上海交通大学 上海市信息安全综合管理技术研究重点实验室;电子信息与电气工程学院, 上海 200240
通讯作者:
李建华,男,教授,博士生导师,电话(Tel.):021-62932899;lijh888@sjtu.edu.cn作者简介:
易平(1969-),男,河南省洛阳市人,副教授,现主要从事人工智能安全研究.基金资助:
国家自然科学基金(61571290, 61431008), 上海市临床技能与临床创新三年行动计划(16CR2042B)资助项目Adversarial Attacks in Artificial Intelligence: A Survey
YI Ping,WANG Kedi,HUANG Cheng,GU Shuangchi,ZOU Futai,LI JianhuaShanghai Key Laboratory of Integrated Administration Technologies for Information Security; School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240, China
摘要/Abstract
摘要: 随着人工智能的广泛应用,人工智能安全也开始引起人们的关注,其中人工智能对抗攻击已经成为人工智能安全研究热点.为此,介绍了对抗攻击的概念和产生对抗样本的原因,主要因为模型判断边界与真实系统边界的不一致导致对抗空间的存在;论述了几种经典生成对抗样本的方法,包括快速梯度和雅克比映射攻击,对抗攻击的主要思路是寻找模型梯度变化最快方向,按这个方向加入扰动从而导致模型误判;论述了检测对抗攻击的方法和对抗攻击的防御方法,并提出未来的一些研究方向.
关键词: 人工智能, 人工智能安全, 深度学习, 对抗攻击, 对抗学习
Abstract: With the widespread use of artificial intelligence, artificial intelligence security has drawn public attention. The research on adversarial attacks in artificial intelligence has become a hotspot of artificial intelligence security. This paper first introduces the concept of adversarial attacks and the causes of adversarial attacks. The main reason is that the inconsistency between the model boundary and the real boundary leads to the existence of adversarial space. This paper review the works that design adversarial attacks, detect methods and defense methods agaisnt the attacks. The adversarial attacks including FGSM and JSMA attacks, the main idea of the attacks is to find the fast gradient direction of the model, adding perturbation according the direction and causing model misjudgment. Finally, some future research directions are proposed.
Key words: artificial intelligence, artificial intelligence security, deep learning, adversarial attack, adversarial learning
PDF全文下载地址:
点我下载PDF