摘要
深度学习技术的出现给许多领域带来了突破,被广泛地应用于多个实际场景中。在解决许多复杂问题方面,深度学习的表现已经超过了人类水平。但研究表明,深度学习模型容易受到对抗样本的攻击而产生不正确的输出,进而被攻击者加以利用,这影响到实际应用系统的可靠性和安全性。面对对抗样本的不同攻击方法,文章从模型和数据两个方面对防御方法进行了分类,总结了不同分类下防御方法的研究思路和研究进展,并给出了下一步对抗深度学习的发展方向。
The emergence of deep learning technology has brought breakthroughs in many fields,and it is widely used in multiple real-world scenarios.In terms of solving various complex problems,deep learning has outperformed humans.However,studies have shown that the deep learning model is vulnerable to attacks from adversarial examples and produces incorrect output,which is then exploited by the attacker to affect the reliability and security of the actual application system.In the face of different attack methods of adversarial examples,this paper classifies the defense methods from two aspects of model and data,summarizes the research ideas and research progress of defense methods under different classifications,and gives the development direction of the next step of adversarial deep learning.
作者
张嘉楠
赵镇东
宣晶
常晓林
Zhang Jianan;Zhao Zhendong;Xuan Jing;Chang Xiaolin(Beijing Key Laboratory of Security and Privacy in Intelligent Transportation,Beijing Jiaotong University,Beijing 100044;Beijing Jingtou Zhuoyue Technology Development Co.,Ltd,Beijing 100101;Beijing Jingtou Xin'an Technology Development Co.,Ltd,Beijing 100101)
出处
《网络空间安全》
2019年第8期93-101,共9页
Cyberspace Security
基金
国家自然科学基金项目(项目编号:U1836105)
关键词
深度学习
对抗样本
防御技术
deep learning
adversarial examples
defense technology
