| 引用本文: |
-
梁宇航,林政,王雷,何原野,王伟平.文本中的对抗攻击与防御综述[J].信息安全学报,已采用 [点击复制]
- LIANG Yuhang,LIN Zheng,WANG Lei,HE Yuanye,WANG Weiping.A Survey on Adversarial Attacks and Defenses in Text Domain[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 深度神经网络(Deep Neural Networks, DNNs)在计算机视觉、语音识别和自然语言处理等领域取得了非常不错的成就。在图像分类、语音识别和文本分类等任务中,DNNs的准确率甚至超越了人类。然而,近几年的研究表明,DNN模型非常容易受到对抗样本的攻击,只需在正常输入中加入微小不可察觉的扰动,就能导致DNN模型错误的预测。在计算机视觉领域中对抗攻击和防御已经得到了广泛的研究,但在文本领域中的研究还有些不够,很多视觉领域的方法并不能直接应用于文本,尤其是文本离散的特点使得攻击和防御更有挑战性,也有更多的研究空间。本文全面介绍了文本领域中的对抗攻击与防御以及一些相关工作。具体来说,本文首先从不同的角度对文本中的对抗攻击与防御进行了分类,然后介绍了相应的工作和最新进展,最后本文讨论了文本领域对抗攻击与防御存在的挑战,并提出了这一新兴领域未来可能的研究方向。 |
| 关键词: 深度神经网络 对抗样本 对抗攻击与防御 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2023.08.11 |
| 投稿时间:2021-01-29修订日期:2021-04-26 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目) |
|
| A Survey on Adversarial Attacks and Defenses in Text Domain |
|
LIANG Yuhang, LIN Zheng, WANG Lei, HE Yuanye, WANG Weiping
|
| (Institute of Information Engineering,Chinese Academy of Sciences) |
| Abstract: |
| Deep neural networks (DNNs) have achieved remarkable results in fields such as computer vision, speech recogni-tion, and natural language processing. The accuracy rate of DNNs has even surpassed that of humans. However, re-searches in recent years have shown that DNNs are highly vulnerable to adversarial examples which can lead to incorrect predictions by adding small and imperceptible perturbations to the normal inputs. The adversarial attacks and defenses have been well studied in the field of computer vision, but researches in text domain are still insuffi-cient. Many methods in computer vision domain cannot be directly applied to texts. Especially the input space of texts is discrete which makes attacks and defenses more challenging. So there is still lots of research potentials in this field. This article presents a comprehensive introduction of adversarial attacks and defenses in text domain to-gether with some related work. Specifically, we first classify the adversarial attacks and defenses in texts from dif-ferent perspectives, then we present the corresponding works and recent advances. Finally we discuss the existing challenges of adversarial attacks and defenses in text domain and present the possible future research directions in this emerging field. |
| Key words: deep neural networks adversarial examples adversarial attacks and defenses |
