面向图像数据的对抗样本检测与防御技术综述

Survey on Detecting and Defending Adversarial Examples for Image Data

对抗样本是当前深度学习神经网络研究的热点问题.目前,对抗样本技术的研究主要分为2方面:生成攻击、检测防御.在总结对抗样本生成攻击技术的基础上,面向图像数据的对抗样本检测与防御技术综述从对抗样本的检测与防御的角度对面向图像数据的对抗样本防御技术进行了总结.综述从特征学习、分布统计、输入解离、对抗训练、知识迁移及降噪6个方面将检测与防御技术进行归类,介绍检测与防御技术的演进,分析其特点、性能,对比不同技术的优缺点,给出了检测效果和防御效果的综合评价.最后对当前该领域的研究情况进行了总结与展望.

Adversarial examples,formed by adding small perturbation to the clean examples,are the current hotspot of deep neural network as a powerful security threat.At present,the researches on adversarial examples mainly focus on two points:generating adversarial examples to attack deep neural network and detecting and defending adversarial examples.So far,the researches on generating adversarial examples for images have been comprehensive while researches on detecting and defending adversarial examples haven’t yet.For the first time,we summarize and analyze the technology of detecting and defending adversarial examples based on an overview of the technology of generating adversarial examples.According to the summary of various methods of the detection and defense of adversarial examples,they can be classified from six aspects:feature learning,distribution statistics,input dissociation,adversarial training,knowledge transferring and noise reduction.We explore different technologies of detection and defense of adversarial examples,explain the principles and analyzing the application scenarios of each.Besides this,this survey researches on the relationship among different methods to introduce the evolution of detection and defense technologies of adversarial examples,analyzes the characteristics and performance of each technique,lists the advantages and disadvantages of various approaches.Also,the comprehensive evaluations of detection and defense methods are given.Finally,the current research on the detection and defense of adversarial examples is summarized and prospected.