引用本文
  • 宣琦,周晴,崔慧,顾淳涛,徐东伟,朱佳伟,王巍,杨小牛.信号人工智能对抗攻击综合分析平台[J].信息安全学报,2021,6(4):141-148    [点击复制]
  • XUAN Qi,ZHOU Qing,CUI Hui,GU Chuntao,XU Dongwei,ZHU Jiawei,WANG Wei,YANG Xiaoniu.A Comprehensive Evaluation Platform of Adversarial Attacks on Artificial Intelligence for Signal[J].Journal of Cyber Security,2021,6(4):141-148   [点击复制]
【打印本页】 【在线阅读全文】【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 1498次   下载 1025 本文二维码信息
码上扫一扫!
信号人工智能对抗攻击综合分析平台
宣琦1, 周晴1, 崔慧1, 顾淳涛1, 徐东伟1, 朱佳伟2, 王巍2, 杨小牛1,2
0
(1.浙江工业大学网络空间安全研究院 杭州 中国 310012;2.通信信息控制和安全技术重点实验室 嘉兴 中国 314033)
摘要:
为了解决信号领域针对人工智能对抗攻击缺少全面评估的平台、针对图像人工智能对抗攻击的分析指标无法完全适用于信号领域的问题,提出了一个信号人工智能对抗攻击综合分析平台。考虑信号与图像之间的区别,从误分类、不可感知性、信号特性、计算代价4个方面着手,提出了10种攻击评价指标对当下常用的8种攻击方法进行全面的评估。研究结果表明个别攻击方法在信号上的攻击性能表现有别于图像,攻击方法的误分类与不可感知性、信号特性以及计算代价之间也存在相互限制的关系,这可以为我们更好地理解及防御此类对抗攻击提供见解。
关键词:  深度学习  对抗攻击  攻击指标  信号处理
DOI:10.19363/J.cnki.cn10-1380/tn.2021.07.10
投稿时间:2020-10-24修订日期:2020-12-23
基金项目:本课题得到国家自然科学基金(No.61973273)资助。
A Comprehensive Evaluation Platform of Adversarial Attacks on Artificial Intelligence for Signal
XUAN Qi1, ZHOU Qing1, CUI Hui1, GU Chuntao1, XU Dongwei1, ZHU Jiawei2, WANG Wei2, YANG Xiaoniu1,2
(1.Institute of Cyberspace Security, Zhejiang University of Technology, Hangzhou 310012, China;2.The Science and Technology on Communication Information Security Control Laboratory, Jiaxing 314033, China)
Abstract:
In order to cope with the lack of a platform for comprehensive evaluation of adversarial attacks on artificial intelligence (AI) methods in the area of signal, and also the evaluation indicators on images cannot be fully applicable to signals, a comprehensive evaluation platform is proposed to test the adversarial attacks on AI methods for signals. Considering the essential difference between signal and image, 10 indicators in 4 aspects (misclassification, imperceptibility, signal characteristics, and calculating cost) were proposed to comprehensively evaluate the 8 attack methods commonly used today. The results show that the performance of individual attack on signals seems to be different from that on images, and the misclassification and imperceptibility of the attack method, the signal characteristics and the calculation cost also have a mutual limitation. All of these can provide a deep insight to better understand and further defense against such adversarial attacks in the area of signal.
Key words:  deep learning  adversarial attacks  attack indicators  signal processing