【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 9733次   下载 11111 本文二维码信息
码上扫一扫!
视觉对抗样本生成技术概述
王伟,董晶,何子文,孙哲南
分享到: 微信 更多
(中国科学院自动化研究所智能感知与计算研究中心 北京 中国 100190;中国科学院自动化研究所智能感知与计算研究中心 北京 中国 100190;中国科学院大学 北京 中国 100049)
摘要:
深度学习的发明,使得人工智能技术迎来了新的机遇,再次进入了蓬勃发展期。其涉及到的隐私、安全、伦理等问题也日益受到了人们的广泛关注。以对抗样本生成为代表的新技术,直接将人工智能、特别是深度学习模型的脆弱性展示到了人们面前,使得人工智能技术在应用落地时,必须要重视此类问题。本文通过对抗样本生成技术的回顾,从信号层、内容层以及语义层三个层面,白盒攻击与黑盒攻击两个角度,简要介绍了对抗样本生成技术,目的是希望读者能够更好地发现对抗样本的本质,对机器学习模型的健壮性、安全性和可解释性研究有所启发。
关键词:  人工智能安全  对抗样本  白盒攻击  黑盒攻击  失真度量  对抗防御
DOI:10.19363/J.cnki.cn10-1380/tn.2020.02.04
投稿时间:2020-01-03修订日期:2020-02-20
基金项目:本课题得到国家自然科学基金61972395、U1736119、61772529资助。
A Brief Introduction to Visual Adversarial Samples
WANG Wei,DONG Jing,HE Ziwen,SUN Zhenan
Center for Research on Intelligent Perception and Computing, Institute of Automation, Chinese Academy of Sciences, Beijing 100190, China;Center for Research on Intelligent Perception and Computing, Institute of Automation, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China
Abstract:
With the invention of deep learning, artificial intelligence (AI) has ushered in new opportunities and is booming again. However, its privacy, security, ethics and other issues involved are also increasingly concerned by people. The adversarial samples, the vulnerability of artificial intelligence, especially deep learning models, are directly in front of us in recent years, which makes it necessary to pay attention to such problems during the practical application of AI technology. In this paper, a brief review of adversarial sample generation under white-box and black-box attack protocols is given. We summarize related techniques into three levels:signal level, content level and semantic level. We hope this paper can help readers better find the nature of the adversarial sample, which may improve the robustness, security and interpretability of the learned model.
Key words:  AI security  adversarial sample  white-box attack  black-box attack  distortion  adversarial defense