摘要: |
为了解决信号领域针对人工智能对抗攻击缺少全面评估的平台、针对图像人工智能对抗攻击的分析指标无法完全适用于信号领域的问题,提出了一个信号人工智能对抗攻击综合分析平台。考虑信号与图像之间的区别,从误分类、不可感知性、信号特性、计算代价4个方面着手,提出了10种攻击评价指标对当下常用的8种攻击方法进行全面的评估。研究结果表明个别攻击方法在信号上的攻击性能表现有别于图像,攻击方法的误分类与不可感知性、信号特性以及计算代价之间也存在相互限制的关系,这可以为我们更好地理解及防御此类对抗攻击提供见解。 |
关键词: 深度学习 对抗攻击 攻击指标 信号处理 |
DOI:10.19363/J.cnki.cn10-1380/tn.2021.07.10 |
Received:October 24, 2020Revised:December 23, 2020 |
基金项目:本课题得到国家自然科学基金(No.61973273)资助。 |
|
A Comprehensive Evaluation Platform of Adversarial Attacks on Artificial Intelligence for Signal |
XUAN Qi,ZHOU Qing,CUI Hui,GU Chuntao,XU Dongwei,ZHU Jiawei,WANG Wei,YANG Xiaoniu |
Institute of Cyberspace Security, Zhejiang University of Technology, Hangzhou 310012, China;The Science and Technology on Communication Information Security Control Laboratory, Jiaxing 314033, China |
Abstract: |
In order to cope with the lack of a platform for comprehensive evaluation of adversarial attacks on artificial intelligence (AI) methods in the area of signal, and also the evaluation indicators on images cannot be fully applicable to signals, a comprehensive evaluation platform is proposed to test the adversarial attacks on AI methods for signals. Considering the essential difference between signal and image, 10 indicators in 4 aspects (misclassification, imperceptibility, signal characteristics, and calculating cost) were proposed to comprehensively evaluate the 8 attack methods commonly used today. The results show that the performance of individual attack on signals seems to be different from that on images, and the misclassification and imperceptibility of the attack method, the signal characteristics and the calculation cost also have a mutual limitation. All of these can provide a deep insight to better understand and further defense against such adversarial attacks in the area of signal. |
Key words: deep learning adversarial attacks attack indicators signal processing |