测试 deep learning adversarial examples perturbation targeted no targeted black-box test
  • 相关文献

参考文献5

二级参考文献128

  • 1董晓霞.软件测试工程化的研究和实践[J].计算机工程与设计,2006,27(11):2008-2011. 被引量:17
  • 2朱海燕.关于两两测试的研究[J].计算机工程与设计,2006,27(15):2802-2804. 被引量:4
  • 3杨玲萍,韩阳.基于功能点分析测试设计充分性模糊评判建模[J].计算机工程与应用,2007,43(3):106-108. 被引量:4
  • 4Labrinidis A, Jagadish H V. Challenges and Opportunities with Big Data. Proc of the VLDB Endowment, 2012, 5(12) : 2032-2033.
  • 5Bizer C, Boncz P, Brodie M L, et al. The Meaningful Use of Big Data : Four Perspectives-Four Challenges. ACM SIGMOD Record, 2012, 40(4) : 56-60.
  • 6Wang F Y. A Big-Data Perspective on AI: Newton, Merton, and An- alytics Intelligence. IEEE Intelligent Systems, 2012, 27 (5) : 2-4.
  • 7Simon H A. Why Should Machines Learn?//Michalski R S, Car- bonell J G, Mitchell T M, et al. , eds. Machine Learning: An Arti- ficial Intelligence Approach. Berlin, Germany: Springer, 1983: 25 -37.
  • 8Hart P. The Condensed Nearest Neighbor Rule. IEEE Trans on In- formation Theory, 1968, 14(3) : 515-516.
  • 9Gates G. The Reduced Nearest Neighbor Rule. IEEE Trans on In- formation Theory, 1972, 18(3) : 431-433.
  • 10Brighton H, Mellish C. Advances in Instance Selection for Instance- Based Learning Algorithms. Data Mining and Knowledge Discovery, 2002, 6(2) : 153-172.

共引文献2203

同被引文献137

引证文献51

二级引证文献156

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部